AEVS

Product Introduction

1. Definition: AEVS (Agent Execution Verification System) is an open-source, drop-in software development kit (SDK) designed to provide cryptographic proof of execution for AI agent actions. It functions as a verification layer that intercepts and records every tool call made by an autonomous agent.
2. Core Value Proposition: AEVS exists to solve the problem of unverified agent actions by generating tamper-evident, signed execution receipts for every tool invocation. It provides irrefutable proof of what an AI agent actually did, moving beyond fragile chat logs and unverifiable model text to create a secure audit trail for agent operations.

Main Features

1. Drop-in SDK Integration: AEVS is implemented as a simple library that sits between an AI agent and its tools. It requires minimal code changes—using aevs.configure() and aevs.enable()—to begin automatically intercepting tool calls from supported frameworks like LangChain and MCP, without requiring modifications to the existing tool implementations.
2. Tamper-Evident Receipt Generation: For every captured tool call, the system generates a cryptographic receipt containing the tool name, exact inputs, output, execution status, timing, and framework context. Each receipt is individually signed using ECDSA P-256 with a KMS-backed key and cryptographically linked to the previous receipt in a hash chain, ensuring the integrity of the entire execution sequence.
3. Independent Verification & Visibility Control: Receipts can be independently verified via a public API endpoint (/v1/receipts/verify/<reference_id>) or browsed through an online explorer interface. Users control data exposure with three visibility modes: public (full payloads on explorer), private (payloads hidden publicly, redacted on explorer), and proof_only (no payloads stored, only hashes), catering to different compliance and audit requirements.

Problems Solved

1. Pain Point: AEVS addresses the critical issue of "model text is not proof of execution." Without it, organizations cannot reliably verify the exact actions an AI agent performed, leading to risks in security, compliance, and debugging. Traditional logs and chat histories are not cryptographically secured, are prone to gaps, and do not provide portable, independently verifiable proof.
2. Target Audience: The primary users are AI/ML developers building production agent stacks, DevOps and security teams requiring audit trails, compliance officers in regulated industries (e.g., finance, healthcare), and platform engineers integrating autonomous agents.
3. Use Cases: Essential for financial transaction processing (e.g., verifying a payment tool call), automated system administration where actions must be auditable, healthcare or legal automation requiring proof of procedure, and any scenario where an AI agent's autonomous decision must be validated against a trusted record.

Unique Advantages

1. Differentiation: Unlike relying on application-level logging or model output interpretation, AEVS provides cryptographically signed, third-party-verifiable proof of tool execution that is framework-agnostic and tamper-evident. It creates a standalone proof layer independent of the agent's own reasoning or logging infrastructure.
2. Key Innovation: The core innovation is the implementation of a cryptographically chained, signed receipt for each individual tool invocation. This creates an immutable audit log where any alteration or missing entry in the sequence is immediately detectable, providing a higher assurance of execution integrity than traditional monitoring.

Frequently Asked Questions (FAQ)

1. How does AEVS prove an AI agent's tool call was executed correctly? AEVS does not verify business logic correctness but proves execution integrity. It captures the exact tool, inputs, and outputs for each call, signs them cryptographically, and links them in a hash chain. Anyone with the reference ID can independently verify via the API that the recorded call happened exactly as logged and was not tampered with.
2. What does "tamper-evident" mean in the context of AEVS receipts? It means each receipt is digitally signed and its hash is included in the next receipt's data. Any modification to a receipt's contents (like altering the output) would break the cryptographic signature and the chain's integrity, making the tampering immediately detectable during verification.
3. Is AEVS compatible with major AI frameworks like LangChain? Yes, AEVS is designed as a drop-in solution. It includes explicit support for LangChain (version 0.2+) and Model Context Protocol (MCP 1.20+), with a framework auto-detection feature. It is a Python SDK (Python 3.10-3.13) that can be installed via pip.
4. Can I use AEVS without exposing sensitive data from tool inputs/outputs? Yes. AEVS offers three visibility levels: proof_only is the strictest mode where payloads are never stored—only cryptographic hashes and metadata are retained, ensuring no sensitive data is persisted. The private mode stores full payloads only for your account but shows them as redacted on the public explorer.
5. How do I verify a receipt if I don't have an account? Verification is public and does not require an account. You can use the direct verification API by providing the receipt's reference_id, or use the online explorer to search for and view the receipt's verification status and chain details.