What is AI agent runtime enforcement?

Runtime enforcement for AI agents intercepts every tool call before execution, applying scoped permissions, injection scanning, rate limiting, and human checkpoints. AgentMint produces cryptographically signed receipts for each decision, creating tamper-evident audit trails.

How do you create an audit trail for AI agents?

AgentMint creates audit trails by producing Ed25519-signed, SHA-256 hash-chained receipts for every agent action. Each receipt includes the action, decision, reasoning, and cryptographic proof that can be verified independently using only OpenSSL.

What is a cryptographic receipt for AI actions?

A cryptographic receipt is a tamper-evident record of an AI agent action containing the action details, enforcement decision, Ed25519 digital signature, SHA-256 hash chain link, and RFC 3161 timestamp. It can be verified without any vendor using the included VERIFY.sh script.

Does AgentMint work with MCP (Model Context Protocol)?

Yes, AgentMint is framework-agnostic and includes an MCP server implementation in the mcp_server/ directory. It works with MCP, CrewAI, raw API calls, and any other agent framework.

Is AgentMint SOC 2 compliant?

AgentMint provides compliance evidence mapped to SOC 2 (CC6.1 Access Controls, CC7.2 Monitoring, CC8.1 Change Management, PI1.1 Privacy), HIPAA §164.312, EU AI Act Article 12, and NIST AI RMF. See COMPLIANCE.md for detailed mappings.

What is zero-trust for AI agents?

Zero-trust for AI agents means never implicitly trusting agent actions. Every tool call is verified against scoped permissions, scanned for injections, and cryptographically signed before execution. AgentMint enables zero-trust by enforcing these checks at runtime with vendor-independent verification.

AgentMint — Evidence layer for AI Agents in regulated industries

Name: AgentMint
Author: Aniketh Maddipati

THE PROBLEM

Your agent made a decision. Your buyer wants proof. You hand them logs they can't independently verify and dashboards that require trusting you.

That's not proof. That's a narrative.

AgentMint lets your agent prove itself - signed at the moment of action, independently verifiable by anyone, no vendor in the loop.

WHEN THE AGENT FAILS

A claim is disputed. Same agent. Two endings.

Without AgentMint

9:00 AM

Hospital billing calls the vendor. They don't know what the agent did. Only the vendor can tell them.

10:30 AM

Hospital IT joins the call. They have their own SIEM and forensics. None of it helps. They are passengers in someone else's process.

12:00 PM

GRC asks for evidence. The vendor's engineer screen-shares JSON. Legal is paged.

4:00 PM

Compliance won't sign off. The logs came from the vendor running the agent. That is testimony, not evidence.

NEXT AM

Integration paused. Manual review resumes. Three months of work, on hold.

→ Agent product out the window. The buyer never had a third option.

With AgentMint

9:00 AM

Hospital IT pulls the receipt for that agent action from their own evidence store. Signed at runtime with a key the vendor doesn't hold.

9:15 AM

They verify it themselves. One bash command. No vendor on the call. No waiting.

10:00 AM

Compliance sees policy held. They show the receipt to the auditor. To the customer. In court if they have to.

SAME DAY

Dispute resolved. Agent stays in production. The vendor was never the bottleneck.

→ The buyer had a third option. The deal holds. The receipt becomes track record.

HOW IT WORKS

Three steps. One artifact. Any auditor can verify it.

Instrument in under an hour

Run pip install agentmint and wrap your tool calls. No new services. No infra changes.

Every action becomes a signed receipt

Each agent action generates a tamper-evident receipt at the moment it happens - signed with your key, chained to the one before it, mapped to the compliance controls your buyer already audits.

Hand your buyer one file

Export a receipts ZIP and a verify script. Your buyer runs it on their own machine with your public key. Pass or fail. No dashboard. No access. No trust required.

BUILT TO DISAPPEAR

Three things engineers ask. Three honest answers.

HOW HARD IS IT TO ADD?

Wrap your tool calls with one function. Most agents need five lines. Works with LangChain, CrewAI, OpenAI Agents SDK, MCP, and Google ADK today.

WHAT DOES IT COST IN LATENCY?

