AI agent audit trail

Know exactly what your AI agent did

Your agents send emails, trigger payments, and modify data. AgentReceipt captures every action as a tamper-proof receipt. When something goes wrong, you have proof.

Start for freeSee a sample receipt

The problem

Agents act. Nobody knows what they did.

Agents take real actions

Your AI agents approve expenses, send emails, update records, and trigger payments. These are not suggestions. They are real actions with real consequences.

No readable record exists

When something goes wrong, there is no agent action log a non-technical person can read. No receipt you can hand to your compliance team or your customer.

Audits need answers

Wrong payment to the wrong vendor. An email sent to the wrong customer. Your audit asks what your AI did last Tuesday. You need to be able to answer.

How it works

Three steps. Five minutes.

1

Add three lines of code

Install the SDK and wrap your AI client. No config files, no extra infrastructure. Three lines and you have full agent observability, capturing every action automatically.

agent.ts
import { createClient } from "@agentreceipt/sdk";

const ar = createClient({ apiKey: "ar_..." });
const openai = ar.wrapOpenAI(new OpenAI(), { sessionName: "Process invoice #441" });

Works with OpenAI, Anthropic, Gemini, Mistral, and the Vercel AI SDK.

2

Your agent runs as usual

Every LLM call, tool call, and decision is captured automatically as an LLM audit log. Your agent code does not change. If the SDK cannot reach our servers, it fails silently. Your agent keeps running.

3

View the receipt

Open the dashboard and see a human-readable timeline of everything your agent did. Each event is hash-chained for tamper-proof verification. Share any receipt with a one-click link. Anyone with the link can view it.

How receipts stay honest

Every receipt is tamper-proof

Tamper-proof by design

Every event is hash-chained to the one before it. Receipts are append-only. Nobody can edit or delete events after the fact. Not even you.

EU AI Act compliance

Article 19 requires high-risk AI systems to retain logs for at least six months. AgentReceipt stores receipts with configurable retention and an immutable hash chain. Enforcement starts August 2026.

US compliance

SOC 2 audits ask for activity logs. HIPAA requires six-year retention for healthcare data. SOX and SEC rules require financial agents to prove they followed execution rules. One audit trail covers all of them.

Human review, captured

Record approval steps alongside agent actions. When a person signs off before the agent proceeds, that decision is part of the receipt too.

PII flagging

Tag events that contain sensitive data. Mark health records, financial data, or personal information so your compliance team knows exactly which events to scrutinise.

Anchored on a public log

Pro and Business receipts are anchored to the Sigstore Rekor transparency log after every session. This is a public, permanent record that proves the receipt existed at a specific time and has not been changed. Anyone can verify it independently.

Pricing

Simple, predictable pricing

Start free. Upgrade when you need more sessions or longer retention.

Free

For developers testing and building.

$0forever

  • 100 sessions/month
  • 7 day retention
  • Hash chain verification
  • Unlimited projects
Start for free
Most popular

Pro

For small teams shipping agents in production.

$49/month

  • 2,500 sessions/month
  • 90 day retention
  • Hash chain verification
  • Anchored on Sigstore Rekor
  • Unlimited projects
Get started

Business

For teams running agents across multiple workflows.

$199/month

  • 15,000 sessions/month
  • 365 day retention
  • Hash chain verification
  • Anchored on Sigstore Rekor
  • Unlimited projects
Get started

Enterprise

For regulated industries and large-scale deployments.

Custom

  • Unlimited sessions
  • Custom retention (up to 7 years)
  • Hash chain verification
  • Anchored on Sigstore Rekor
  • Unlimited projects
Contact sales

FAQ

Common questions

Will this slow down my agent?
No. The SDK sends events asynchronously in batches. If it cannot reach our servers, it fails silently. Your agent keeps running regardless.
Where is my data stored?
Event metadata is stored in our database. Raw LLM inputs and outputs are stored separately in Cloudflare R2. You can request deletion of raw payloads at any time to comply with GDPR Article 17.
Who can see my receipts?
Only members of your workspace. You can invite your compliance team, legal counsel, or any other stakeholder directly. They see everything you see. You can also generate a shareable link for any receipt and send it to anyone. No login required.
What counts as a session?
One end-to-end agent run. Processing one invoice, handling one support ticket, running one scheduled job. Each session captures up to 200 events.
Which AI providers does it support?
OpenAI, Anthropic, Gemini, Mistral, and the Vercel AI SDK. Each takes one line of code to integrate.
Do I need to change my agent code?
No. You wrap your existing AI client with one line. The rest of your code stays exactly as it is.

Your agents are already taking actions.

Start keeping a record of them. Free plan, no credit card, five minutes to set up.

Get started for free