Capture, replay, and verify your AI agents' production runs — with regulatory-grade evidence that stands up in court.
from notary import instrument @instrument(secret_key=NOTARY_KEY) def run_agent(application): # your existing agent — unchanged return agent.decide(application)
Five lines. Every run is recorded as a sealed, replayable commit.
When an AI agent makes a decision that harms someone, a regulator, auditor, or opposing counsel will eventually ask you to prove four things. Your logs answer none of them.
A log shows an error next to a model call. It can't show your agent's logic caused the outcome rather than a flaky network call or stale data. Notary re-runs the exact decision and shows it recur.
Shipping a patch shows you tried; it doesn't show it works. Notary runs your fix against the exact conditions that failed and proves the outcome changes — against the real API, not a mock.
A log file can be edited. Every Notary decision is cryptographically sealed the moment it happens and verifiable by anyone with a public key — no trust required.
Audits arrive long after the incident, when the engineer has left and the model is deprecated. Observability keeps hours; defensibility needs years. Notary evidence is self-contained and reproducible.
These are four different problems. A tool built to monitor production solves none of them — monitoring asks "what's happening now," defensibility asks "prove what happened then, to someone who doesn't trust you."
Others can show what an agent decided. Only Notary re-runs the corrected agent against the real failing conditions and proves the fix resolves it. Proof of remediation, not just proof of record.
HMAC-SHA256 + Merkle chain. Alter one byte and the proof breaks.
sha256(node) = HMAC(prev_hash, data)Real provider sandboxes (Stripe test mode, GitHub, Salesforce) — not mocks that drift.
replay(run_id) → identical outputA cryptographically signed certificate (ECDSA/RSA) regulators and courts verify independently.
verify(cert, pubkey) → trueA lending agent denies a qualified applicant: credit score 650, threshold 700. The compliance team imports the run into Notary. Notary provisions a Stripe test environment, restores the applicant data, and replays the credit check — score 650, reproduced exactly. A developer branches an experiment lowering the threshold to 620. Notary re-runs the branch, diffs it against the original: the agent now approves. Notary issues a signed Proof of Mitigation certificate — root cause, fix, test method, verified outcome — ready for the regulator.
For Developers
For Compliance & Legal — CISO · Compliance Officer · General Counsel
Seal runs with your own key; Notary never has to hold it.
Certificates signed with asymmetric keys — verify with a public key, no secret required.
Append-only, write-once evidence log. Nothing can be silently altered.
Evidence flows into ServiceNow, OneTrust, and AuditBoard, mapped to the right controls.
| Free | ProfessionalRecommended | Enterprise | |
|---|---|---|---|
| Price | Free forever | Contact us | Custom |
| For | Developers & small teams | Compliance + legal teams | Large orgs, critical infra |
| SDK: capture + HMAC sealing + local verify | ✓ | ✓ | ✓ |
| Framework support | Raw / basic | All frameworks | All + custom |
| Deterministic replay | Limited (free quota) | Unlimited | Unlimited |
| Real sandboxes | Stripe only | Stripe, GitHub, Salesforce | + custom providers |
| Branching & experiments | 1 branch / incident | Unlimited | Unlimited |
| Mutation testing | Manual | Automated | Automated |
| Proof of Mitigation certificates | ✓ | ✓ | ✓ |
| Certificate signature | ECDSA | ECDSA + RSA | Custom |
| Compliance reports | — | All frameworks | Custom |
| GRC connections | — | Included | Unlimited + custom |
| Audit logging / RBAC | — | ✓ | ✓ |
| SSO | — | — | ✓ |
| SLA | None | 99.5% | 99.9% |
| Support | Community | Priority | Dedicated |
| Data retention | 30 days | 1 year | Custom |
| Install the SDK | Contact us | Talk to sales |
Usage limits and pricing shown are indicative and subject to change.