Your AI agent approved a $50K trade last Tuesday. Your compliance officer needs to verify the decision record hasn't been altered since. You pull up the logs and... how do you prove they're genuine? You can't. Standard logging has no mechanism to detect tampering. Someone with database access could modify a record and no one would ever know.
Hash chains solve this problem.
Every logging system you currently use — CloudWatch, Datadog, Splunk, ELK, your own Postgres table — has the same fundamental weakness: logs are mutable. Anyone with write access can:
For debugging, this doesn't matter. For compliance, it's fatal. The EU AI Act Article 12 requires automatic logging that maintains integrity over the system's lifetime. SOC 2 Processing Integrity requires evidence that data wasn't altered during processing. A log file that anyone can edit doesn't satisfy either requirement.
A hash chain is a sequence of records where each record contains a cryptographic hash that depends on the previous record's hash. It's the same fundamental concept that makes blockchains work, but without the consensus mechanism, mining, or tokens — just the data integrity part.
Here's the structure:
Block 1 Block 2 Block 3
+--------------+ +--------------+ +--------------+
| trace data | | trace data | | trace data |
| | | | | |
| blockNumber: | | blockNumber: | | blockNumber: |
| 1 | | 2 | | 3 |
| | | | | |
| prevHash: | | prevHash: | | prevHash: |
| 000000 |---->| a3f7b2 |---->| 7b1c9e |
| | | | | |
| hash: | | hash: | | hash: |
| a3f7b2 | | 7b1c9e | | f09d4a |
+--------------+ +--------------+ +--------------+
Each block's hash is computed from its own content plus the prevHash from the block before it. This creates a chain where every block depends on every block that came before it.
The critical property: if any block is modified, every subsequent hash becomes invalid. Change one byte in Block 1's trace data, and Block 1's hash changes. But Block 2's hash was computed using Block 1's original hash as prevHash. So Block 2's hash is now wrong too. And Block 3's. And every block after that.
Tampering with a single record breaks the entire chain from that point forward. To hide the tampering, you'd need to recompute every subsequent hash — which requires knowing that tampering occurred and having the computational resources to rebuild the chain. With proper verification, this is detectable.
AgentTraceHQ computes each block's hash using SHA-256 over a deterministic concatenation of the trace fields:
hash = SHA-256(
traceId +
agentId +
action +
timestamp +
previousHash +
JSON.stringify(input) +
JSON.stringify(output)
)
This means the hash covers:
If any of these fields are altered after the hash was computed, the hash won't match when verified.
Every field in the hash formula serves a purpose:
AgentTraceHQ maintains one hash chain per organization. All traces from all agents in your organization form a single, sequential chain ordered by block number.
Why per-org instead of per-agent?
Cross-agent integrity: If Agent A's output triggers Agent B's action, both traces are in the same chain. You can verify the entire decision pipeline.
Simpler verification: One chain to verify, not dozens. A single API call confirms the integrity of your entire audit history.
Gap detection: Sequential block numbers make it trivial to detect deleted records. If you have blocks 1, 2, 3, 5 — block 4 was deleted. With per-agent chains, a gap could just mean the agent was idle.
Organization: Acme Fintech
Chain:
Block 1 (Agent: trade-advisor)
action: "analyze_market_data"
prevHash: "0000000000000000" <-- genesis block
hash: "a3f7b2..."
Block 2 (Agent: trade-advisor)
action: "generate_recommendation"
prevHash: "a3f7b2..."
hash: "7b1c9e..."
Block 3 (Agent: compliance-checker)
action: "review_recommendation"
prevHash: "7b1c9e..."
hash: "f09d4a..."
Block 4 (Agent: trade-advisor)
action: "execute_trade"
prevHash: "f09d4a..."
hash: "2e8b1f..."
The compliance checker's review (Block 3) is chained between the recommendation (Block 2) and the execution (Block 4). The entire decision pipeline is captured in a single verifiable chain.
