Problem
RAMPART closes the testing loop: it proves an agent failed or passed a safety probe in CI. The missing piece is a bridge to the runtime record — what the agent actually did in production, verifiable by a third party without trusting the operator's infrastructure.
Teams need both:
- RAMPART regression receipt: test-time evidence (agent failed the prompt-injection probe at commit
abc123)
- Production receipt: runtime evidence (agent called
send_email with scope user@example.com at a given timestamp, Ed25519 signed, hash-chained, independently verifiable)
Without the production layer, RAMPART proves the mitigation held in test but can't prove it held in the field.
Proposed: ProductionReceiptSink
A RAMPART reporting sink that, on test completion, emits a signed production receipt alongside the regression artifact. The receipt uses the action_ref content address to link the test artifact to the runtime evidence format:
from nobulex import Agent
# ProductionReceiptSink observes tool calls during RAMPART probes,
# signs each one with Ed25519 over JCS-canonical JSON,
# and emits the hash-chained receipt alongside the regression JSON.
The sink derives action_ref = SHA-256(JCS({agent_id, action_type, scope, timestamp_ms})) for each tool call observed during the RAMPART probe, producing an artifact that is both a RAMPART regression record AND a cryptographically verifiable runtime receipt.
Relevance
EU AI Act Article 12 (enforcement August 2, 2026) requires tamper-evident automatic logging for high-risk AI systems. RAMPART + a production receipt sink provides the complete evidence package: CI proof that safety tests pass AND independently verifiable runtime records.
pip install nobulex ships the receipt layer. Happy to contribute a ProductionReceiptSink adapter as a draft PR if there's appetite.
Problem
RAMPART closes the testing loop: it proves an agent failed or passed a safety probe in CI. The missing piece is a bridge to the runtime record — what the agent actually did in production, verifiable by a third party without trusting the operator's infrastructure.
Teams need both:
abc123)send_emailwith scopeuser@example.comat a given timestamp, Ed25519 signed, hash-chained, independently verifiable)Without the production layer, RAMPART proves the mitigation held in test but can't prove it held in the field.
Proposed:
ProductionReceiptSinkA RAMPART reporting sink that, on test completion, emits a signed production receipt alongside the regression artifact. The receipt uses the
action_refcontent address to link the test artifact to the runtime evidence format:The sink derives
action_ref = SHA-256(JCS({agent_id, action_type, scope, timestamp_ms}))for each tool call observed during the RAMPART probe, producing an artifact that is both a RAMPART regression record AND a cryptographically verifiable runtime receipt.Relevance
EU AI Act Article 12 (enforcement August 2, 2026) requires tamper-evident automatic logging for high-risk AI systems. RAMPART + a production receipt sink provides the complete evidence package: CI proof that safety tests pass AND independently verifiable runtime records.
pip install nobulexships the receipt layer. Happy to contribute aProductionReceiptSinkadapter as a draft PR if there's appetite.