Cryptographically verifiable receipts for delegated AI work

Prove what your AI agents actually did.

Every action your agent takes is signed, chained, and witnessed. Anyone can verify a Sequesign receipt offline, even years later.

Get started See a sample receipt →
The Sequesign protocol, end to end. An agent records an action, the witness countersigns it, the receipt is finalized, and any verifier can confirm it offline against the published witness key. >_ AGENT records invoice_reviewed WITNESS countersigns · 0e050a75… RECEIPT finalized · receipt.tar.gz VERIFIER confirms · no network required L4 VERIFIED · OFFLINE · PERMANENT
Ed25519 SHA-256 Canonical JSON Length-prefixed encoding Offline verification Patent pending

Tamper-evident

Audit trails that fail loudly.

Every action enters a signed hash chain. Re-ordering, omission, and after-the-fact edits are detectable on verification.

Tampered receipts surface as verification failures, not as a clean log. The verifier tells reviewers exactly which action, which evidence hash, and which chain state broke.

See a tampered receipt fail →
01 9f4a8c2b… task_created OK
02 b3217f00… policy_checked OK
03 c8e91a4d… llm_reviewed MISMATCH
04 d2e7f180… human_approval UNREACHED
L0 · evidence hash mismatch at action 03

Offline verification

Verifiable offline. By anyone.

The verifier needs no Sequesign endpoint to confirm a receipt at verification time. Given the receipt and the witness's published public key, any reviewer can verify the chain, the schemas, the workflow, and the human approval signatures. No network access to Sequesign required at the moment of verification.

View the live witness key →
$ sequesign verify ./receipt.tar.gz
 
reading receipt ./receipt.tar.gz
resolving witness witness.sequesign.com
witness key 0e050a75250e2d57
 
chain continuity 4 actions, 0 gaps
evidence hashes 4 / 4 match
agent signatures 4 / 4 valid
witness signatures 4 / 4 valid
profile constraints invoice-payment-v1
human approval alice@acme.com
 
L4 verified · no network required

Interactive demo

A delegated agent workflow, verified.

Pick a domain and a condition, then verify. The same Sequesign verifier handles both workflows; the failure modes are real, not staged.

Live verifier / receipt artifact

Receipt sandbox

Receipt domain Same verifier, different workflow
Receipt condition Select, then verify
select a domain and condition, then verify…

Trust model

What a receipt can and cannot prove.

Sequesign shows what is verified, what is attested, and what remains only agent-asserted. The distinction is the product.

What the receipt can prove

  • Evidence has not changed after receipt construction
  • Action sequence and chain continuity are intact
  • Agent and witness signatures verify
  • Schema validation passed, when requested
  • Workflow profile validation passed, when requested
  • Human approval signature is present and valid

What a receipt does not prove

  • The agent told the truth
  • The invoice came from the real vendor
  • The payment provider confirmed the instruction
  • The LLM provider attested to the response
  • A lying agent self-reported every unsupported claim
  • Every natural-language claim is externally verified

SDK

One SDK call per action.

Start a session. Record actions as they happen. Finalize. The receipt is a single signed artifact reviewers can verify with the local CLI or the hosted verifier when it ships.

  • Three receipt modes: freeform, schema-validated, profile-constrained
  • Built-in human approvals, plan steps, counterparty attestations
  • Cross-process resume from on-disk checkpoint
  • Verification levels L0 through L5 reachable from real SDK calls
import { createSequesign } from "@sequesign/sdk";

const sdk = createSequesign({
  witness: {
    baseUrl: "https://witness.sequesign.com",
    apiKey: process.env.SEQUESIGN_WITNESS_KEY
  }
});

const session = await sdk.startSession({
  agent: { agentId: "agent_acme_invoice_bot", keypair: agentKeys },
  task:  { taskId: "inv_2024_07_421", profile: "invoice-payment-v1" }
});

await session.recordAction({
  actionType: "invoice_reviewed",
  evidence:   { invoice_id: "inv_2024_07_421", decision: "approve" }
});

const { receiptPath } = await session.finalize();
// receiptPath → ./out/<task_id>.tar.gz  ·  verifiable offline
# Python SDK coming soon.
# Track progress on GitHub: https://github.com/Sequesign/SequeSign
// Go SDK coming soon.
// Track progress on GitHub: https://github.com/Sequesign/SequeSign
See src/sdk-smoke.ts for a runnable example.

Pricing

Choose your trust model.

Start free, pay only for what you sign, or run a dedicated witness. The protocol, the SDK, and the verifier are identical across tiers. Library storage is $0.05 per GB-month on every paid tier; configure retention via pruning policies.

Free

Developer tier

$0 / month

Try the protocol with no commitment.

  • 5,000 signatures / month
  • 50 MB library storage (auto-pruned at limit)
  • Shared witness service
  • Email support
Get started

Shared

Pay as you go

$0.001 per signature

Bill only for what you sign. Storage at $0.05 / GB-month.

  • 1 GB library storage included
  • $0.05 per GB-month for additional storage
  • Configurable retention (time-based or size-based pruning)
  • Shared witness at witness.sequesign.com
  • Email support
Get started

Managed Isolated

Dedicated witness for your data

For regulated industries

$25 / month + $0.002 per signature

Your own dedicated witness instance with isolated keys.

  • 10 GB library storage included
  • $0.05 per GB-month for additional storage
  • Configurable retention (time-based or size-based pruning)
  • Dedicated witness instance with isolated keys
  • Priority support
Talk to us

Bring Your Own Witness

Run your own infrastructure

For data sovereignty

Contact us

Run the witness on your infrastructure. We provide the protocol, SDK, indexing, and support.

  • 25 GB library storage included
  • $0.05 per GB-month for additional storage
  • Witness keys never leave your infrastructure
  • Indexing service for receipt library
  • Protocol updates and integration support
Talk to us

Enterprise

Custom for your scale

For complex needs

Custom

Annual contracts, dedicated support, custom SLA.

  • All deployment options
  • Custom storage quotas and rates
  • Dedicated support engineer
  • 99.99% uptime SLA
Talk to us

Use cases

One protocol. Many delegated workflows.

The same sequence-signing receipt pattern applies wherever agents act on behalf of people or organizations. Below are the workflows the protocol was designed against and the ones it's being shaped toward next.

Invoice and procurement approvals

Receipts attach decision evidence and human approval to every payment instruction an agent emits.

Design target

Healthcare decision support

Sign clinician confirmations alongside model output for prescription, triage, and intake.

High-trust use case

Financial and compliance agents

Per-action receipts that survive audit cycles for trading bots, KYC, and regulated reporting.

Future profile

Customer operations automation

Refunds, escalations, and entitlement decisions land in a permanent, attestable log.

Profile candidate

Get started

Ready to sign your first receipt?

Sequesign issues API keys directly from the dashboard. The hosted witness is live; the SDK is feature-complete; the verifier runs locally today.

Get started Read the protocol spec →
Questions? Get in touch.

IP posture

Patent pending.

Sequesign technology is patent pending. This demo explains protocol concepts and is not a production deployment.