DEV Community

João André Gomes Marques
João André Gomes Marques

Posted on

Replay what your AI agent did, step by step

#ai #python #security #opensource

If you're running AI agents in production, you probably have some form of audit trail already. Maybe signed receipts, maybe logs, maybe just hope. But here's the thing - when something goes wrong or an auditor shows up, nobody wants to read raw JSON.

They want to walk through what the agent did. Step by step. In order.

The problem with raw receipts

I've been building asqav for a while now, and the signed action receipts work great as cryptographic proof. Each action gets signed, each signature is chained to the previous one, and you get tamper-evident records of everything your agent did.

But proof and readability are different things. When you're debugging an incident at 2am or preparing for a compliance review, you need a timeline you can actually follow. Not a folder of JSON blobs.

asqav.replay()

The new replay feature takes your signed receipts and turns them into a walkable timeline. It fetches all actions for a given session, orders them chronologically, verifies the hash chain is intact, and hands you something you can actually read.

import asqav

asqav.init(api_key="sk_...")
timeline = asqav.replay(agent_id="agt_abc123", session_id="sess_xyz")

# Human-readable summary of what the agent did
print(timeline.summary())

# Each step in order
for step in timeline.steps:
    print(f"{step.timestamp} - {step.action} - {step.status}")

# Verify nothing was tampered with
assert timeline.chain_integrity  # True if hash chain is valid
Enter fullscreen mode Exit fullscreen mode

The chain integrity check is the key part. It doesn't just replay events - it re-verifies every link in the hash chain. If someone deleted a step, modified an action, or inserted something after the fact, it catches it.

Offline compliance bundles

Not every auditor wants to hit your API. Some want a self-contained package they can review independently. That's what export bundles are for.

# Export a compliance bundle with all signatures
bundle = asqav.export_bundle(signatures, "eu_ai_act_art12")

# Anyone can replay from the bundle - no API access needed
timeline = asqav.replay_from_bundle(bundle)
print(timeline.summary())
Enter fullscreen mode Exit fullscreen mode

The bundle includes all the signed actions, the public keys needed to verify them, and metadata about which compliance framework it targets.

Why this matters now

The EU AI Act Article 12 requires that high-risk AI systems maintain logs that enable "the reconstruction of the system's activity." Signed receipts are the proof that your agent did what it says it did. Replay is how you present that proof to someone who needs to understand it.

This isn't theoretical compliance. If you're deploying agents in the EU (or selling to companies that operate there), you'll need reconstructable audit trails. The regulation is already in force for some categories.

Try it

asqav is open source and the SDK is on PyPI:

pip install asqav
Enter fullscreen mode Exit fullscreen mode

The replay feature ships in the next release. If you want to get started with signed audit trails today, the quickstart takes about five minutes.

Repo: github.com/asqav/asqav

Top comments (0)