RootSign SDK · v0.1.3

Tamper-evident provenance logging for AI agents.

Open-source · Apache 2.0 · Python 3.11+

GitHub starsPyPI versionPython versionsLicense: Apache 2.0
View on GitHub

Install

Base install: pip install rootsign. Framework extras pull in the matching connector.

Quickstart

Wrap your existing tools. Provenance is captured automatically.

agent.pypython
from rootsign import wrap_tools, session
from langchain_core.tools import tool

@tool
def send_invoice(customer_id: str, amount: float) -> str:
    """Send an invoice."""
    return "sent"

async with session(agent_id=agent.agent_id, client=client) as ctx:
    tools = wrap_tools([send_invoice], ctx=ctx)
    # your graph runs here — every tool call is captured

Verify the chain

One command proves the record chain is intact — or flags tampering.

terminalbash
$ rootsign verify <session_id>
VALID ✓  —  47 records, chain intact

What's in v0.1.3

✓ Shipped
  • LangGraph 0.1.x and 0.2.x
  • CrewAI 0.28+, 0.40+, 1.x
  • SHA-256 hash chain + rootsign verify CLI
  • Human-in-the-loop checkpoint (require_approval=True)
  • PII redaction before hashing (StandardPIIConfig, FinancialPIIConfig, HealthcarePIIConfig)
  • 261 tests · 7 ADRs · Apache 2.0