Capture every agent decision, replay the exact failure, and prove your fix resolves it — with evidence a regulator or court will trust.
from notary import instrument @instrument(secret_key=NOTARY_KEY) def run_agent(application): # your existing agent — unchanged return agent.decide(application)
Five lines. Every run is recorded as a sealed, replayable commit.
When an AI agent makes a decision that harms someone, a regulator, auditor, or opposing counsel will eventually ask you to prove four things. Your logs answer none of them.
A log shows an error next to a model call. It can't show your agent's logic caused the outcome rather than a flaky network call or stale data. Notary re-runs the exact decision and shows it recur.
Shipping a patch shows you tried; it doesn't show it works. Notary runs your fix against the exact conditions that failed and proves the outcome changes — against the real API, not a mock.
A log file can be edited. Every Notary decision is cryptographically sealed the moment it happens and verifiable by anyone with a public key — no trust required.
Audits arrive long after the incident, when the engineer has left and the model is deprecated. Observability keeps hours; defensibility needs years. Notary evidence is self-contained and reproducible.
These are four different problems. A tool built to monitor production solves none of them — monitoring asks "what's happening now," defensibility asks "prove what happened then, to someone who doesn't trust you."
Others can show what an agent decided. Only Notary proves the fix resolves it — replaying from a sealed recording, and validating against the live API when the fix changes external behavior. Proof of remediation, not just proof of record.
HMAC-SHA256 + Merkle chain. Alter one byte and the proof breaks.
sha256(node) = HMAC(prev_hash, data)Replay runs against a cryptographically sealed recording of the incident's real responses — deterministic, millisecond-fast, and reproducible years later even if a provider changes or retires its test mode.
replay(cassette) → identical outputWhen a fix changes which external calls fire, Notary escalates to a real provider sandbox where available — so a fix is proven against live conditions, not just a recording.
fix changes calls → escalate to sandboxA cryptographically signed certificate (ECDSA/RSA) regulators and courts verify independently.
verify(cert, pubkey) → trueA lending agent denies a qualified applicant: credit score 650, threshold 700. The compliance team imports the run into Notary. Notary replays the recorded credit-check response from the sealed cassette — score 650, reproduced exactly, with no dependency on any live system. A developer branches an experiment lowering the threshold to 620. Because the fix changes only internal logic and issues no new external call, the same sealed responses drive the re-run: the agent now approves. Notary issues a signed Proof of Mitigation certificate — root cause, fix, test method, verified outcome.
For Developers
For Compliance & Legal — CISO · Compliance Officer · General Counsel
Seal runs with your own key; Notary never has to hold it.
Certificates signed with asymmetric keys — verify with a public key, no secret required.
Append-only, write-once evidence log. Nothing can be silently altered.
Evidence flows into ServiceNow, OneTrust, and AuditBoard, mapped to the right controls.
Evidence is a sealed, self-contained recording — replayable long after the incident, even if the underlying provider systems have changed or disappeared.
| Free | ProfessionalRecommended | Enterprise | |
|---|---|---|---|
| Price | Free forever | Contact us | Custom |
| For | Developers & small teams | Compliance + legal teams | Large orgs, critical infra |
| SDK: capture + HMAC sealing + local verify | ✓ | ✓ | ✓ |
| Framework support | Raw / basic | All frameworks | All + custom |
| Deterministic replay | Limited (free quota) | Unlimited | Unlimited |
| Sealed cassette replay | ✓ | ✓ | ✓ |
| Live sandbox validation (escalation) | — | Select providers (expanding) | + custom providers |
| Branching & experiments | 1 branch / incident | Unlimited | Unlimited |
| Mutation testing | Manual | Automated | Automated |
| Proof of Mitigation certificates | ✓ | ✓ | ✓ |
| Certificate signature | ECDSA | ECDSA + RSA | Custom |
| Compliance reports | — | All frameworks | Custom |
| GRC connections | — | Included | Unlimited + custom |
| Audit logging / RBAC | — | ✓ | ✓ |
| SSO | — | — | ✓ |
| SLA | None | 99.5% | 99.9% |
| Support | Community | Priority | Dedicated |
| Data retention | 30 days | 1 year | Custom |
| Install the SDK | Contact us | Talk to sales |
Usage limits and pricing shown are indicative and subject to change.
We replay from a cryptographically sealed recording of the real responses, replayed deterministically. When your fix changes which calls fire, we escalate to a real provider sandbox where one is available. The evidence is signed either way.
Because provider test environments change or disappear. A sealed recording from 2026 is still replayable in 2031. We optimize for evidence that survives the audit timeline.
We will get back to you at the email you provide.