Live on npm · v0.6.0 · Apache-2.0

Cryptographic evidence for enterprise AI.

Every AI decision produces a signed, tamper-evident receipt. Auditors, regulators, and insurers verify it independently — with only the public key, and no dependency on the AI vendor.

$ npm install @askledger/receipts-sdk
signed-receipt.jsonSIGNING · VERIFIED ✓
receipt_id01J9X8VKHT…
tenant_idacme-bank
event_typegateway.request
ai_modelclaude-sonnet-4-6
chain_height12,487
prev_hash92cd1a0b…d04e5e
receipt_hasha73f2ce5…8b3c1e
timestampRFC 3161 · DigiCert TSA
signatureEd25519 · valid
5
Language SDKs, wire-compatible
< 2 ms
Sign and verify, end to end
66/66
Security hardening controls
0
Calls required to verify
Works with OpenAIAnthropicGeminiBedrockAzureCohereMistralHugging FaceGroqLangChainCursor
Why now

The clock has already started.

India's RBI has closed consultation on its Model Risk Management guidance; the EU AI Act and UAE CBUAE deadlines follow within weeks. Each requires evidence of what an AI system did — the record most institutions cannot yet produce.

India · RBI — Model Risk Management
Consultation has closed. Finalisation is underway — binding on regulated entities once notified.
Act now · banks & NBFCs in scope
European Union · AI Act
High-risk obligations & Annex IV technical documentation
Days
Hrs
Min
Sec
UAE · CBUAE Federal Decree-Law No. 6
Transitional deadline for regulated financial institutions
Days
Hrs
Min
Sec
The risk landscape

The AI you can't see is the AI you can't defend.

Most AI risk today is invisible — running outside your controls, inside your vendors, or acting on its own. You can't govern what you can't prove.

Shadow AI

The tools you never approved

Staff paste customer data, code, and financials into consumer AI with no oversight. One in five organisations has already been breached through shadow AI — at roughly $670K more per incident (IBM, 2025).

AskLedger surfaces and records every AI call — including the ones bypassing your gateway.
Third-party / Vendor AI

Your vendor's model, your liability

A supplier quietly adds an AI sub-processor in a routine update, and it now touches your customer data. You stay accountable — but you cannot see what their model actually did.

Verify exactly what a third-party AI did with your data — with proof, not their word.
Agentic AI

Agents that act, not just answer

Autonomous agents move money, change records, and call tools. When every individual action looks legitimate, misuse stays invisible until after the damage is done.

A tamper-proof record of every agent action — for detection, forensics, and control.
Unverifiable output

Confident, and sometimes wrong

Hallucinations slip into real decisions, and ordinary logs can be edited after the fact — so they don't survive an audit, a regulator, or a court.

Signed evidence of exactly what the model produced — provable months or years later.
Why AskLedger

If your company runs AI, you need proof of what it did.

Not only regulated industries. Any team shipping AI into real decisions gains the same advantages — from day one.

Win enterprise deals

Pass security reviews and RFPs with cryptographic proof, not promises. Trust becomes your differentiator.

Ship AI faster

Accountability becomes one line of code, not a six-month compliance project. Stop stalling in pilots.

Make AI risk insurable

Verifiable evidence lets you file a claim, price a policy, or hold a vendor liable when AI gets it wrong.

Control third-party AI

When a vendor's model touches your data, prove exactly what it did — accountability stays with you.

Debug & monitor agents

As agents act on their own, get a tamper-proof record of every action — for forensics, drift, and control.

Future-proof compliance

One evidence layer satisfies every framework coming — EU AI Act, RBI, NIST AI RMF, ISO 42001.

In action

One AI call becomes one verifiable receipt.

The full path from an AI request to independently verifiable evidence — automatically, in under two milliseconds.

AI callPrompt sent to any model
CaptureInput, output, model, tokens
SignCanonicalize + Ed25519 in HSM
ChainHash-linked, tamper-evident
VerifyAnyone, public key only
How it works

Three primitives. Mathematical guarantees.

Wire-format compatible across five languages, with an independent verifier shipped in every SDK.

01

Canonical hashing

RFC 8785 gives every receipt one deterministic byte representation. The SHA-256 of those bytes is the receipt_hash — any SDK produces an identical hash for identical input, proven by shared conformance vectors.

02

Per-tenant hash chain

Each receipt's previous_receipt_hash binds it to the one before. Alter any historical receipt and every later verification fails. Periodic Merkle commitments make truncation detectable.

03

HSM-backed signatures

Ed25519 over the canonical bytes. The private key never leaves the HSM — AWS KMS, Azure Key Vault, GCP KMS, or PKCS#11. Optional RFC 3161 timestamps anchor each signature to absolute time.

Architecture at a glance

It sits between your app and the AI — and changes nothing else.

