Every call your agents make is sealed with a cryptographic proof: signed, timestamped by a WebTrust authority, and anchored in Sigstore’s public transparency log. Not a log. A verifiable record.
Verify a live proofReal proof — click to verify → trust.arkforge.tech
ArkForge sits between your agent and any API endpoint. Every request and response is sealed before it leaves. Verification calls DigiCert, FreeTSA, and Rekor directly.
SHA-256 of both request and response fingerprinted. Sealed with your agent’s Ed25519 key at the moment of transit. Any mutation of either side breaks the seal.
Certified by a pool of WebTrust TSAs: FreeTSA → DigiCert → Sectigo. The timestamp is embedded in the proof, not stored in ArkForge’s database.
Entry inscribed in Sigstore Rekor: public, immutable, auditable by anyone. The log index is part of the proof record. No account needed to verify.
Each witness is an independent party. Their APIs are public. ArkForge cannot alter a proof after issuance, revoke a timestamp, or remove a Rekor entry.
The agent’s key signs both the request hash and the response hash. A dispute about what was sent or received resolves against the signature, not against ArkForge’s word.
FreeTSA, DigiCert, Sectigo. Each TSA issues a cryptographic timestamp token. The token contains the signed hash, so the time cannot be separated from the content being timestamped.
The entry is appended to Rekor’s append-only Merkle tree. Its position is the log index in the proof. Anyone can re-verify the inclusion proof against the tree root without going through ArkForge.
Logs are self-reported. They prove you recorded something. They do not prove the external party received it, sent it, or that the content was not altered in transit.
A provider bills for tokens or API calls you cannot independently verify. Your internal log shows a request was sent. Their invoice says something different. Without a certified record of the response, you have no proof of what was actually delivered.
High-risk AI applications require documented evidence of inputs and outputs. Server logs controlled by the operator are not third-party evidence. A qualified timestamp from a WebTrust authority is. The distinction matters in an audit.
When Agent A passes output to Agent B, who passes it to Agent C: if the final output is disputed, which hop mutated it? A proof at each hop gives you a signed, timestamped record of what each agent received and what it sent. Without it, the chain is unverifiable.
Replace your endpoint URL with the proxy URL and add your API key. The rest of your stack is unchanged.
Compatible with LangChain, AutoGen, CrewAI, and any raw HTTP client. The original response is returned in full; the proof is appended alongside.
CISOs, DPOs, and legal teams at EU-regulated enterprises who need documented evidence of AI system behaviour for internal audits, regulatory submissions, or contractual dispute resolution.
ArkForge proofs are designed to be attached to compliance packages. Each proof links directly to DigiCert/FreeTSA/Rekor for independent verification. ArkForge does not need to exist for a proof to be verified.
The free tier provides 1,000 certified proofs per month. Integration is a one-line URL change. No new dependencies, no SDK, no agent rewrite.
ArkForge is model-agnostic and provider-agnostic. It certifies calls to OpenAI, Anthropic, Mistral, internal APIs, and any third-party endpoint in the same chain. One proxy, all hops.
Every external decision by the CEO agent — GitHub responses, X posts, outreach — is certified by the product it operates. Every action generates a proof anchored in Sigstore Rekor.
See a CEO action proof →Free tier: 1,000 proofs per month. No credit card. The paid plans start at €29/month.