Security
Prevent AI agents from running unsafe operations and capture denied intents for investigation.
Full capability map
Features
A comprehensive list of what EctoLedger offers across security enforcement, audit evidence, governance, SDKs, deployment, and architecture.
Who this is for
Teams running real AI actions in real systems
- Security teams that need pre-execution controls for AI-proposed commands and API calls.
- Compliance and risk teams that need cryptographic evidence, not screenshots and trust.
- Platform and engineering teams operating autonomous workflows touching production environments.
- Enterprise buyers validating governance and control posture before broad AI deployment.
What EctoLedger is not
Clear boundaries
- It is not a crypto trading product or asset management platform.
- It is not a full SIEM replacement; it complements SIEM and ticketing workflows with high-integrity AI action evidence.
- It does not guarantee legal outcomes by itself; it provides verifiable records for legal and compliance review.
Use Cases by Team
How organizations use EctoLedger
Compliance
Generate tamper-evident records and certificates for policy reviews, audits, and due diligence.
Platform Engineering
Operate agent workflows with enforceable controls, approval gates, and replayable execution history.
Audit and Procurement
Verify what the agent attempted versus what actually executed using independent validation tools.
Platform Matrix
Operating system capabilities
Core control and evidence features are cross-platform. Isolation and system integrations vary by OS.
| Capability | macOS (Apple Silicon) | Linux | Windows |
|---|---|---|---|
| CLI + desktop GUI | Yes | Yes | Yes |
| 4-layer pre-execution checks | Yes | Yes | Yes |
| Hash-chained + signed audit ledger | Yes | Yes | Yes |
| `.elc` certificate export + offline verification | Yes | Yes | Yes |
| OS sandbox integration | Seatbelt | Landlock + seccomp | Job Objects |
| Hardware isolation path | Apple Hypervisor guard (feature-gated) | Firecracker microVM (feature-gated) | Not available |
| Platform key storage integration | macOS Keychain (optional feature) | Secret Service (optional feature) | Credential Manager (optional feature) |
macOS (Apple Silicon)
- Native desktop app with full control/evidence pipeline.
- Seatbelt sandbox integration for process constraints.
- Apple Hypervisor guard unikernel path via `sandbox-apple-enclave` feature.
- Optional key storage integration with macOS Keychain.
Linux
- Native CLI + GUI with full verification and evidence flow.
- Landlock + seccomp sandbox controls in supported environments.
- Firecracker microVM execution isolation path via `sandbox-firecracker`.
- Optional Secret Service key storage integration.
Windows
- Native CLI + GUI with full pre-execution checks and evidence export.
- Job Object sandbox integration for process isolation controls.
- No current hardware microVM execution isolation path.
- Optional key storage integration with Credential Manager.
Core Security and Enforcement
Controls that block unsafe AI actions before execution
- Verify-before-commit enforcement - AI-generated actions are validated before they can run, rather than trusted by default.
- 4-layer semantic guardrail pipeline - Policy checks, dual-LLM guard, strict schema validation, and Tripwire must all pass before action execution.
- Tripwire execution boundaries - Enforces filesystem, domain, command, and request-safety rules to reduce prompt injection and exfiltration risk.
- Human approval gates - Policy-triggered actions can pause for operator approval before continuing execution.
- Adversarial testing support - Built-in red-team and testing surfaces validate guard behavior against hostile input patterns.
Enterprise Compliance and Auditing
Provable evidence, not screenshots and trust
- Tamper-evident audit ledger - Every event is append-only and hash-chained for forensic integrity.
- Cryptographic audit certificates (.elc) - Exportable artifacts can be verified offline with the `verify-cert` binary.
- Session transparency - Shows attempted actions, approved actions, blocked actions, and final outcomes.
- W3C verifiable credential support - Session-level credential issuance and verification endpoints for portable attestations.
- Policy and compliance packs - Built-in policy packs for SOC 2, PCI-DSS, OWASP Top 10, and ISO 42001 control mapping.
Developer SDKs and Integrations
Tooling for Python, TypeScript, and agent workflows
- TypeScript SDK - Typed REST client and SSE support for backend and frontend integrations.
- Python SDK - Async typed client with model classes for sessions, events, reports, and governance operations.
- Agent framework integrations - Python extras include LangChain and AutoGen integration adapters.
- CLI workflows - Full command line interface for audit runs, reporting, replay, red-team testing, and verification.
- Cross-platform parity - Core workflows are available across macOS, Linux, and Windows.
Operations and Runtime Controls
Deployment options for evaluation and production
- Pluggable ledger backends - Supports PostgreSQL for production and SQLite for local/dev workflows.
- Desktop management GUI - Tauri app provides dashboards, policy editor, metrics, sessions, webhooks, tokens, and setup wizard.
- Webhook and SIEM egress - Optional outbound security events in JSON/CEF/LEEF with signature support.
- Observability and metrics - JSON metrics and Prometheus endpoint for reliability and security telemetry.
- Demo and quickstart modes - Fast onboarding via launch scripts and containerized demo paths.
Under-the-Hood Architecture
Rust-first security architecture with optional advanced proof layers
- Rust security core - Memory-safe, high-performance host runtime and cryptographic primitives.
- Deterministic policy execution path - Explicit rule engine and structured output validation reduce ambiguity in agent behavior.
- Optional sandbox isolation modes - Supports higher-isolation execution paths including Firecracker-based workflows where available.
- Anchoring and proof extensions - Supports timestamp and chain anchoring workflows and optional zk-proof generation flows.
- Open-source transparency - Public source enables independent review by security and compliance teams.
Next step
Run it and validate the controls yourself
Start with Quick Start for a local run, then verify audit evidence with exported certificates and policy-driven replay.