Prove what your AI agents actually did.
Every action your agent takes is signed, chained, and witnessed. Anyone can verify a Sequesign receipt offline, even years later.
Tamper-evident
Audit trails that fail loudly.
Every action enters a signed hash chain. Re-ordering, omission, and after-the-fact edits are detectable on verification.
Tampered receipts surface as verification failures, not as a clean log. The verifier tells reviewers exactly which action, which evidence hash, and which chain state broke.
See a tampered receipt fail →Offline verification
Verifiable offline. By anyone.
The verifier needs no Sequesign endpoint to confirm a receipt at verification time. Given the receipt and the witness's published public key, any reviewer can verify the chain, the schemas, the workflow, and the human approval signatures. No network access to Sequesign required at the moment of verification.
View the live witness key →Standards & interoperability
Open formats. No lock-in.
A Sequesign receipt is not a closed format. Any receipt can be notarized as a DSSE-wrapped in-toto Statement — canonicalized with RFC 8785 (JCS) and signed with Ed25519 — so standard DSSE/in-toto tooling can verify the witness signature offline against our published key, no Sequesign service required.
Interactive demo
Prove the approval happened.
Your policy says a human reviews every payment. Can you prove it for this payment? In a Sequesign receipt the approval is a signature, not a log line. Pick a domain and a condition, then verify. The same Sequesign verifier handles both workflows; the failure modes are real, not staged.
Receipt sandbox
Trust model
What a receipt can and cannot prove.
Sequesign shows what is verified, what is attested, and what remains only agent-asserted. The distinction is the product.
What the receipt can prove
- Evidence has not changed after receipt construction
- Action sequence and chain continuity are intact
- Agent and witness signatures verify
- Schema validation passed, when requested
- Workflow profile validation passed, when requested
- Human approval signature is present and valid
What a receipt does not prove
- The agent told the truth
- The invoice came from the real vendor
- The payment provider confirmed the instruction
- The LLM provider attested to the response
- A lying agent self-reported every unsupported claim
- Every natural-language claim is externally verified
SDK
One SDK call per action.
Start a session. Record actions as they happen. Finalize. The receipt is a single signed artifact reviewers can verify with the local CLI or the hosted verifier at verify.sequesign.com.
- Three receipt modes: freeform, schema-validated, profile-constrained
- Built-in human approvals, plan steps, counterparty attestations
- Cross-process resume from on-disk checkpoint
- Verification levels L0 through L3, plus independent W/A/C badges, from real SDK calls
import { createSequesign } from "@sequesign/sdk"; const sdk = createSequesign({ witness: { baseUrl: "https://witness.sequesign.com", apiKey: process.env.SEQUESIGN_API_KEY } }); const session = await sdk.startSession({ agent: { agentId: "agent_acme_invoice_bot", keypair: agentKeys }, task: { taskId: "inv_2024_07_421", profile: "invoice-payment-v1" } }); await session.recordAction({ actionType: "invoice_reviewed", evidence: { invoice_id: "inv_2024_07_421", decision: "approve" } }); const { receiptPath } = await session.finalize(); // receiptPath → ./out/<task_id>.tar.gz · verifiable offline
# Witness one action over bare HTTP. The same operation as SDK (direct). # action_record_hash and the chain states are precomputed from the action # record; docs/protocol-primitives-reference.md shows how. curl -s -X POST https://witness.sequesign.com/witness \ -H "Authorization: Bearer $SEQUESIGN_API_KEY" \ -H "Content-Type: application/json" \ -d '{ "chain_id": "chn_minimal_action", "sequence": 1, "action_record_hash": "de15a7e8f5a7e310bc899451bce16bcddb2c709d45f62a16f1bce6c17f2ac85d", "previous_chain_state": "7a94dc75d14c5fb6af6d27a931534b5e034c1e8e5d51b4ae2b7b027aa53651d7", "chain_state": "e5f14487d84857e74a2025d8739c1425f8ec9fe7dccf7d8703f61f7bc1277ea0" }' # Records the action and returns a witness attestation.
import { createSequesign } from "@sequesign/sdk"; // Managed mode routes through Sequesign's hosted broker. Sequesign // stores and witnesses the receipt; nothing is written to local disk. const sdk = createSequesign({ mode: "managed", tier: "hosted", broker: { baseUrl: "https://broker.sequesign.com", apiKey: process.env.SEQUESIGN_API_KEY } }); const session = await sdk.startSession({ agent: { agentId: "agent_acme_invoice_bot", keypair: agentKeys }, task: { taskId: "inv_2024_07_421", delegatorId: "acme_ap_team" } }); await session.recordAction({ actionType: "invoice_reviewed", evidence: { invoice_id: "inv_2024_07_421", decision: "approve" } }); const { receiptId, receiptUrl } = await session.finalize(); // receiptUrl → dashboard.sequesign.com/receipts · witnessed and stored // To verify offline later, check witness signatures against the discovery // key (/.well-known/sequesign/keys.json), not any key in the response. // In bare HTTP this flow needs client-side Ed25519 signing and envelope // assembly; the Python and Go examples in // docs/protocol-primitives-reference.md section 5 show the machinery.
