Quickstart — The 3-line integration

Install

bashnpm install @nobulex/langchain

Wrap your agent

typescriptimport { nobulex } from '@nobulex/langchain' const agent = nobulex.wrap(yourAgent, { covenant: 'your-policy-id' }) const result = await agent.invoke(input) // same call, same result

That is the entire integration. Every LLM call, tool invocation, and chain step inside yourAgent is now intercepted and recorded as a signed evidence item. The agent still returns the same result. Your code does not change. Your downstream consumers do not change.

Pull the receipts

typescriptconst auditLog = await agent.getAuditLog() // → { items, merkleRoot, signature, signerPublicKey, agentId, covenant, ... } const integrity = await agent.verifyIntegrity() // → { valid, errors, totalItems, merkleRoot, signatureValid }

Every action is hash-chained into a Merkle tree. The root is signed with the agent's Ed25519 private key. Any third party — auditor, insurer, regulator, opposing counsel — can verify the integrity against the public key, independently, without trusting your logs.

See it run.

Clone the repo and run the example. Hermetic — no API keys required, simulated LangChain runnable, real Ed25519 signing, real Merkle tree, real verification.

bash# clone and run git clone https://github.com/arian-gogani/nobulex cd nobulex npx tsx examples/paper-trail.ts

Expected output (excerpt)

═══════════════════════════════════════════════════════════════════════ Nobulex — the paper trail for AI agents Wrap any LangChain runnable. Every action becomes signed evidence. ═══════════════════════════════════════════════════════════════════════ STEP 2 Your agent makes a decision. Same code as before. Application: APP-2026-05-10-78421 Amount: $45,000, Income: $92,000, Credit: 742 ✓ Decision: APPROVED Reason: Credit score 742 ≥ 680 and debt-to-income ratio 0.12 < 0.40 STEP 3 A signed paper trail was silently produced. Agent ID: loan-agent-prod-east-1 Covenant: lending-policy-v3 Actions logged: 10 Action timeline: ├─ chain_start hash:2823407685d8… ├─ llm_start hash:8a7681554ad8… ├─ llm_end hash:22867053f516… ├─ tool_start hash:4e38c6332f80… ├─ tool_end hash:3bf39c20a7f2… ├─ tool_start hash:815e4e0c9f1f… ├─ tool_end hash:c3d2937544e8… ├─ llm_start hash:46a1a4d0e15a… ├─ llm_end hash:fb0abf47000f… └─ chain_end hash:42a01ff93689… Merkle root: 34a61a01be078e06e00224f051c72f30266a450699c5f98f… Signature: 1b9c1d93f56da0dc87eeffd214df4b221b570be7e7cce969… STEP 4 Anyone can verify the paper trail. ✓ Integrity check passed Items verified: 10 Signature valid: true

Why this exists.

Your AI agents are making consequential decisions — approvals, denials, recommendations, tool calls with real side effects. When something goes wrong, the first question every CEO, regulator, auditor, and opposing counsel asks is the same: show me the paper trail.

Right now you have server logs. Logs are what IT keeps for debugging. A paper trail is what the company keeps for accountability. The difference is not academic.

Server logs (CloudTrail, Datadog, LangSmith)

You control them — therefore self-serving evidence
Tampering is not cryptographically prevented
Discovery counsel attacks them first
Insurance can't price them as evidence

Nobulex bilateral receipts

Hash-chained — tampering is detectable
Signed — origin is provable
Independently verifiable — no need to trust you
Same evidence holds up in court, audit, and underwriting

Your humans have paper trails. Your AI agents don't. We fix that.

What's in the box.

The @nobulex/langchain package ships now. It is MIT licensed, ~5KB minified, has one peer dependency (@langchain/core, optional), and uses Web Crypto for signing — no native modules.

What's working today

nobulex.wrap() with full LangChain Runnable interface compatibility
Automatic interception of LLM, chain, and tool lifecycle events
SHA-256 hashing, Merkle tree construction, Ed25519 root signing
Independent integrity verification
EU AI Act Article 12 formatted compliance reports

What's coming next

Hosted receipt registry with cross-org verification (Q3 2026)
Insurance carrier integration (Armilla design partnership, in progress)
Drift detection feeding the Agent Reliability Index
Native adapters for LlamaIndex, AutoGen, CrewAI, Claude Agent SDK

Honest note. This is v0.2.1. The integration works end-to-end, but Nobulex is early. Receipts are currently signed with ephemeral per-session keys; the hosted registry that lets you re-verify a receipt months later from a stable public-key index is on the Q3 roadmap. If you are deploying agents in production today and want a paper trail, the integration is real. If you need third-party verification by a specific date for a specific regulatory deadline, talk to us first — we will be honest about what is shipped and what is in flight.

Get going.

View on GitHub → View on npm Agent Reliability Index Talk to us

The 3-line integration.