EctoLedger

Your AI agent made 47 decisions. Can you prove what it did?

EctoLedger is a dashcam and emergency brake for AI agents: a security proxy that can block rogue commands before execution, then generate cryptographically verifiable evidence of what happened.

Built for teams running AI in high-risk workflows: security, compliance, platform engineering, and enterprise operations.

Get Started Watch Demo

Use Cases

What teams can use EctoLedger for

Security Operations

Block unsafe agent commands before they hit infrastructure, APIs, or sensitive files.

Compliance Reviews

Produce tamper-evident evidence trails for internal and external audit requirements.

Enterprise Procurement

Show customers exactly what the agent attempted, what was blocked, and what actually executed.

Incident Forensics

Replay AI-assisted workflows with signed, hash-chained records for post-incident analysis.

EU AI Act ready Tamper-proof audit trail 4-layer AI guardrails Court-grade certificates Open source Rust EU AI Act ready Tamper-proof audit trail 4-layer AI guardrails Court-grade certificates Open source Rust

Clarity first

What EctoLedger is, and what it is not

EctoLedger is not a crypto trading product. Here, "ledger" means a tamper-evident audit log for AI agent behavior.

What it does

Records each AI action in an append-only, hash-chained audit trail.
Prevents damage by blocking denied actions before execution (policy + guard + strict schema + Tripwire).
Detects prompt-injection and goal-hijack patterns in model output before commit/execution.
Exports verifiable evidence (`.elc` certificates) for customers, auditors, and regulators.
Adds optional sandbox isolation tiers for execution paths, including Firecracker on Linux and Apple Hypervisor guard isolation on supported Apple Silicon builds.

When to use it

Your AI agents run commands, call APIs, or touch sensitive files/infrastructure.
You need a hard-stop control plane, not just post-incident logs.
You must prove what happened during an AI run to security, compliance, or customers.
You are preparing for enterprise procurement, compliance reviews, or third-party due diligence.
You want replayable, cryptographically verifiable evidence instead of screenshot-based reporting.

What it does not do

It does not trade, hold, or manage cryptocurrencies.
It is not a replacement for your SIEM or ticketing platform.
It is not a universal host EDR outside EctoLedger-managed agent actions.
It does not guarantee legal outcomes by itself.

Flowchart

How EctoLedger controls AI actions

Every proposed action is checked before execution. Denied actions are blocked and recorded. Allowed actions execute and are sealed into cryptographic evidence.

See it in action

Watch a full AI audit workflow

Start with a task, watch the guardrails evaluate each action, and finish with a verifiable certificate proving what happened.

Who is this for?

Teams that need proof, not guesswork

Compliance Teams

EU AI Act timelines are approaching. EctoLedger gives you auditable evidence for high-risk AI workflows now.

Engineering Teams

If your agents run commands and APIs, you need a provable trail showing every decision and action.

Security Teams

Every action passes four validation layers before execution. Rejections are logged and reviewable.

Auditors and Regulators

Export `.elc` certificates and verify them offline with a standalone binary. No vendor trust required.

The Solution

Everything you need to make AI agents accountable

Core Ledger

Tamper-proof activity log

Capture every model decision, tool action, and operator approval in a timeline you can replay and verify.

4-layer semantic guard

4 layers of protection before any action executes

Policy engine -> dual-LLM guard -> strict schema validation -> Tripwire. If a proposed action is unsafe, it is blocked before execution.

.elc audit certificates

Audit certificates that hold up in court

Export a self-contained certificate with cryptographic proofs and verify it offline using the standalone verify-cert binary.

Legal admissibility depends on jurisdiction and process; EctoLedger provides cryptographic evidence to support review and testimony.

Policy Studio

Define what your AI is allowed to do

Metrics

Live reliability telemetry

Active Audit

Real-time workflow traceability

Philosophy

The agent is the database

State lives in the ledger

The Rust process is a transient worker. All durable state — event log and snapshots — lives in the configured backend (PostgreSQL or SQLite). The binary has no long-term memory; it restores state from the ledger on each run.

Perceive → Propose → Verify → Commit → Execute

Proposed actions from the LLM are never trusted directly. Policy engine, guard process, then Tripwire validate every intent before commit. Intents that pass are appended to the hash-chained ledger and executed; nothing is ever updated or deleted.

Industry policy packs

SOC 2 Type II, PCI-DSS v4.0, OWASP Top 10 2021, ISO 42001:2023 (AI management). Load via --policy crates/host/policies/soc2-audit.toml and similar.

How It Works

From setup to audit proof in 3 steps

The workflow follows a deterministic progression designed for high-assurance environments.

Step 1

Create a scoped session with explicit mission and policy boundary.

Step 2

Append model and tool events while guardrails validate each operation.

Step 3

Seal the session and export verifiable certificate artifacts.