A thin library inside your own environment. Wrap the client once; every call is captured, signed, and written where you choose.

Your applicationcode unchanged
AskLedger SDKcapture · sign · chain
AI vendorOpenAI, Anthropic, …

Each call also emits a signed receipt to your own store — verifiable by any auditor, regulator, or insurer with only the public key. The signing key never leaves your HSM.

The difference

A log is a claim. A receipt is evidence.

Most teams believe their logs will hold up. They won't — not when an outsider has to trust them. Here is the line that matters.

 
Vendor logs & dashboards
AskLedger receipts
Tamper-evident
Editable after the fact
Cryptographically sealed
Independently verifiable
Trust the vendor
Anyone, with a public key
Survives an audit or court
Disputable
Court-ready evidence
Works across AI vendors
Siloed per platform
Vendor-neutral
Provable years later
Rotated, overwritten
Permanent hash chain
For developers

Wrap your AI client. Ship a receipt.

One import, no application rewrite. Every call becomes a signed receipt — in the language your stack already uses.

TypeScript
Python
Go
Rust
Java
import OpenAI from "openai";
import { wrapOpenAI, generateKeyPair } from "@askledger/receipts-sdk";

// Wrap the client once — your application code is unchanged
const client = wrapOpenAI(new OpenAI({ apiKey }), {
  tenantId: "acme",
  keypair: generateKeyPair(),        // production: HSM-backed
  onReceipt: async (r) => store.append(r),
});

const res = await client.chat.completions.create({ model, messages });
console.log(res.x_ledger_receipt_id);  // cryptographic evidence id
from askledger_receipts import wrap_openai, generate_keypair
from openai import OpenAI

# Wrap the client once — your application code is unchanged
client = wrap_openai(OpenAI(api_key=api_key),
    tenant_id="acme",
    keypair=generate_keypair(),        # production: HSM-backed
    on_receipt=lambda r: store.append(r))

res = client.chat.completions.create(model=model, messages=messages)
print(res.x_ledger_receipt_id)  # cryptographic evidence id
import receipts "github.com/askledger/receipts-sdk-go"

// Wrap the client once — your application code is unchanged
client := receipts.WrapOpenAI(openaiClient, receipts.Config{
    TenantID: "acme",
    Keypair:  receipts.GenerateKeyPair(), // production: HSM-backed
    OnReceipt: func(r receipts.Receipt) { store.Append(r) },
})

res, _ := client.Chat.Completions.Create(ctx, req)
fmt.Println(res.LedgerReceiptID) // cryptographic evidence id
use askledger_receipts::{wrap_openai, generate_keypair, Config};

// Wrap the client once — your application code is unchanged
let client = wrap_openai(openai_client, Config {
    tenant_id: "acme".into(),
    keypair: generate_keypair(),        // production: HSM-backed
    on_receipt: |r| store.append(r),
});

let res = client.chat().completions().create(req).await?;
println!("{}", res.ledger_receipt_id); // evidence id
import io.askledger.receipts.*;

// Wrap the client once — your application code is unchanged
var client = Receipts.wrapOpenAI(openAiClient, Config.builder()
    .tenantId("acme")
    .keypair(Receipts.generateKeyPair())   // production: HSM-backed
    .onReceipt(store::append)
    .build());

var res = client.chat().completions().create(req);
System.out.println(res.ledgerReceiptId()); // evidence id
Use cases by industry

See exactly how it works for your sector.

Real scenarios, end to end — the decision, the moment it is challenged, and the evidence a receipt gives you. Select your industry.

Banking & Fintech
Insurance
Healthcare
Government
Legal
BankingAn AI-declined loan, disputed 18 months later
Workflow
1
AI model declines the loancredit decision returned to the applicant
2
Receipt signed automaticallyinput, output & model version sealed
3
Decision disputed months laterthe borrower's lawyer demands proof
4
Receipt verified in courtindependently, with the public key
  • The moment it matters

    Counsel asks the bank to show exactly what the model produced on that date.

  • Without proof

    Logs have rotated and the model retrained twice; nothing ties that decision to that version.

  • What the receipt proves

    The precise input, output, and model — signed and timestamped — defensible before a court or the RBI.

FintechA fraud model blocks a legitimate large payment
Workflow
1
Fraud model blocks the paymenthigh-value transaction stopped
2
Receipt captures the signalsfeatures, score & decision recorded
3
The customer complainsescalates the blocked payment
4
Why it acted is showncomplaint resolved, decision explained
  • The moment it matters

    A valued customer is blocked and escalates; the team must explain the decision fast.

  • Without proof

    The model's reasoning is opaque and the record is disputable — a compliance headache.

  • What the receipt proves

    Exactly which signals and score triggered the block — a defensible, explainable record on demand.