Under 0.3ms per receipt. Less than your model's own jitter. You will not measure it in production.

WHAT IF AGENTMINT DISAPPEARS?

Your receipts stay verifiable forever. The verifier is 230 lines of stdlib Go. The spec - AERF, Agent Evidence Receipt Format - is open. You don't depend on us.

from agentmint.notary import Notary

notary = Notary()
plan = notary.create_plan(
    user="admin@company.com",
    action="claims-processing",
    scope=["read:patient:*", "submit:claim:*"],
    checkpoints=["appeal:*"],
)

receipt = notary.notarise(
    action="submit:claim:CLM-9920",
    agent="claims-agent",
    plan=plan,
    evidence={"tool": "submit-claim", "id": "CLM-9920"},
)

receipt.in_policy   # True
receipt.signature   # Ed25519 hex

Decorator and MCP proxy modes shipping next. Today: one line per tool call.

Logs are testimony.
Receipts are notarized records.

Today.

A folder of evidence. Logs from your stack, screenshots of your dashboards, a memo to explain them. Re-assembled before every InfoSec review.

AgentMint.

One file. Signed at the moment of each action, chained to the action before it. Your buyer runs the verifier on their own machine.

$ verify receipts.zip

✗ chain broken at receipt 412 of 847

action: submit:claim:CLM-7491

expected: a1f3c8e2...c3e1

found: 9b4f7d11...4e22

The chain points to the action. Not you.

WHO IT'S FOR

Your enterprise deal is stalling

You have SOC 2. Your buyer's InfoSec team is asking questions your cert doesn't cover - specifically what your AI agent decided and why. Let your agent prove itself. One file. One command. Deal moves.

Healthcare AI, fintech AI, legal tech - anywhere AI decisions get scrutinized.

You're getting HIPAA or AIUC-1 certified

AgentMint generates pre-mapped evidence at the moment of agent action. You arrive at your audit already prepared. Prescient Security validates the receipt format.

Your competitor has a PDF.

GET STARTED

Design your first receipt.

Tell me about your agent. I'll instrument it with you on a call this week. Receipts your CISO can verify by Friday.

WHAT DOES YOUR AGENT DO?

STACK

WHERE ARE YOU IN THE SALE?

YOUR ROLE

Pilot engagement is $2,500. I take three a month. I review every submission personally and respond within 24 hours. Currently onboarding design partners in healthcare billing and financial services.

Six years at Capital One on both sides of vendor evidence reviews. Built C1's first ML account takeover detection at 10,000 TPS. Got C1 legal to greenlight Google Vertex AI a year ahead of schedule. AgentMint is what I wished those systems could do.

- Aniketh Maddipati, founder

Or self-host: . Forever free.

COMMON QUESTIONS

Deployment

Where does this run?

Your machine, your process, your container. Nothing leaves unless you push it. The private key never touches any service. You share the public key with your buyer so they can verify.

Security

What if someone edits the receipt file?

The signature breaks. Each receipt is signed at creation time with Ed25519, and the chain links each receipt to the previous hash. Alter one byte - verification fails instantly, and the verifier points to the exact action that was tampered with.

Integration

We already use LangSmith and Datadog. Why add this?

Those tools are for you. This is for your buyer. AgentMint gives them one artifact they can verify themselves without trusting your ops narrative.

Product

What about a managed dashboard or hosted storage?

Coming. The current free library and paid pilot cover what early customers actually need this quarter. As patterns repeat - fleet-wide rollouts, long-term storage, verification-as-a-service for buyers - the hosted layer will follow.

Logs are testimony.
Receipts are notarized.

Every company deploying AI agents will eventually be asked to prove those agents behaved correctly. AgentMint is the open standard for that proof - signed, chained, independently verifiable by any third party without trusting you.

Mastercard open-sourced the same cryptographic-receipt primitive for AI transactions with Google and Fiserv. AgentMint is the equivalent for agent actions. The category is being defined right now.

The audit has been preparing itself since day 1.

OPEN SOURCE

SOC 2 - HIPAA - EU AI Act - AIUC-1 - NIST AI RMF - SR 11-7

Full control mapping →