How We Built a Tamper-Evident Audit Trail for AI Agents

last week we shipped a tamper-evident audit trail for AI agents. here is why we built it and the engineering decisions behind it. the problem: agents without receipts an AI agent making autonomous decisions leaves no external record of what it decided, why, or how confident it was. server logs exist, but the agent can modify its own logs. if the agent deletes production data, the logs explaining why might go with it. when a human employee makes a critical mistake, there is a paper trail — emails, slack messages, meeting notes. we can reconstruct intent. with agents? the prompt is gone, the context window is gone, the confidence level is gone. why server logs are not enough server logs fail in exactly the scenario where you need them most: adversarial incidents. if the agent has write access to the system it is logging to, the audit trail is documentation, not evidence. the record has to survive the agent. the architecture we built a three-layer system: 1. canonical event log (single wr