I have running into the same problems recently instrumenting my LangChain and CrewAI agent pipelines. If something goes wrong with a tool call, there was no way to way to prove what the agent did, in what order, and whether the logs have been modified. Observability platforms like LangSmith and Langfuse are great at optimizing for agent behavior, tokens and costs but they do not produce legally defensible and auditable artifacts. That's the reason why I decided to build RootSign, an SDK that instruments your CrewAI and LangGraph agents and produces cryptograhic audit logs for CrewAI and LangGraph agents. RootSign adds a cryptographic hash chain to every tool call. If any record is modified after the fact, "rootsign verify" detects it.
What id does: - SHA-256 hash chain across every Action record in a session - Human-in-the-loop checkpoints with Approval records for certain agent actions - PII redacted before hashing (StandardPIIConfig out of the box) - Works with LangGraph and CrewAI — AutoGen coming soon - Local first (Postgres + Timescale) — no cloud dependency
What it doesn't do (yet): compliance dashboard, cloud backend, policy engine, all on the roadmap.
Please try it out on the Github repo, contributions and feedback are always welcome.
Comments URL: [https://news.ycombinator.com/item?id=48574777](https://news.ycombinator.com/item?id=48574777)
Points: 1