Prove what your agents did —
independently, forever.

Satsignal is verifiable proof infrastructure for agent workflows: anchor the policy a run executed under, commit each decision as it happens, and close with an evidence manifest — one handoff packet an auditor verifies without trusting you or us. Only a fingerprint (a hash) is recorded in a public ledger; you hash your data locally, so the content itself never leaves your machine. Anyone can verify the proof later — no Satsignal account.

Anchor a proof → Verify a proof

Verification is always free — no account. Anchoring needs a free account (100 anchors / month): sign in for the dashboard, or anchor from code with an API key you mint once in the dashboard (sign in, then /w/<workspace>/keys) — after that it’s one POST /api/v1/anchors call (worked curl example in the docs quickstart).

Start with an agent workflow →

Anchor the policy snapshot before the run, commit decisions as they happen, finish with an evidence manifest — one handoff packet an auditor verifies without trusting the operator. See the canonical model.

The same primitive also works for documents & evidence — anchor a contract, report, or exhibit; the file never leaves your machine, same anchor and same free verification. See file proofs, or the litigation and regulated-evidence playbooks.

Scope, plainly: a proof shows a fingerprint was known at a point in time — knowledge of the fingerprint and timing, not authorship or identity. It complements signing systems like Sigstore / cosign rather than replacing them. What a proof proves · Why this chain.

How it works

  1. 1 Committed in seconds
  2. 2 Confirmed on-chain
  3. 3 Verifiable by anyone

From data to proof — one path

From private data to verifiable proof

Only the fingerprint is anchored — never the payload.

  1. 1 Fingerprint first file / run / manifest items / event
  2. 2 Anchor one API call
  3. 3 Public chain records it public chain tx
  4. 4 .mbnt bundle portable proof
  5. 5 Verify anywhere auditor re-hashes

You keep

  • Your original file, output, or evidence set
  • The local canonical artifact

Satsignal records

  • A cryptographic fingerprint
  • Proof metadata + the chain anchor

Satsignal never stores

  • Your original file
  • Private payload content
  • Secrets or source data

Any reviewer checks

  • The payload hash matches the proof
  • The anchor exists on the public chain

Privacy by design·Cryptographically anchored·Publicly verifiable

One proof system · many entry points

The Satsignal integration map

Meet your data where it already lives — agents, CI, observability, storage, and SaaS events. Every path produces the same verifiable proof.

  • CLI

    File proofs & CI shells

  • Python helper

    Agent session proofs

  • Direct API

    Custom runtimes

  • MCP

    Claude Code & agent tools

  • CI/CD Action

    Release & eval artifacts

  • OpenTelemetry

    Selected GenAI spans

  • Blob storage

    S3 / R2 / GCS / Azure sidecars

  • Webhooks

    Stripe, GitHub, Langfuse, SaaS events

One API·One proof format·Verifiable anywhere

Agent run → one verifiable packet

The agent-run proof

Policy, decisions, outputs, and evidence become independently verifiable anchors — bundled for handoff, checkable by anyone.

  1. Policy snapshot

    Instructions, model config, tool permissions, budget caps

  2. Decision commitments

    Bid, vote, eval result, or other pre-reveal commitment

  3. Output proofs

    Files, reports, JSON, screenshots, generated artifacts

  4. Evidence manifest

    Up to 10,000 referenced items in one Merkle-rooted proof

Handoff packet

.mbnt bundles
+ canonical artifacts

Any third party can verify

  • Re-hash the revealed payload
  • Check the Merkle path
  • Check the BSV transaction
  • No login — no Satsignal account

Privacy by design·Cryptographically anchored·Publicly verifiable

01Why ordinary logs aren’t enough

Internal logs prove what your system says happened. Satsignal proves what was committed before the story could be rewritten.

An agent platform’s own logs answer to the operator that runs them. That’s fine for the easy cases. The hard cases — an incident review, a regulator request, a losing bidder asking to see the proofs — are exactly the cases where the platform’s log can no longer be the sole source of truth.

Signed logs and transparency logs cover most cases. The wedge is narrow: when the threat model includes the operator or platform, only a public-chain anchor lets a third party verify without trusting them.

02How the anchor happens

No shared batching. Your anchor broadcasts now.

Many timestamping services pool unrelated customer hashes and flush them later. Satsignal broadcasts your commitment during the anchor request.

Broadcast is initiated during your anchor request — including any failover between broadcast services. Confirmation still follows normal block timing.

You can still bundle your own files or events into one manifest proof — that’s your scope decision, not an operator mixing your data with strangers and anchoring it later.

No shared queue·No flush schedule·No operator custody window

03Pick a workflow

What are you anchoring?

Pick the workflow that matches the job. Each card opens the page where you actually start — the docs, demo, or form you’ll use to anchor your first one.

Agent Run Proofs →

Anchor an agent’s policy snapshot before the run, commit each decision as it happens, and finalize with an evidence-bundle manifest. One handoff packet a customer, auditor, or regulator can verify without trusting the operator.

Sealed Bid / Commitment →

Commit a payload before a deadline, reveal it later. Prove there were no post-deadline edits without leaking what was committed before reveal time. Right for procurement, sealed bids, evaluations, predictions.

Evidence Bundle Proofs →

One on-chain anchor over a Merkle-rooted manifest of up to 10,000 items. Disclose any single item later without revealing the rest. Right for contracts, photos, change orders, forensic packets, claims documentation.

Contract / File Proof →

The single-file workflow. Drop a PDF, contract, dataset, screenshot, or report; get a tamper-evident proof anchored on chain. Right for code releases, signed contracts, dataset snapshots, published policies.

Sealed-Blind Anchoring →

Anchor a fingerprint on chain without revealing what’s behind it — the salt stays client-side, so even the operator never sees the payload. Reveal later, on your schedule. Right for procurement, evaluations, and predictions where the content can’t be disclosed yet.
04Get in touch

Working on something this would help?

Whether it’s an integration, a customer use case, or a deployment question — we read every email.

hello@satsignal.cloud