AGLedger - Cryptographic notary for AI agents and automated work

Every automated action your business depends on should leave a verifiable trail. AGLedger is the notary: records go in, get Ed25519-signed and hash-chained at the moment they happen, and stay tamper-evident forever. Anyone holding the public keys can verify the chain offline - the proof outlives the vendor.

IN THE PATH, NOT BESIDE IT - A notary only matters if the work stops to use it. AGLedger is built to sit in front of consequential automated actions - buying hardware, provisioning a user, moving funds - not beside them as a log you hope got written. A gate you run requires the agent to clear AGLedger before the action runs; the decision to allow or block stays yours, and fail-closed is a policy you set. No record, no action. After-the-fact logging cannot capture what an agent meant to do or whose authority it claimed - intent and authority are only honest when signed at the moment they are real, before the action.

NOTARIZE - Capture what an automated process intended and what it did, signed and hash-chained as the work happens - one record or a delegation tree across many systems. One API call, terminal at create. The default path.

GATE - When work crosses a delegation boundary - between agents, between departments, between companies - the delegating party needs a place to render accept or reject on the delivery. A Gate is that interface. AGLedger holds the signed contract, the signed completion, the signed verdict, and the structured dispute path when a verdict is contested. We are not the judge. The principal is.

NOTIFY - A durable, signed subscription pushes each business-meaningful moment to the endpoints you already run: an approval queue, a dashboard, an ERP, a payment platform. Human-in-the-loop by delivery, not by polling. At-least-once delivery with stable idempotency keys, retry with backoff, circuit breaker, and a dead-letter queue. Settlement Signals (SETTLE / HOLD / RELEASE) ride this channel to payment platforms.

INTEGRATION - An agent-optimized API (OpenAPI 3.0; responses carry nextSteps and recovery hints so agents self-correct), TypeScript and Python SDKs, a CLI, and an MCP server. Works with any model - Claude, GPT, Gemini - and any process that speaks HTTP. Contract types are your own JSON Schemas, registered through the API.

YOUR INFRASTRUCTURE, YOUR KEYS - Self-hosted on EKS or any Kubernetes via Helm, or Docker Compose on any Linux host. Your PostgreSQL (Aurora, RDS, on-prem), your Ed25519 keys, standard tables, no proprietary formats. Air-gap capable. Data sovereignty by architecture: residency is wherever you put the database; nothing transits a vendor, no subprocessor touches a record.

FEDERATION - Run one Server per project, department, or company; federate them when work crosses between them. Each side keeps its own vault and its own keys. Signed HTTPS between sovereign Servers. The chain crosses the boundary; the data doesn't.

COMPLIANCE - EU AI Act record-keeping with structured risk fields, OCSF SIEM export, SCITT-aligned COSE_Sign1 envelopes over in-toto Statements, RFC 9421 signed webhooks for settlement non-repudiation. The proof already exists when the auditor asks.

LICENSING - Perpetual license per database instance. You own the software and it fails open: if support lapses, the software keeps running and your signed records keep verifying. Security fixes are always free. Annual support includes updates, new versions, and technical assistance with a 24-hour business-day response SLA.