Overview
AGLedger is a self-hosted notary engine for AI agents, RPA bots, CI pipelines, and any system that speaks HTTP or MCP. It runs entirely on your own infrastructure - Docker Compose or Kubernetes (Helm on EKS), on-premises or fully air-gapped - with no phone-home and no vendor in the data path. You hold the signing keys, the database, and the records.
SIGNED INTENT - Before the work, an agent records what it was told to do, the bar for "done right," and where the result should go - each entry Ed25519-signed and hash-chained the moment it is written. After a context wipe or a hand-off, the agent reads back its own goal byte-for-byte instead of reconstructing it.
LIVE COORDINATION - When a result posts, a principal - a human, an agent, or a rules engine - renders the verdict, and AGLedger holds the signed record of accept or reject. Every subscriber hears it the instant it happens, inside one team or across company lines via peer-to-peer federation.
THE ACCOUNT, BY ARCHITECTURE - Every intent, verdict, and outcome is tamper-evident and attributable, verifiable offline by anyone holding the public keys, without trusting your infrastructure or ours. It produces the account the EU AI Act requires and satisfies Article 12's record-keeping requirements; the same records also serve ISO/IEC 42001, NIST AI RMF, and non-AI frameworks like SOX and HIPAA.
INTEGRATION AND DEPLOYMENT - An agent-optimized API (OpenAPI 3.0; responses carry nextSteps and recovery hints so agents self-correct), TypeScript and Python SDKs, a CLI, and an MCP server. Works with any model - Claude, GPT, Gemini - and any process that speaks HTTP. Contract types are your own JSON Schemas, registered through the API. Deploy on EKS or any Kubernetes via Helm, or Docker Compose on any Linux host; bring your own PostgreSQL (Aurora, RDS, on-prem) and your own Ed25519 keys. Perpetual license that fails open - no kill switch, no expiry, no quota.
Highlights
- Signed intent: agents recover their goal byte-for-byte after a context wipe or hand-off, each entry Ed25519-signed and hash-chained at the moment it happens.
- Live coordination: a principal renders the verdict, AGLedger holds the signed accept or reject, and every subscriber hears it instantly - across teams or companies via peer-to-peer federation.
- The account, by architecture: tamper-evident and verifiable offline by anyone holding the public keys. Self-hosted, even air-gapped - producing the account the EU AI Act's Article 12 requires.
Details
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
Pricing
Dimension | Description | Cost/12 months |
|---|---|---|
AGLedger Enterprise - Single Database Instance | Perpetual license for one AGLedger database instance. Full platform: record notarization, tamper-evident signed audit vault, gates with verdicts and disputes, Settlement Signals, custom contract types via JSON Schema, delegation chains, federation, and LLM agent discovery surfaces. Self-hosted via Helm or Docker Compose. Fails open - no phone-home, no expiry, no quotas. Purchase Annual Support for updates and priority support. | $3,000.00 |
AGLedger Annual Support | Annual support contract for one AGLedger database instance. Email support with 24-hour business-day response SLA, priority handling for production incidents, and access to the secure support bundle upload channel for faster diagnostics. | $1,000.00 |
Vendor refund policy
Full refund available within 30 days of activation, no questions asked. Contact support@agledger.ai with your AWS account ID to request a refund.
How can we make this page better?
Legal
Vendor terms and conditions
Content disclaimer
Delivery details
AGLedger Container (Helm on EKS / Docker Compose)
- Amazon EKS
- Amazon ECS
Container image
Containers are lightweight, portable execution environments that wrap server application software in a filesystem that includes everything it needs to run. Container applications run on supported container runtimes and orchestration services, such as Amazon Elastic Container Service (Amazon ECS) or Amazon Elastic Kubernetes Service (Amazon EKS). Both eliminate the need for you to install and operate your own container orchestration software by managing and scheduling containers on a scalable cluster of virtual machines.
Version release notes
AGLedger 1.1.0 - minor release, backward-compatible with 1.0. Completions now return the gate's settlement signal inline (recommendation, outcome, reasonCode), so a caller learns settle/hold/reject at completion time without a follow-up read. Schema list rows carry lifecycle hints (defaultGateMode, hasCompletion) to tell a gated type from a notarize-only one. An auto-mode settle that cleared only via a tolerance band is disclosed as AUTO_SETTLE_WITHIN_TOLERANCE. Revision-overflow terminals (OVERFLOW_REJECT) now emit a terminal HOLD settlement signal over Notify. Same self-hosted deployment on EKS/Kubernetes via Helm or Docker Compose, with your own PostgreSQL and keys. SLSA Build L3 with keyless Sigstore signatures; perpetual license per database instance, fails open.
