One record, sealed link by link
Axyvera turns an AI coding session into a canonical, hash-chained stream, exports it as a signed bundle, and lets anyone verify it. Here's each layer.
Every event, hashed to the last
Each event is normalised to a canonical form (RFC 8785) and appended to a hash chain. The digest of every block folds in the digest of the one before it — so the history is ordered, append-only, and tamper-evident. Alter a byte and the chain stops verifying.
See the tamper-evidence guarantees →- session.started
- prompt.submitted
- tool.used · edit
- tool.used · shell
- session.completed
Honest capture for real agents
Axyvera captures the strongest officially-supported surface each tool exposes — and labels the provenance honestly. It never claims to observe what it only inferred.
Lifecycle hooks capture tool use and session boundaries.
axyvera codex exec wraps the JSONL stream — the strongest observed surface.
Interactive hooks with notify as corroboration only — never inflated.
Portable, signed, self-contained
session.axy/ ├─ manifest.json # files + digests ├─ stream.jsonl # the hash chain ├─ coverage.json # honest coverage └─ signature.ed25519 # over the manifest
Compare, roll back, report
$ axyvera compare run-a run-b 3 files changed · chain intact $ axyvera rollback latest --apply restored to sealed checkpoint $ axyvera report --html wrote evidence report
When "the AI did it" has to hold up
Regulated & audited teams
Attach a signed bundle to the work and hand an auditor a record they can verify themselves — with coverage stated honestly, not sold.
Code review & provenance
Ship a bundle with a PR so a reviewer can confirm what the agent actually changed, and that the history hasn't been rewritten.
Enterprise AI governance
Give an AI-usage policy something concrete to point at: a portable, tamper-evident trail that lives with the code, not in a dashboard.