Verifiable AI agents

Your AI agents act on your behalf. Now prove what they did.

Zanii turns every move an agent makes into a signed, hash-chained receipt, anchored to a public blockchain and verifiable by anyone. Proof, not logs.

Start buildingOpen the explorer →
A faceted cobalt seal of proof with champagne-gold edges
Signdid:key · ed25519
AppendMerkle log
Anchoron Base
Verifyby anyone
Proofs recorded
Verified agents
On-chain anchors
The problem

Your agents act. Nobody can prove what they did.

AI agents now touch real systems, calling tools, moving money, accessing customer data. But the only record is a log you could quietly edit. When an auditor, a customer, or a court asks “what did your agent actually do, and who authorized it?”, “trust our database” is not an answer. Zanii makes the answer cryptographic.

How it works

Proof, not promises.

A cobalt Merkle-tree lattice converging to one gold node
  1. 01 · Identity & delegation
    Scoped authority, provable

    Every agent gets a cryptographic identity, delegated by its owner with scoped, expiring authority. An agent can never do more than the human behind it.

  2. 02 · Signed receipts
    Tamper-evident by math

    Each action becomes an Ed25519-signed, hash-chained receipt in an append-only Merkle log. Deleting, altering, or reordering any receipt is mathematically detectable.

  3. 03 · Public anchoring
    Immutable, even to us

    The log's fingerprint is periodically written to Base, so not even Zanii can rewrite history. Verify any proof with the open SDK.

Live on the log

Watch it happen.

Open the explorer →
ledger.zanii.agency · live receiptsconnecting
09:22:12tool_call · whatsapp.send z6MkiB…FWLbrecorded
08:45:29tool_call · task.update z6MkiB…FWLbrecorded
08:44:40tool_call · task.create z6MkiB…FWLbrecorded
07:07:21tool_call · save_resource z6MkkW…CmPRrecorded
07:07:19tool_call · list_inventory z6MknP…nXthrecorded
07:07:15tool_call · lookup_contact z6MkfJ…SXMNrecorded
07:07:13tool_call · search_documents z6MkeZ…xamLrecorded
07:07:10tool_call · message_person z6MkkX…GSVsrecorded
One line per tool

Wrap a tool. Get a proof.

Point the SDK at any function your agent already calls. It signs, hash-chains, and submits the receipt for you. The tool behaves exactly as before.

@zanii/sdkzanii · python@zanii/mcp-proxydid:key
// every call becomes a provable receipt
import { ZaniiAgent } from '@zanii/sdk'

const zanii = new ZaniiAgent({
  serverUrl, agentDid, agentPrivateKey, delegation, apiKey
})

const sendEmail = zanii.wrapTool('email.send', realSendEmail)
// sendEmail works exactly as before —
// and is now cryptographically recorded.
Built in

Everything you need to make agents accountable.

Proof-of-action

Signed receipts attributable to one agent identity. Forgery needs the private key.

Scoped delegation

Owner-signed, expiring authority with one-click revocation. Least privilege, provable.

Merkle proofs

Inclusion & consistency proofs (RFC 6962) — the log is provably append-only.

On-chain anchoring

Tree heads anchored to Base, so history is immutable even to the operator.

Audit bundles

Self-contained, offline-verifiable exports mapped to EU AI Act & SOC 2 needs.

Cross-org receipts

Two agents co-sign one neutral proof. ERC-8004 compatible identities.

The whole point

Trust no one — including us.

The protocol is open. Every proof is checkable offline with our SDK or your own code. The ledger’s fingerprint lives on a public blockchain. You never have to take our word for anything, that is the point.

Open the live log and verify a proof →
A cobalt-and-gold cryptographic seal anchored into a marble block
Open protocol · verify offlineOn-chain anchored · BaseERC-8004 compatibleRFC 6962 Merkle proofsWorks with Claude · GPT · Gemini · any MCP client
Try it

Verify a receipt yourself.

Paste any receipt hash. We fetch it with its Merkle inclusion proof and the signed tree head straight from the public API, the same bundle you could verify offline.

Open protocol · Apache-2.0

Make your agents provable.

Read the docsView on GitHub