HaltState AI: Proof Packs: Cryptographic Evidence for AI Agent Actions
How to build tamper-evident audit trails: what to log, how to hash and sign events, and how to export evidence for audits and incidents.
If an AI agent performs high-stakes actions, ordinary logs are not enough.
Traditional logs are built for debugging. They are:
- easy to delete
- easy to edit
- easy to misinterpret
- rarely tied to a specific policy decision or approval
When compliance, incident response, or regulators get involved, you need a stronger artefact:
Evidence you can prove has not been tampered with.
That is the purpose of a Proof Pack: an exportable, verifiable bundle of runtime facts about what an agent attempted, what was allowed or blocked, who approved what, and why.
What a Proof Pack is
A Proof Pack is a structured evidence bundle containing:
- an event timeline of agent actions
- the policy evaluations and decisions taken
- any human approvals and identities
- relevant system versions and configuration identifiers
- cryptographic integrity checks (hashes, signatures)
A Proof Pack is designed to be:
- exportable (JSON for engineering, PDF for auditors)
- tamper-evident (you can verify integrity later)
- minimally sufficient (it contains what you need, not everything)
What you should include (and what you should avoid)
Include
- action name (
payment.process) - time and scope (session, agent, fleet)
- request metadata (who/what initiated the action)
- policy matched and policy version
- decision (allow, deny, approval required, quarantined)
- approvals (approver identity, timestamp, justification)
- tool call details (input/output) with redaction controls
- system identifiers (deployment version, policy engine version)
Avoid
- storing full sensitive payloads when a tokenised or redacted version is sufficient
- logging secrets, credentials, or raw personal data unnecessarily
- logging full prompt chains if a structured action record provides better clarity
Evidence must be balanced with privacy and security.
The simplest cryptographic design that works
You do not need exotic cryptography. You need disciplined engineering.
A practical approach:
- Canonicalise each event — stable field order, stable serialisation format
- Hash each event — for example, SHA‑256
- Chain the hashes — each event includes the previous hash
- Sign checkpoints — sign a periodic checkpoint hash with a private key
- Export — include the chain, signatures, and verification instructions
This creates tamper evidence:
- if any event is altered, the chain breaks
- if the chain is broken, the signature verification fails
Key management matters more than algorithms
The strongest cryptography fails if keys are mishandled.
Minimum requirements:
- private keys stored in a secure key management system
- strict access control and rotation
- audit logs for key use
- separation of duties (operators should not be able to rewrite evidence)
Proof Packs in incident response
When an incident occurs, the question becomes:
- What happened?
- What did the system allow?
- What did it block?
- Who approved what?
- When did you detect it?
- What did you do about it?
A Proof Pack should let you answer those questions quickly.
A good operational target:
- generate a Proof Pack in minutes
- not by assembling logs manually
- but by exporting a standard artefact
Proof Packs in audits and compliance
Auditors want:
- consistent evidence
- repeatable outputs
- clear mapping from policy to enforcement
- proof of change management
A Proof Pack supports that by bundling:
- the policy decision
- the enforcement record
- the approval record
- the integrity checks
Where HaltState fits
HaltState is designed to generate cryptographically verifiable audit trails and export Proof Packs as evidence of policy enforcement and decision-making at runtime. If you want agent governance that you can prove, evidence must be part of the platform, not an afterthought.
Start Free TrialFrequently asked questions
Are Proof Packs the same as logs?
No. Logs are raw signals. Proof Packs are structured, verifiable evidence bundles designed for audits and incidents.
Do I need signatures, or are hashes enough?
Hashes detect change, but signatures prove authenticity. For high-stakes evidence, you want both.
Will Proof Packs slow systems down?
A well-designed pipeline is mostly append-only and can be efficient. The enforcement path must stay fast; evidence generation can be asynchronous as long as integrity is preserved.
Should Proof Packs include prompts?
Usually no. Prompts are often sensitive and noisy. Structured action records are more useful. If prompts are included, redact aggressively.
What about privacy requirements?
Proof Packs should be designed with data minimisation and redaction. Evidence can be strong without being invasive.
How do I validate a Proof Pack later?
The pack should include verification instructions: hash chain validation and signature verification using the public key.