Additional details
Usage instructions
Quick Start (Helm on EKS)
- Authenticate to the AWS Marketplace registry:
aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin 709825985650.dkr.ecr.us-east-1.amazonaws.com
- Install with Helm (external PostgreSQL 17+ - Aurora, RDS, or self-managed):
helm install agledger oci://registry-1.docker.io/agledger/agledger-chart --version 1.1.0
--set image.repository=709825985650.dkr.ecr.us-east-1.amazonaws.com/ag-ledger/agledger
--set image.tag=1.1.0
--set database.externalUrl=postgresql://USER:PASS@YOUR-DB-HOST:5432/agledger
--set secrets.vaultSigningKey=$(openssl genpkey -algorithm ed25519 | base64 -w0)
--set config.externalUrl=https://agledger.example.com
--set marketplace.productId=prod-gdyk7ehkopbnm
--set marketplace.serviceAccountAnnotations."eks.amazonaws.com/role-arn"=arn:aws:iam::YOUR_ACCOUNT_ID:role/agledger-marketplace
Notes:
- database.externalUrl: the role that runs migrations must be a SUPERUSER (rds_superuser on Amazon RDS/Aurora); the schema installs an event trigger that requires superuser. For a least-privilege split, set secrets.databaseUrlMigrate to a superuser URL used only for migrations and keep database.externalUrl as a DML-only role.
- config.externalUrl: the public URL of this install - it is signed into every record as the issuer. Auto-derived from ingress.hosts[0] when ingress is enabled.
- marketplace.serviceAccountAnnotations: IRSA role with license-manager:CheckoutLicense and license-manager:CheckInLicense permissions, used to validate your AWS Marketplace entitlement (checked out and immediately checked back in at boot).
- EKS worker nodes pull the image with their standard ECR read permissions once the account is subscribed.
- Verify:
kubectl port-forward svc/agledger-agledger-chart 3001:80 curl http://localhost:3001/health
- Initialize the first organization and API key:
kubectl exec deploy/agledger-agledger-chart-api -- /nodejs/bin/node dist/scripts/init.js --non-interactive
Docker Compose (any Linux host)
After step 1 (docker login):
curl -fsSL https://raw.githubusercontent.com/agledger-ai/install/main/scripts/install.sh -o install.sh bash install.sh --image 709825985650.dkr.ecr.us-east-1.amazonaws.com/ag-ledger/agledger --version 1.1.0
Verify provenance (optional)
This Marketplace image is a byte-for-byte copy of the signed public image agledger/agledger on Docker Hub and has the same digest. Verify the public image with cosign + slsa-verifier (SLSA Build L3), then confirm this image matches:
crane digest agledger/agledger:1.1.0 aws ecr describe-images --registry-id 709825985650 --repository-name ag-ledger/agledger --image-ids imageTag=1.1.0 --region us-east-1 --query imageDetails[0].imageDigest --output text
The two digests must be identical. Full steps: https://github.com/agledger-ai/install/blob/main/SECURITY.md
Documentation
These instructions are the complete deploy path for the AWS Marketplace image. For more:
- Quick start: https://agledger.ai/docs/quick-start
- Day-2 operations (backup, recovery): https://agledger.ai/docs/operations/day-2
- Full documentation: https://agledger.ai/docs
Resources
Vendor resources
Support
Vendor support
Email: support@agledger.ai URL: https://agledger.ai/docs Support description: All AGLedger Enterprise licenses include technical support via email with a 24-hour initial response SLA on business days. Support covers installation, configuration, upgrades, and troubleshooting of the AGLedger API and its deployment packaging (Docker Compose, Helm, federation). A built-in diagnostic tool (GET /admin/support-bundle) generates a sanitized system report that can be securely uploaded to our support team for faster resolution. Critical production issues (P0) receive priority handling. Documentation, integration guides, and API reference are available at agledger.ai/docs.
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.