RootSign adds tamper-evident hash chains to LangGraph and CrewAI agent logs
RootSign is an open-source SDK that instruments LangGraph and CrewAI agents with SHA-256 hash chains, producing cryptographically verifiable audit logs that detect post-hoc tampering.
Score breakdown
RootSign fills a gap left by existing observability platforms by producing cryptographically verifiable, tamper-evident logs — artifacts that LangSmith and Langfuse, by the author's account, do not provide.
- 01RootSign is an SDK that instruments CrewAI and LangGraph agents with cryptographic audit logs.
- 02It applies a SHA-256 hash chain across every Action record in a session.
- 03The `rootsign verify` command detects any record modified after the fact.
RootSign is an open-source SDK created by oabolade after encountering a recurring problem while instrumenting LangChain and CrewAI agent pipelines: when a tool call went wrong, there was no way to prove what the agent did, in what order, or whether the logs had been modified. Existing observability platforms such as LangSmith and Langfuse were noted as strong tools for optimizing agent behavior, token usage, and costs, but they do not produce legally defensible or auditable artifacts.
The SDK also supports human-in-the-loop checkpoints through Approval records for specific agent actions, and performs PII redaction before hashing using a built-in `StandardPIIConfig`.
To fill that gap, RootSign adds a SHA-256 hash chain to every Action record in a session, making any after-the-fact modification detectable via the `rootsign verify` command. The SDK also supports human-in-the-loop checkpoints through Approval records for specific agent actions, and performs PII redaction before hashing using a built-in `StandardPIIConfig`. It currently supports LangGraph and CrewAI, with AutoGen support listed as coming soon. The system is local-first, running on Postgres and Timescale with no cloud dependency. Features explicitly noted as not yet available include a compliance dashboard, cloud backend, and policy engine, all of which are on the roadmap.
Key facts
- 01RootSign is an SDK that instruments CrewAI and LangGraph agents with cryptographic audit logs.
- 02It applies a SHA-256 hash chain across every Action record in a session.
- 03The `rootsign verify` command detects any record modified after the fact.
- 04Human-in-the-loop checkpoints are supported via Approval records for certain agent actions.
- 05PII is redacted before hashing using the built-in `StandardPIIConfig`.
- 06The system is local-first, running on Postgres and Timescale with no cloud dependency.
- 07AutoGen support, a compliance dashboard, cloud backend, and policy engine are on the roadmap.
Topics
Summary and scoring are generated automatically from the original article. We always link back to the publisher and never republish images or paywalled content. Last processed Jun 18, 2026 · 10:40 UTC. How this works →