AEVS

AEVS (Agent Execution Verification System) is an open-source Python SDK built by Fetch.ai that intercepts AI agent tool calls and produces cryptographically signed, hash-chained receipts for every action. Currently in beta (v0.2.2), it integrates with LangChain, LangGraph, and the Model Context Protocol (MCP) with zero changes to existing agent code.

What It Is

AEVS addresses a fundamental gap in AI agent observability: model-generated text describes intent but does not constitute proof of execution. When an agent says "Refund sent," there is no portable, independently verifiable record of which tool ran, with which inputs, or what the API returned. AEVS fills that gap by sitting between the agent and its tools, capturing every invocation and sealing it with an ECDSA P-256 signature backed by a KMS, then linking each receipt to the previous one via a hash chain. The result is a tamper-evident audit trail that auditors can verify using only a reference_id — no access to the codebase or agent logs required.

How the Receipt Chain Works

The SDK operates in three stages on every tool call:

• Catch — AEVS intercepts the invocation and records tool name, inputs, output, timing, and any errors.
• Sign — Each receipt is ECDSA-signed (P-256) and linked to the previous receipt's hash, so any alteration or skipped entry is detectable.
• Verify — Anyone with a reference_id can call the public verify API (GET /v1/receipts/verify/<reference_id>) or use the web explorer to confirm the signature independently.

Receipts are buffered locally in an encrypted SQLite database before being flushed to the AEVS backend over HTTPS via a background thread, making the flow crash-safe.

Visibility Controls

AEVS gives developers three receipt visibility modes, set per agent at configuration time:

• public — Full tool payloads (inputs, outputs, metadata) are visible to anyone with the reference_id or explorer access. Suited for demos and shared audits.
• private (default) — Full payloads are stored and accessible to the account owner; public verify and explorer show [REDACTED] for inputs and outputs.
• proof_only — Inputs and outputs are stripped before ingest; only hashes and metadata are kept. Designed for PCI, health, or other regulated data that must not be persisted.

A separate per-agent dashboard toggle controls whether an agent's receipts appear on the public explorer listing at all, while the verify API remains functional as long as the caller has the reference_id.

Setup Path

Installation is a single pip command with optional framework extras:

• pip install aevs for the base SDK
• pip install aevs[langchain] for LangChain / LangGraph (requires langchain-core >= 0.2)
• pip install aevs[mcp] for Model Context Protocol (requires mcp >= 1.20)

Configuration requires an AEVS_API_KEY and AEVS_AGENT_ID, which can be passed directly or set as environment variables. If credentials are missing, the SDK logs a warning and runs in no-op mode — the agent continues to function normally, receipts simply are not recorded.

Update: v0.2.2

The latest release is v0.2.2, published on June 9, 2026. The repository was created in April 2026 and last pushed in June 2026, indicating active early development. The homepage banner explicitly marks AEVS as beta, noting that APIs and the explorer may change. The SDK is licensed under Apache 2.0 and the source is publicly available at fetchai/AEVS-sdk on GitHub.