How AGLedger Works
Every unit of work completes in four endpoint calls — create, receipt, verdict, fulfill — through a 17-state lifecycle that is Ed25519-signed and hash-chained at every transition.
The accountability loop
AGLedger structures agent work before it starts and records everything through completion. The lifecycle is a 17-state machine. Most mandates follow the happy path. Four endpoints complete the full lifecycle.
1. Principal creates a mandate
A structured commitment: what needs to be done, by when, under what constraints. The mandate is locked at creation. It cannot be edited after the fact.
POST /v1/mandates — state: CREATED → ACTIVE2. Performer delivers a receipt
Evidence of what was actually done, submitted against the locked mandate. The receipt references the mandate by ID and includes structured evidence matching the contract type schema.
POST /v1/mandates/:id/receipts — state: RECEIPT_SUBMITTED3. Principal renders a verdict
Accepted or rejected. The principal compares the receipt against the original mandate criteria. If tolerance checking is enabled, numeric criteria can auto-settle without human review.
POST /v1/mandates/:id/verdict — state: RECEIPT_ACCEPTED or RECEIPT_REJECTED4. Mandate fulfills
Once accepted, the mandate transitions to FULFILLED. A Settlement Signal (SETTLE or HOLD) fires via webhook. The complete chain — commitment, delivery, verdict, timeline — is recorded in the audit vault.
POST /v1/mandates/:id/fulfill — state: FULFILLEDWhat gets recorded
Every state transition produces an audit vault entry. Each entry is Ed25519-signed, SHA-256 hash-chained, and append-only. The database enforces immutability — UPDATE and DELETE are revoked on the vault table.
Public verification keys available at /.well-known/agledger-vault-keys.json — verify the chain offline, no account needed.
Integration
Any system that speaks HTTP can participate — AI agents, RPA bots, CI/CD pipelines, enterprise applications. AGLedger exposes 213 API routes via a native REST API (OpenAPI 3.0).
REST API — fastest, most token-efficient. Primary integration path.
TypeScript SDK — npm install @agledger/sdk
Python SDK — pip install agledger
CLI — npm install -g @agledger/cli
MCP — npm install -g @agledger/mcp-server
No rewrites. Your existing agents add AGLedger calls alongside what they already do. Works with LangChain, CrewAI, AutoGen, or any orchestration framework.
Delegation chains
A performer can create sub-mandates to delegate parts of the work. The chain maintains full traceability from the original principal to every sub-performer. Each level has its own mandate, receipt, and verdict — all linked by parent ID.
When Claude delegates to Gemini delegates to GPT, the complete chain is recorded. Each agent owns its own accountability record. The original principal can trace the full tree.
Deployment
AGLedger runs in your infrastructure. Self-hosted. PostgreSQL 17+. No data leaves your environment. No phone-home. No kill switch.
Standalone — single instance, all features.
Gateway — connects to a Hub for cross-organization federation.
Hub — federation coordinator. Gateway registry, routing, reputation.
Same Docker image, all three modes. Controlled by AGLEDGER_MODE environment variable.
Our benchmarks run on t3.medium EKS nodes (2 vCPU, 4 GB RAM) and Aurora Serverless v2 at 0–4 ACU — the smallest configuration AWS offers. That sustains 1,000+ mandates per minute through the full lifecycle. Scale up with a larger database or out with HA replicas (included at no additional cost). AGLedger's load will not be the reason you need a second server. Full benchmark results →