Skip to content
Postcept
Audit evidence

Evidence for what your agents actually did.

As AI agents take high-risk actions, refunds, cancellations, ticket resolutions, risk and compliance teams need durable, independent evidence of what happened, not a screenshot of a chat. Postcept helps create that evidence: every verification leaves a signed, independently-verifiable trail.

Four layers, each independently verifiable

Postcept’s evidence layer is built so you never have to take its word for it. Each artifact can be checked by you, an auditor, or a counterparty using open rules and a public key.

Signed completion receipts

Every verified action can produce an Ed25519-signed receipt recording what was checked, against which system of record, and how it classified. Anyone can verify the signature with the published public key, no Postcept API call required.

Verify a receipt

Tamper-evident audit log

Organization events are recorded in a per-tenant SHA-256 hash chain: each entry covers the previous entry's hash, so a later edit or deletion breaks the chain and is detectable on recomputation.

Public transparency log

Live receipts are appended to an append-only RFC 6962 Merkle log. A signed tree head and per-receipt inclusion proofs let anyone show a receipt was logged and was not removed or back-dated, an independent timestamp.

Portable evidence export

A single signed bundle gathers the receipts, the audit log and its integrity status, and the transparency-log proofs. A signed manifest binds the bundle's exact contents, so it can't be trimmed, padded, or swapped undetected.

Built with record-keeping in mind

Frameworks such as the EU AI Act describe record-keeping and logging expectations for higher-risk AI systems, automatic event logging (Article 12), human-oversight records (Article 14), and the obligations that begin to apply from 2 August 2026. Postcept is designed to help teams produce the kind of durable, tamper-evident, independently-verifiable records those conversations tend to require.

Definition

Postcept helps create audit evidence. It is not legal advice or a compliance certification, and using it does not by itself make a system “compliant” with any regulation.

Give your risk team evidence, not screenshots.

Postcept verifies high-risk agent actions against the system of record and leaves a signed, independently-verifiable trail for each one.