# Python SDK coming soon. # Track progress on GitHub: https://github.com/Sequesign/sdk
// Go SDK coming soon. // Track progress on GitHub: https://github.com/Sequesign/sdk
MCP
Give your agent a receipt.
The Sequesign MCP server turns any MCP-capable agent — Claude Desktop, Claude Code, and other clients — into one that can prove what it did. It exposes tools to open a signed session, record each action as it happens, and seal a witnessed receipt anyone can verify offline. In direct mode the agent's signing key never leaves the machine.
- Tools for sessions, actions, approvals, counterparty, finalize, verify
- Direct mode (key stays local) or managed (registered identity)
- Schema- and profile-constrained recording, same as the SDK
- One line in Claude Code, or a one-click Desktop Extension
# Claude Code — add the server. Direct mode signs # locally but the hosted witness needs a write-class # API key from dashboard.sequesign.com. claude mcp add sequesign \ --env SEQUESIGN_API_KEY=sq_live_... \ -- npx -y @sequesign/mcp # Leaving the agent key unset mints a per-session key # (self-asserted). If your API key is registered to an # agent key, also pass that exact key: # --env SEQUESIGN_AGENT_PRIVATE_KEY="$(cat agent.key.pem)" # Claude Desktop — one-click Desktop Extension: # download sequesign.mcpb from the GitHub release, # or find Sequesign in the MCP registry. # Then just ask your agent: "Review and pay invoice INV-4242 ($4,200) from Acme Supplies — then give me a Sequesign receipt I can verify independently." # The agent opens a signed session, records each step, # and seals a witnessed receipt that verifies offline.
Pricing
Choose your trust model.
Start free, choose the Standard plan, or run a dedicated witness. The protocol, the SDK, and the verifier are identical across tiers. Library storage is $0.10 per GB-month on every paid tier; configure retention via pruning policies.
Free
Developer tier
$0 / month
Try the protocol with no commitment.
- 1,000 signatures / month
- 10 MB library storage (storage pauses at the limit)
- Up to 1 MB evidence per receipt
- 90-day receipt retention
- Hosted witness service
- Email support
Standard
For production
$5 / month + usage
5,000 witnesses and 1 GB included each month, then pay for what you use.
- 5,000 signatures / month included
- 1 GB library storage included
- Up to 4 MB evidence per receipt
- $0.001 per signature over 5,000
- $0.10 per GB-month for additional storage
- Configurable retention (time-based or size-based pruning)
- Hosted witness at witness.sequesign.com
- Email support
Managed Isolated
Dedicated witness for your data
$25 / month + $0.002 per signature
Your own dedicated witness instance with isolated keys.
- 10 GB library storage included
- Up to 4 MB evidence per receipt
- $0.10 per GB-month for additional storage
- Configurable retention (time-based or size-based pruning)
- Dedicated witness instance with isolated keys
- Priority support
Bring Your Own Infrastructure
Data residency for regulated deployments
For data sovereigntyContact us
Keep your receipts and evidence in your own cloud or datacenter. We work with you on a deployment that fits your data-residency requirements — your data stays under your control while Sequesign provides the protocol, witness, SDK, and support.
- Your data stays in your infrastructure
- Hash-only by default — evidence content need never reach Sequesign
- Configurable evidence size limits
- Independent witness signing by Sequesign
- Configurable retention (time-based or size-based pruning)
- Protocol updates and integration support
Enterprise
Custom for your scale
For complex needsCustom
Annual contracts, dedicated support, custom SLA.
- All deployment options
- Custom storage quotas and rates
- Custom evidence size limits
- Dedicated support engineer
- 99.99% uptime SLA
Use cases
One protocol. Many delegated workflows.
The same sequence-signing receipt pattern applies wherever agents act on behalf of people or organizations. Below are the workflows the protocol was designed against and the ones it's being shaped toward next.
Invoice and procurement approvals
Receipts attach decision evidence and human approval to every payment instruction an agent emits.
Healthcare decision support
Sign clinician confirmations alongside model output for prescription, triage, and intake.
Financial and compliance agents
Per-action receipts that survive audit cycles for trading bots, KYC, and regulated reporting.
Customer operations automation
Refunds, escalations, and entitlement decisions land in a permanent, attestable log.
Get started
Ready to sign your first receipt?
Sequesign issues API keys directly from the dashboard. The hosted witness is live; the SDK is engineering-complete; the verifier runs locally today.
IP posture
Patent pending.
Sequesign technology is patent pending. This demo explains protocol concepts and is not a production deployment.