SHA-256 · APPEND-ONLY · TAMPER-EVIDENT

Every AI decision.
Provably recorded.

BLACKBOX seals every reasoning step, tool call, and output your AI agent makes into a cryptographic hash chain. Any post-hoc alteration breaks the chain — detectably, permanently, and without requiring you to trust us.

Record your first run →Open dashboard
37runs recorded
311events sealed
4Merkle anchors
100%chain integrity
promptblackbox.com/dashboard
RUNS
STREAM
HEALTH
COST
LATENCY
INTEGRITY
SOC 2
REPORT
RECORDED RUNSAPPEND-ONLY · CHAIN-SEALED
37
total runs
311
events sealed
100%
chain integrity
2
models
run_meridian_003claude-sonnet-4-620 events⚠ 3 faults
code_review_91b62f70claude-sonnet-4-626 events✓ verified
h_cost_da287bf1claude-haiku-4-59 events✓ verified
compliance_gdpr_57b37024claude-sonnet-4-610 events✓ verified
fraud_monitor_e94580c4claude-sonnet-4-610 events✓ verified
GENESIS
00·sha256·07e5c3a1
REASONING
01·sha256·d4b2907e
TOOL_CALL
02·sha256·a18f6d4b
OUTPUT
03·sha256·7e5c3a18
SEAL
04·sha256·4b2907e5
The invariant that cannot break
hash = sha256(prev_hash + canonical_json(event))

Every event commits to all prior events. Alter anything — a single byte of a system prompt, a reasoning step, a token count — and every downstream hash changes. The chain breaks at that point. Verifiable in O(n) with stdlib sha256 only. No BLACKBOX infrastructure required.

01
Ingest
Your agent calls POST /v1/events or uses the SDK. The server assigns sequence, computes prev_hash, and seals the event. Append-only — there is no UPDATE or DELETE path for events. Ever.
02
Chain
hash = sha256(prev_hash + canonical_json(event_without_hash)). Genesis uses prev_hash = "GENESIS". Each event's hash is a commitment to every event that came before it. One tampered byte — the chain breaks from that point forward.
03
Anchor
Every day, all sealed runs are committed into a Merkle tree. The root is published. Any run can be proven to have existed before the root — with a log(n) inclusion proof. Independently verifiable from first principles.
04
Verify
GET /v1/audit/{run_id} returns a public certificate — no auth, share with any auditor or regulator. Chain validity is recomputed on read. No stored result to falsify. The math is the guarantee.
Who it's for

Built for the people accountable for AI risk.

CISO
"Prove to me this AI wasn't tampered with after the incident."
Chain integrity is cryptographically enforced. Tampered events break the chain from that point forward — detectable in milliseconds, without trusting any logs, databases, or BLACKBOX itself.
→ Chain integrity panorama→ SOC 2 TSC narrative
HEAD OF MODEL RISK
"How do I track fault rates, cost, and model drift across 50 agents?"
Every event carries model snapshot, token counts, latency, and cost. The leaderboard surfaces quality score, fault rate, and p99 latency per model from the immutable record — never from self-reported metrics.
→ Leaderboard→ Latency analytics→ Policy violations
PE OPERATING PARTNER
"We're deploying AI at six portfolio companies. What's our liability surface?"
One recorder across every agent. Compliance reports are date-filtered PDFs ready for risk committees. Legal hold prevents destruction. Retention policies handle GDPR right-to-erasure via crypto-shred without breaking the chain.
→ Compliance report→ Cost attribution→ Burn forecast
Zero-dependency SDK

Ten lines. Any agent. Any framework.

PythonTypeScriptHTTP (cURL)
pip install blackbox-sdk
import blackbox_sdk as bb

bb.configure(api_url="https://blackbox-gold.vercel.app")

with bb.run(
    "agent_001",
    model="claude-sonnet-4-6",
    system_prompt=SYSTEM_PROMPT,
    tools=["web_search", "calculator"],
    sampling={"temperature": 0.3},
) as run:
    run.reasoning("Planning next step")
    run.tool_call("web_search",
        inputs={"query": "Q3 revenue"}, result=hits)
    run.output(
        "The Q3 revenue was $4.2M",
        tokens_in=520, tokens_out=180,
        cost_usd=0.0042, latency_ms=1340,
    )
# ↑ Sealed automatically. Chain is provable.
Context manager pattern
Automatic seal on exit. Fault event recorded on unhandled exception.
Single dependency
Zero external dependencies — stdlib urllib only. Works in any Python 3.11+ environment.
Typed & explicit
Full type hints throughout. Every method is annotated — run.reasoning(), run.tool_call(), run.output().
Auto-instrumentation
bb.instrument() patches openai + anthropic at startup. Zero agent code changes — every LLM call is auto-recorded.
Retry & fail-open
3-attempt retry on transient errors. Never blocks your agent on recorder failure.
OTel compatible
Point your OTEL_EXPORTER_OTLP_ENDPOINT here. GenAI spans auto-convert.
15-minute tutorial

From zero to a verified, tamper-evident AI run.

Install the SDK, record your first run, and produce a cryptographic audit certificate — in the time it takes to read this page.

01
Install
pip install blackbox-sdk — zero external dependencies, stdlib urllib only.
02
Configure
One line: bb.configure(api_url="..."). No API key needed to start.
03
Record a run
Wrap your agent in a context manager. Every step is sealed into the chain automatically.
04
Verify the chain
GET /v1/audit/{run_id} returns a public certificate. Recompute with stdlib sha256 to prove it.
Start the tutorial →10 steps · working code · copy-paste ready
The proof

Don't trust us. Verify yourself.

01
Independent chain verification
Replay any run from the raw events using sha256 and canonical JSON. Zero BLACKBOX infrastructure. One Python function, 12 lines, stdlib only.
02
Merkle inclusion proof
Every run gets a sibling-path proof against the daily Merkle root. Prove a run existed before a given timestamp. Verify with log(n) hashes.
03
Public audit certificates
/v1/audit/{run_id} — no auth, share with any auditor. Chain validity computed fresh on every request. No cached result to falsify.
04
Tamper test in the repo
There is a pytest that alters a stored event and asserts the chain breaks. That test is run in CI and must always pass. It is the definition of done for anything touching the event store.
Pricing

Start free. Scale when you need to.

STARTER
Free
For developers and teams evaluating AI governance.
  • Up to 1,000 runs / month
  • Full hash chain & Merkle anchoring
  • Python + TypeScript SDK
  • OTel compatible
  • Public audit certificates
  • 90-day retention
Start free →
MOST POPULAR
PRO
$299/mo
For production AI systems with compliance requirements.
  • Unlimited runs
  • Everything in Starter
  • Legal hold & crypto-shred
  • SOC 2 narrative export
  • Compliance PDF reports
  • Slack & webhook alerts
  • Model upgrade regression testing
  • 1-year retention
Start free trial →
ENTERPRISE
Custom
For regulated industries, PE portfolios, and large deployments.
  • Everything in Pro
  • Dedicated infrastructure
  • Custom retention policies
  • Multi-tenant isolation
  • SLA + audit support
  • Procurement & MSA
Book a demo →
START IN 5 MINUTES

Your AI agents are making
consequential decisions.

You need a record that proves what happened — and proves it hasn't been altered. Not a log. A chain.

Start recording →Open dashboard
sha256 · append-only · Merkle-anchored · regulator-ready