Verification walks the chain and recomputes every hash. Here's the algorithm:
1. Fetch all blocks for the organization, ordered by blockNumber ascending
2. For each block:
a. Compute expected_hash = SHA-256(traceId + agentId + action + timestamp + previousHash + input + output)
b. Compare expected_hash to the stored hash
c. Compare the block's prevHash to the previous block's stored hash
d. Confirm blockNumber is sequential (no gaps)
3. If all checks pass: chain is valid
4. If any check fails: report the exact block where the chain breaks
The verification endpoint returns:
{ "success": true, "data": { "valid": true, "blocksVerified": 14328, "firstBlock": 1, "lastBlock": 14328, "verifiedAt": "2026-03-07T14:23:01.000Z" } }
Or, if tampering is detected:
{ "success": false, "data": { "valid": false, "brokenAt": { "blockNumber": 847, "expectedHash": "a3f7b2c1d4e8...", "actualHash": "9x2k4m7n1p3q...", "traceId": "trace-uuid-here" }, "blocksVerified": 846, "message": "Hash mismatch at block 847. Chain integrity compromised." } }
You know exactly which block was tampered with and can investigate from there.
Here's how this works end-to-end with the AgentTraceHQ SDK:
import { AgentTraceHQ } from "@agenttracehq/sdk"; const athq = new AgentTraceHQ({ apiKey: process.env.AGENTTRACEHQ_API_KEY, agentId: "trade-advisor", }); // Send traces — hash chaining happens server-side automatically await athq.trace({ action: "analyze_market_data", sessionId: "session-001", input: { ticker: "NVDA", timeframe: "1D" }, output: { trend: "bullish", confidence: 0.92 }, reasoning: "Price above 200 EMA, volume increasing, RSI at 58", }); await athq.trace({ action: "generate_recommendation", sessionId: "session-001", input: { analysis: { trend: "bullish", confidence: 0.92 } }, output: { action: "buy", size: "2% of portfolio", stopLoss: "-5%" }, reasoning: "High confidence bullish signal with manageable risk", }); // Flush to ensure all traces are sent await athq.flush(); // Verify the chain const verification = await athq.verifyChain(); if (verification.valid) { console.log(`Chain verified: ${verification.blocksVerified} blocks intact`); } else { console.error(`Chain broken at block ${verification.brokenAt.blockNumber}`); }
You don't compute hashes client-side. The SDK sends trace data to the AgentTraceHQ API, which computes the hash using the previous block's hash (which only the server knows), assigns the block number, and stores the complete block. This means:
The EU AI Act Article 12 requires "automatic recording of events (logs) over the lifetime of the system." But it's not enough to just record events — the logs must maintain integrity. If a regulator can't trust that the logs haven't been altered, the logs are worthless.
Hash chains provide mathematical proof of integrity. A SHA-256 hash chain can't be silently modified — any tampering is detectable by anyone who runs verification. This is the difference between "we have logs" and "we have tamper-proof logs that you can independently verify."
For SOC 2 Type II audits, the Processing Integrity trust service criteria requires evidence that system processing is complete, valid, accurate, and timely. A verified hash chain is direct evidence: every processing step is recorded, ordered, and verifiable.
For fintech companies dealing with SEC regulations and MiFID II, the ability to prove that trade-related agent decisions weren't altered after the fact isn't just nice to have — it's a legal requirement.
SHA-256 computation is fast — microseconds per hash on modern hardware. The chain operations add negligible latency:
The SDK handles everything asynchronously. Your agent never waits for hash chain operations.
You don't build hash chain infrastructure. You don't manage block numbers, handle race conditions for concurrent traces, or implement verification algorithms.
Install the SDK, send traces, and every record is automatically hash-chained with SHA-256. Verification is one API call or one click in the dashboard. Compliance reports include chain verification status.
Every trace. Every agent. Cryptographically verified.
Start free at agenttracehq.com — 10K traces/month, tamper-proof from day one.