Evidence for what your agents actually did.
Four layers, each independently verifiable
Postcept’s evidence layer is built so you never have to take its word for it. Each artifact can be checked by you, an auditor, or a counterparty using open rules and a public key.
Signed completion receipts
Every verified action can produce an Ed25519-signed receipt recording what was checked, against which system of record, and how it classified. Anyone can verify the signature with the published public key, no Postcept API call required.
Verify a receipt →Tamper-evident audit log
Organization events are recorded in a per-tenant SHA-256 hash chain: each entry covers the previous entry's hash, so a later edit or deletion breaks the chain and is detectable on recomputation.
Public transparency log
Live receipts are appended to an append-only RFC 6962 Merkle log. A signed tree head and per-receipt inclusion proofs let anyone show a receipt was logged and was not removed or back-dated, an independent timestamp.
Portable evidence export
A single signed bundle gathers the receipts, the audit log and its integrity status, and the transparency-log proofs. A signed manifest binds the bundle's exact contents, so it can't be trimmed, padded, or swapped undetected.
Built with record-keeping in mind
Frameworks such as the EU AI Act describe record-keeping and logging expectations for higher-risk AI systems, automatic event logging (Article 12), human-oversight records (Article 14), and the obligations that begin to apply from 2 August 2026. Postcept is designed to help teams produce the kind of durable, tamper-evident, independently-verifiable records those conversations tend to require.
Postcept helps create audit evidence. It is not legal advice or a compliance certification, and using it does not by itself make a system “compliant” with any regulation.
Give your risk team evidence, not screenshots.
Postcept verifies high-risk agent actions against the system of record and leaves a signed, independently-verifiable trail for each one.