Execution health

Operational overview

Flow engine 84% in progress

Action queue 120 items remaining

System health No issues detected

How-To

Start with the right setup for your goal

Run your first production-grade audit

Use PostgreSQL backend for full command support.
Set guard configuration and keep GUARD_REQUIRED=true.
Run audit \"<goal>\", then export and verify .elc.

Choose demo vs SQLite vs PostgreSQL

Demo: fast product tour with isolated data.
SQLite: local/CI viewing and reporting workflows.
PostgreSQL: full audits, orchestration, anchoring, and red-team tests.

Prepare evidence for auditors

Run with policy packs (SOC 2, PCI-DSS, OWASP, ISO 42001).
Export report + .elc certificate.
Verify evidence offline with verify-cert.

Need help with setup or verification errors? See the Troubleshooting guide.

v0.6.3 release

Changelog and updates

Highlights from v0.6. Full README and CLI reference live on GitHub.

Pluggable ledger backends — PostgreSQL or SQLite via DATABASE_URL; LedgerBackend trait for custom stores.

Tauri 2 management GUI — Glassmorphic desktop app: dashboard, metrics, sessions, policy editor, Tripwire, certificate export.

Python & TypeScript SDKs — Typed REST clients; LangChain LedgerTool and AutoGen LedgerHook.

Extended webhooks — HMAC-signed SIEM egress (JSON, CEF, LEEF) for GuardDenial and TripwireRejection.

W3C Verifiable Credentials — VC-JWT on session completion; Ed25519-signed, did:key: anchored.

ISO 42001:2023 — Machine-readable policy pack (14 controls) and compliance whitepaper.

4-layer semantic guard — Policy → dual-LLM guard → strict schema → Tripwire before every commit.

Firecracker microVM sandbox — Hardware execution isolation for run_command (Linux).

EVM chain anchoring — Publish ledger tip hash to any EVM chain via anchor-session --chain ethereum.

SP1 ZK proofs — Provable policy compliance without exposing raw event payloads.

.elc certificates — Five-pillar verification; standalone verify-cert binary.

Key rotation & config — Automatic Ed25519 rotation, orchestrator policy injection, configurable bind port, DB pool scaling.

Developers

Quick start, SDKs, and CLI

Zero-friction setup: launcher scripts for macOS/Linux/Windows, Docker demo, or SQLite for local dev. Full docs on GitHub.

Quick start (v0.6)

Clone, run launcher — backend + Tauri GUI. Or ./ectoledger-mac --demo for zero-config demo with embedded Postgres.

macOS: ./ectoledger-mac
Linux: ./ectoledger-linux
Windows: .\ectoledger-win.ps1
Docker: docker compose -f docker-compose.demo.yml up

Quick Start on GitHub →

CLI at a glance

Serve dashboard, run audits, export reports and certificates.

serve — Observer dashboard (default http://localhost:3000)
audit "<goal>" — Run cognitive loop with policy/guard
report <session_id> --format certificate --output audit.elc
verify-certificate audit.elc — Offline .elc verification
orchestrate "<goal>" — Recon → Analysis → Verify
anchor-session <id> — Bitcoin OTS or EVM anchoring
red-team --target-session <id> — Adversarial testing
prove-audit <id> — SP1 ZK proof (build with --features zk)

CLI reference →

Python SDK

pip install ectoledger-sdk · Optional: [langchain] or [autogen]. sdk/python

quickstart.py

import asyncio; from ectoledger_sdk import LedgerClient; async def main(): async with LedgerClient("http://localhost:3000") as client: session = await client.create_session(goal="Audit Cargo dependencies"); await client.seal_session(session.session_id); asyncio.run(main())

TypeScript SDK

npm install ectoledger-sdk · Zero deps, native fetch. sdk/typescript

import { EctoLedgerClient } from "ectoledger-sdk";
const client = new EctoLedgerClient({ baseUrl: "http://localhost:3000" });
const session = await client.createSession("Summarise quarterly report");
await client.appendEvent(session.id, { step: "retrieved_docs", count: 42 });
await client.sealSession(session.id);
const cert = await client.exportCertificate(session.id);

Audit certificates (.elc)

Five verification pillars

Every completed session can be exported as a self-contained .elc verifiable offline. Optional sixth: SP1 ZK validity proof. The verify-cert binary is static and dependency-free for auditors.

Ed25519 signature

Tamper-resistance; payload signed with session keypair; no trusted third party.

SHA-256 hash chain

Gap and mutation detection; any insertion or change is detectable offline.

Merkle inclusion proofs

Efficient finding spot-checks; O(log n) verification per finding.

OTS / Bitcoin or EVM anchor

Temporal non-repudiation; proves completion before block N.

Goal hash integrity

Session integrity; goal cannot be redirected mid-session.