AEVS is a proof-of-execution system for AI agents, generating agent execution receipts that serve as tamper-evident proof for every tool call. These receipts are cryptographically signed using ECDSA P-256 and linked in a hash chain, ensuring that no action can be altered or skipped without detection. The product is specifically designed for developers building autonomous agents with LangChain or MCP, providing a drop-in SDK that requires minimal code changes. Its core value is transforming ephemeral agent actions into portable, verifiable records that teams can share with auditors, compliance officers, or CI/CD pipelines without exposing the entire codebase. AEVS addresses a critical gap in agent reliability: model text alone does not constitute proof of execution. Unlike relying on chat logs or application logs, each receipt contains the exact tool name, inputs, outputs, timing, and errors, sealed with a cryptographic signature that anyone can verify independently.
Without AEVS, teams face a fundamental problem: a model's reply stating an action occurred is not proof that the action actually executed. For example, an agent might respond 'Refund of $142 sent' based on its inference, but that text does not record which tool ran, with which inputs, or what the API returned. Auditors cannot verify a tool call from the model reply alone; they would need to reconstruct the event from chat history and application logs, which are often incomplete or unavailable. This leads to gaps in proof, manual replay efforts, and difficulty spotting discrepancies between what the agent claimed and what actually happened. With AEVS, each tool call gets a signed receipt containing the exact tool name, inputs, outputs, and position in the chain, providing a portable, independently verifiable record that eliminates these blind spots.
The first step in AEVS's Catch-Sign-Verify flow is recording every agent action. When enabled, AEVS sits transparently between the agent and its tools, intercepting each invocation. It captures the tool name, all input parameters, the output returned, the execution timing, and any errors that occurred. This data is structured into a receipt before signing, ensuring complete documentation at the point of execution. The automatic capture works with LangChain 0.2+ and MCP 1.20+ through a simple enable() call, requiring no changes to existing tool definitions. This ensures that every action, from a simple data lookup to a financial transaction, is fully recorded without any developer effort to instrument individual tools. The capture process is automatic, meaning that once AEVS is enabled, every subsequent tool invocation is logged regardless of the complexity of the agent's workflow.
admin
After capture, each receipt is cryptographically sealed using ECDSA with the P-256 curve, with keys managed via a KMS (Key Management Service). Each receipt is linked to the previous one via a hash chain, creating an immutable sequence that preserves the order and integrity of all agent actions. If any receipt in the chain is altered or removed, the signature verification fails and the chain break is immediately detectable. This hash chain mechanism provides tamper evidence at a granular level: even a single modified byte in a receipt will invalidate that receipt's signature and break the link to its successor. The signing process occurs automatically after each tool call, and the developer can flush pending receipts manually with aevs.flush() to ensure all receipts are submitted before the agent session ends. The combination of ECDSA signing and hash chaining makes the entire execution history auditable and prevents undetected tampering.
AEVS provides two independent verification methods. The first is a public REST API: send a GET request with the receipt's reference_id to verify the signature and check the execution status and tool details. This works for scripts, CI/CD pipelines, and external auditors who need instant proof without accessing the agent's infrastructure. The second is a web explorer where users can browse receipts by reference_id, view verification results, and inspect tool details in a user interface. AEVS also offers three visibility levels to control what information is exposed. Public mode exposes full tool payloads on the explorer and API, suitable for demos and shared audits. Private mode hides payload values from the public, showing [REDACTED] for inputs and outputs while still proving execution happened. Proof_only mode never stores input or output data, only cryptographic hashes and metadata, meeting strict data retention requirements like PCI or health compliance.
Using AEVS involves four straightforward steps. First, install the SDK with pip install aevs, optionally including extras for LangChain or MCP. Second, configure the agent with an API key and agent ID, then call enable() to activate receipt generation. AEVS auto-detects the agent framework, but you can explicitly specify frameworks=['langchain'] for clarity. Third, run your agent normally; every tool call is automatically intercepted, captured, and signed without any changes to your tool definitions. Finally, call flush() after execution to ensure all pending receipts are submitted to the backend. The entire integration typically requires adding just a few lines of code to existing agent scripts, preserving your existing tool definitions and workflow. This low-friction approach allows teams to add proof-of-execution to existing agent deployments with minimal refactoring.
Concrete use cases span multiple domains. Auditors can verify that specific tool calls occurred by receiving a reference_id, without needing access to the agent's codebase or logs. Compliance teams use public receipts to demonstrate due diligence in regulated environments, proving that actions like payments or data access were executed exactly as reported. Developers debugging agent behavior can inspect precise tool inputs and outputs for each call, identifying discrepancies between expected and actual execution. CI/CD pipelines automate verification by calling the verify API after each deployment, ensuring agent actions remain consistent across updates. For sensitive workloads, proof_only mode allows teams to prove tool execution without ever persisting payloads, satisfying data minimization principles while still providing a verifiable chain of signatures and hashes. Multi-party workflows also benefit: a client can independently verify each action performed by a vendor agent using only the shared reference_id.
AEVS is built for AI engineers and MLOps teams developing agentic systems with LangChain (0.2+) and MCP (1.20+), supporting Python 3.10-3.13. It is open source under the fetchai/AEVS-sdk repository on GitHub. While currently in beta, the product offers a free tier with no pricing information disclosed on the site. The primary value proposition is clear: every tool call is signed, recorded, and independently verifiable. Whether you need to audit financial transactions, debug complex agent workflows, or comply with regulatory requirements, AEVS provides the cryptographic proof that separates an agent's claimed actions from its actual executed steps. This transforms agent operations from opaque black boxes into transparent, auditable chains of evidence that build trust and accountability in autonomous AI systems.
AEVS is designed for AI engineers developing autonomous agents with LangChain or MCP. It is also valuable for compliance officers who need tamper-evident proof of agent actions for regulatory audits. DevOps teams integrating agent execution verification into CI/CD pipelines will benefit from the public API. Additionally, teams handling sensitive data (e.g., PCI, healthcare) can use proof-only mode to minimize data retention while still proving execution. Enterprise architects seeking observability and reproducibility for agent workflows, as well as auditors requiring independent verification without codebase access, are key target segments.