ClaimsAn AI claims-triage denial is challenged
Workflow
1
AI triage denies the claimrouted as ineligible
2
Receipt records inputs & outputdata and decision sealed
3
Policyholder challengesfiles a complaint or lawsuit
4
Decision reconstructeddefended with verifiable evidence
  • The moment it matters

    A denied policyholder disputes the outcome and a regulator asks how the decision was made.

  • Without proof

    The triage path can't be reconstructed precisely; the insurer is exposed to bad-faith claims.

  • What the receipt proves

    Exactly what the model saw and decided — turning "the system denied it" into defensible evidence.

UnderwritingAI underwriting is audited for bias
Workflow
1
AI underwrites policiespricing & acceptance at scale
2
Every decision is signeda receipt per policy
3
Regulator audits for biasrequests a population sample
4
Verifiable evidence producedacross the whole sample
  • The moment it matters

    A fairness audit requires showing inputs and outputs across many decisions, not a summary.

  • Without proof

    Sampling self-reported logs invites dispute over whether the records were altered.

  • What the receipt proves

    An unedited, verifiable record of each decision — the actuarial input to price and insure AI risk itself.

ClinicalAn AI recommendation is questioned after an adverse event
Workflow
1
AI recommends a course of caredecision support at the point of care
2
Receipt seals the inputsPHI hashed, never exposed
3
Adverse-event review beginswhat did the AI advise, and when?
4
Exact advice provenimmutable clinical audit trail
  • The moment it matters

    A safety review must establish precisely what the model recommended, on what data, at what time.

  • Without proof

    Reconstructing the moment from mutable records is slow and legally weak.

  • What the receipt proves

    An immutable record of the recommendation and its inputs — with confidential data hashed, never exposed.

ComplianceA HIPAA audit of AI-assisted documentation
Workflow
1
AI assists clinical documentationnotes, coding, summaries
2
Receipt logs the data boundarywhat was sent, and where
3
HIPAA auditdid PHI leave the environment?
4
No PHI leak, provenverifiable, not asserted
  • The moment it matters

    An auditor asks the provider to prove that patient data stayed within approved boundaries.

  • Without proof

    "We configured it correctly" is an assertion an auditor cannot independently confirm.

  • What the receipt proves

    A verifiable record of every AI call and its data classification — evidence, not assurance.

Citizen servicesA citizen contests an AI benefits decision
Workflow
1
AI decides eligibilitybenefit approved or denied
2
Receipt signedinputs & outcome recorded
3
Citizen appealsescalates to the ombudsman
4
Independent verificationoversight body confirms the record
  • The moment it matters

    An appeal requires an explainable, auditable account of an automated decision affecting a citizen.

  • Without proof

    Public trust erodes when agencies cannot independently show what an automated system did.

  • What the receipt proves

    Evidence an oversight body can verify itself — no privileged access to internal systems required.

TransparencyA transparency request on automated decisions
Workflow
1
Automated decisions run at scaleacross a public service
2
Receipts accumulatea verifiable ledger forms
3
Transparency / FOI requestpublic or journalist inquiry
4
Proof without exposureevidence, not source systems
  • The moment it matters

    A transparency law requires accounting for automated decisions without exposing sensitive systems.

  • Without proof

    Agencies face a choice between opacity and exposing internal infrastructure.

  • What the receipt proves

    Independently verifiable evidence of each decision — provable with only a public key.

LitigationAn AI-drafted filing contains a hallucinated citation
Workflow
1
AI drafts the filingresearch and citations generated
2
Receipt records the outputwhat the AI actually produced
3
A human reviews & approvesreview captured too
4
Who did what is provableAI output vs. human sign-off
  • The moment it matters

    A court sanctions AI-fabricated citations; the firm must show exactly what was AI and what was reviewed.

  • Without proof

    "A human checked it" is a claim — indistinguishable from the failures making headlines.

  • What the receipt proves

    A signed record of the AI output and the human review — the line between documentation and evidence.

Client trustA client asks whether AI was used, and how
Workflow
1
AI is used on the matterdrafting, review, research
2
Receipt per invocationAI involvement recorded
3
Client asks about AI useengagement or audit query
4
Signed record providedtransparent, verifiable
  • The moment it matters

    A client's engagement terms require disclosure of when and how AI was used on their matter.

  • Without proof

    The firm relies on memory and unverifiable notes to answer a trust-critical question.

  • What the receipt proves

    A precise, signed account of AI involvement per matter — turning a risk into a trust advantage.

The stack

Built like the platforms it sits next to.

Open-core, vendor-neutral, and wire-format conformant across five reference implementations.

TypeScript@askledger/receipts-sdk
Pythonaskledger-receipts
Goreceipts-sdk-go
Rustaskledger-receipts
Javaio.askledger:receipts-sdk

Native receipt capture for OpenAI, Anthropic, Gemini, Bedrock, Cohere, Mistral and five more vendors — plus LangChain, Cursor, and gateway integrations. No application rewrite required.

