provenrail
Quickstart
Record your first run in 60 seconds
Install the SDK, wrap your agent, and verify the result yourself. No account is required to use the open-source software. Python and TypeScript are byte-for-byte compatible.
Install
Python 3.11+ (for the SDK, sink, and verifier):
pip install provenrailTypeScript / Node 20+ (recording SDK):
npm install provenrailPython quickstart
One command sets up a local sink and writes .provenrail.json, so your code carries no URLs or tokens:
pr quickstart # starts a local sink + writes configThen two lines in your code:
import provenrail as fr
with fr.record("my-agent"):
... # your agent runs; model and tool calls are capturedfr.record(...) provisions a stream, opens a signed session, and seals and drains it
off-box when the block exits. A decorator form exists too: @fr.recorded("nightly-job").
Stop the local sink with pr quickstart --stop; point at your own sink with
pr quickstart --url <URL>.
Drop-in capture (one line per SDK)
from provenrail.integrations import instrument_openai, instrument_anthropic, instrument_mcp
instrument_openai(openai_client, fr) # every model call captured
instrument_anthropic(anthropic_client, fr)
instrument_mcp(mcp_session, fr) # every MCP call_tool capturedTypeScript quickstart
import { record } from "provenrail";
await record("my-agent", async (pr) => {
await pr.recordModelCall("openai", "gpt-5", { prompt }, out, { usage });
});A run recorded in TypeScript is byte-for-byte compatible with one recorded in Python: the same sink accepts it and the same two verifiers prove it. Node 20+ is required (WebCrypto Ed25519).
Verify a run
Verification trusts neither the agent nor the sink. Anyone can run it, with no account:
pr verify bundle.json --pin pin.jsonOr verify in your browser, with the bundle never leaving your device: provenrail.com/verify. Try the live verified demo or watch it catch a tampered run.
CLI reference
pr quickstart # local sink + config, zero tokens
pr demo # records a session, anchors it, writes bundle.json + pin.json
pr verify bundle.json --pin pin.json # verify, trusting nobody
pr report --regime eu-ai-act bundle.json --md # regulatory attestation
pr pack bundle.json # self-contained evidence pack (zip) for auditors
pr diff run-a.json run-b.json # diff two runs with provable fidelity
pr ots-verify proof.ots --data-sha256 H # verify a Bitcoin (OpenTimestamps) proof
pr serve --anchor rfc3161 # run the sink yourself (real trusted time)
pr sidecar --upstream https://api.openai.com # out-of-process capture proxy
pr witness --log <origin>=<pubkey> # independent witness on separate infraSelf-host the sink
The sink is the append-only server that receives records. You run it; your records never reach us. For real third-party trusted time, anchor with RFC 3161:
pr serve --anchor rfc3161 --tsa https://freetsa.org/tsrOr with Docker:
docker compose uppr sidecar as an outbound proxy and
lock model egress to it, so capture is mandatory rather than a default. Add --fail-closed
to refuse any call that cannot be recorded.Licensing
Provenrail is open-core and dual-licensed:
- MIT covers the client SDKs, the
pr verifyverifier, the in-browser verifier, and the spec. Use them anywhere, including commercially. - AGPL-3.0-or-later covers the server (the sink). If you run a modified sink as a network service, AGPL applies. A commercial license removes that obligation and is included with a paid plan.
Get a commercial license key from your account. It validates offline and unlocks commercial and Pro features in the self-hosted server.
Source and spec
The wire format and verification steps are a frozen, public specification, so a third party can write an independent verifier and check the same bundles. The in-browser verifier at /verify is a second, independent implementation of that spec, kept in lockstep with the Python one. Source code is open under the licenses above.
Back to provenrail.com