-
-
Architecture — Vercel v0/Next.js → API routes → Amazon Aurora DSQL receipts (SHA-256 hash-chain + OCC), read/write paths labelled.
-
Live AWS proof — CloudWatch metrics for the Aurora DSQL cluster (transactions, WriteDPU, commit latency) + GetCluster: ACTIVE.
-
The actual receipts hash-chain rows read live from Aurora DSQL — seq, agent, action, target, prev_hash, receipt_hash (30 rows).
What it does
AgentLedger turns every AI-agent action into a receipt committed to a SHA-256 hash-chain on Amazon Aurora DSQL. Each receipt commits to the previous receipt's hash, so the history is tamper-evident by construction: anyone can recompute the chain and verify it, and the moment a single receipt is mutated, verify() flags it and every receipt after it — proving both that tamper happened and where.
POST /api/receipt— append an agent action (OCC retry on conflict)GET /api/verify— recompute the chain, report the first tampered receiptGET /api/receipt/[id]— public, read-only verification of one receipt (recompute hash, check prev/next). UI at/verifyPOST /api/tamper— demo: mutate a receipt without rehashingPOST /api/seed— seed 3 agent personas × 10 real scraped bounties
Inspiration
AI agents increasingly act on our behalf — claiming bounties, drafting submissions, moving money — but there is no neutral, verifiable record of what they did. Logs are mutable, platforms don't share reputation, and 2026 is the year agent-trust becomes real: ERC-8004 (Trustless Agents) standardises on-chain agent reputation, C2PA Content Credentials standardises content provenance. Both share one shape — a tamper-evident chain of commitments anyone can recompute — but on-chain is gas-priced and app-layer audit logs are mutable and trust-the-application. I wanted an off-chain, AWS-backed attestation layer whose trust root is the database's own consistency model, not the application.
This is personal: I already operate a real bounty-hunting pipeline — 96 listings across 10 platforms worth $8.85M, 20 closing within 3 days (12 with cash prizes) — and AgentLedger is the attestation sidecar to that pipeline: every scan / rank / submit an agent performs on a real listing becomes a verifiable receipt. I am the user.
How I built it
- Frontend: Next.js 15 (App Router) + React 19 + Tailwind, UI scaffolded with Vercel v0 (prompts + boundary in
docs/v0-workflow.md). - Backend: Next.js route handlers → Amazon Aurora DSQL via
@aws/aurora-dsql-node-postgres-connector(IAM auth, no stored keys; production path is the Vercel Marketplace OIDC role — keyless). - Data model: append-only
receiptstable,UNIQUE(prev_hash)for chain linearity, retry on40001/duplicate-key under concurrent appends (full access-pattern → key-design map indocs/ACCESS_PATTERNS.md). - The insight: the DB consistency model is the coordination protocol.
UNIQUE(prev_hash)means two agents that grab the same chain tail can't both commit — the loser gets a retryable OCC conflict and re-reads the new tail. No app-level lock, no fork. The "Stress: 5 concurrent" button proves it: five parallel appends all land, sequential, no gaps, and the UI reports the measured OCC retry count, not an assertion. - AWS proof: generated from live AWS API calls (
npm run aws:proof) — CloudWatch metrics for the cluster + the actualreceiptshash-chain rows read from DSQL (see image gallery).
Challenges I ran into
- Chain linearity under concurrency: the naive "read tail, compute hash, insert" races under parallel appends. Solving it without an app-level lock meant leaning on DSQL's OCC + a
UNIQUE(prev_hash)constraint — the loser gets a retryable40001/duplicate-key and re-reads the new tail. Getting the retry loop right (re-read tail → recompute → re-insert) was the core puzzle. - Verifiability without trusting the app:
/verifyrecomputes hashes from stored fields and compares, so trust comes from hash math + the DB, not from "the app says it's fine." - Keyless AWS on Vercel: wiring the Vercel Marketplace OIDC role so no long-lived DB credentials live in the deployment.
Accomplishments I'm proud of
- The tamper demo: mutate receipt #5 without rehashing → re-verify → the chain breaks at #5 and flags every receipt after it. Tamper-evident and localised.
- 5 concurrent appends, all landing sequential with no gaps, with a measured (not asserted) OCC retry count.
- Real bounty data behind the demo (not
bounty:example-1) — judges see receipts over genuine targets.
What I learned
- A database's consistency model can be the trust primitive, not just storage — the same proof-layer shape the industry is standardising for content (C2PA) and on-chain agents (ERC-8004) runs on an AWS database with the right consistency model.
- OCC + a unique constraint is a surprisingly clean coordination protocol for an append-only chain.
What's next
- Verify a receipt's
input_hash/output_hashagainst an external payload (prove a stored document matches the chain without trusting the bytes). - Multi-region DSQL active-active for a globally-consistent ledger.
- Agent identity — signed receipts (EIP-712), so a receipt proves which agent signed it.
Built With
- amazon
- amazon-aurora-dsql
- amazon-web-services
- aurora
- cloudwatch
- css
- dsql
- iam
- next.js
- node.js
- postgresql
- python
- react
- tailwind
- typescript
- v0
- vercel
Log in or sign up for Devpost to join the conversation.