Regulatory coverage

Mapped to the frameworks your regulators enforce.

Receipts supply the runtime evidence these regimes demand — what an AI system did, when, and under which policy — pre-mapped across the major global frameworks.

European Union
  • EU AI Act (Reg. 2024/1689)Art. 9, 11, 12, 14, 15, 50 · Annex IV technical documentation
  • GDPR (Reg. 2016/679)Art. 22 automated decisions · Art. 5 accountability
United Kingdom
  • PRA SS1/23Model risk management principles for banks
  • ICO guidance · DPA 2018AI, automated decisions, data protection
United States
  • NIST AI RMF 1.0Govern · Map · Measure · Manage
  • Federal Reserve SR 11-7Supervisory guidance on model risk
  • Colorado AI Act · HIPAA · SOC 2 · FedRAMPSector and state requirements
India
  • RBI — FREE-AI & Model Risk Management (2026)Explainability, human oversight, board accountability, kill switch
  • DPDP Act 2023 · CERT-InPersonal data protection and incident reporting
Middle East
  • UAE — CBUAE Federal Decree-Law No. 6Responsible AI principles for financial institutions
  • KSA — SAMA · SDAIA AI Ethics · PDPLGovernance, data residency, decision logging
Asia-Pacific
  • Singapore — MAS FEAT · IMDA Model AI GovernanceFairness, ethics, accountability, transparency
  • Australia — Voluntary AI Safety StandardTen guardrails for responsible AI
International standards
  • ISO/IEC 42001AI management systems (AIMS)
  • ISO/IEC 23894AI risk management
  • OECD AI PrinciplesTransparency, accountability, robustness
One evidence layer
  • Every framework, one recordEach receipt cites the articles and controls it satisfies — the same signed evidence serves an auditor, a regulator, and an insurer.
Standards

Open standards, open code, open verification.

No vendor lock-in and no proprietary cryptography. Every claim is verifiable against published RFCs and the public specification.

RFC 8785JSON Canonicalization Scheme
RFC 8032Ed25519 signatures
RFC 3161Trusted timestamping
RFC 9162Certificate Transparency v2
NIST SP 800-207Zero Trust Architecture
ISO/IEC 42001AI Management Systems
Security & trust

Built to be inspected, not trusted.

Enterprise-grade from the substrate up — and open, so your security team can verify every claim for themselves.

HSM-backed keysSigning keys never leave AWS KMS, Azure Key Vault, GCP KMS, or PKCS#11 — with a FIPS-mode path.
Independent verificationAny third party verifies a receipt with only the public key — no dependency on AskLedger or the AI vendor.
Zero Trust alignedNIST SP 800-207 architecture, SPIFFE workload identity, and OPA policy decisions written into receipts.
Threat-modelledSTRIDE + LINDDUN threat model, 66/66 hardening controls, and a 200-mutation fuzz suite.
Supply-chain integrityPublished to npm with cryptographic provenance, a CycloneDX SBOM, and Sigstore image signing.
Open sourceApache-2.0, an open specification, and five conformance-tested SDKs. Read the code and the threat model yourself.

"The next five years of AI are not about better models — they are about the infrastructure that makes them defensible."

Built in the open, because trust infrastructure should be inspectable. Open-source core under Apache-2.0; a commercial layer — hosted verification, a regulator portal, and evidence packs — is in design-partner preview.

Get started in 3 steps

From install to a verified receipt in minutes.

1
Installnpm install @askledger/receipts-sdk
2
Wrap your clientOne line, no rewrite — every AI call now emits a signed receipt.
3
VerifyCheck any receipt with only the public key. Run the live verifier →
Questions

What teams ask first.

No. Receipts record a hash of the input and output — not the raw content. The private signing key stays inside your HSM, and verification needs only the public key. Nothing confidential is exposed to produce or verify a receipt.

Signing and verification complete in under two milliseconds end to end. Receipt generation never blocks or breaks the AI call it instruments — errors from the wrapped client always propagate normally.

No. AskLedger is open source under Apache-2.0, the wire format is an open specification, and any third party can verify a receipt with published RFCs and a public key. The protocol is a public good — adoption is the moat, not lock-in.

OpenAI, Anthropic, Gemini, Bedrock, Cohere, Mistral and more via drop-in adapters, plus LangChain, Cursor, and gateway integrations — across five language SDKs. A generic adapter covers any HTTP-based provider.

As a library inside your own environment — no data routed to a third party. Signing uses your existing AWS KMS, Azure Key Vault, GCP KMS, or PKCS#11 HSM. Chain state runs on your Postgres for multi-tenant scale.

Become a design partner.

AskLedger is at the design-partner stage, working with a small group of banks, insurers, and AI teams preparing for the regulatory shift. If that is you, let's talk.