AXR/Plain English/For people who run AI, not cryptography

Your AI runs your business. Can you prove what it did?

Your AI books appointments, sets prices, sends messages, processes refunds — real money, real decisions, real risk of a dispute. The day a customer says it did something it shouldn’t have, your log says everything’s fine. But you wrote that log. Who’s going to believe you?

AXR gives every decision a receipt — like the seal on a parcel, but for your automation. It can’t be changed afterwards, and anyone can check it without taking your word for it. Don’t take ours either: break one yourself, just below.

Free & open source MITSet up in ~10 minutesIn your browser nothing uploaded

A receipt with a seal. Try to break it.

Below is a real, signed AXR receipt — the kind your automation would produce for one booking. The seal is green because every character matches the signature. Edit any field and watch the seal break, live, on your machine. Nothing is uploaded.

AI booking receipt

Customer
A. Nagy
Service
Carpet clean
Date
2026-07-02
Price (HUF)
38000
Decision
BOOKING_CONFIRMED

Signature valid

Edit any field above. The seal breaks the instant one character no longer matches what was signed.

What just happened?

Your browser recomputed the receipt’s Ed25519 signature over the exact text shown — the same check a verifier runs. Match → green. One byte off → red. No server, no upload.

This proves the record wasn’t changed since signing. It does not prove the decision was right — it makes a wrong one undeniable.

Like the seal on a parcel — but for your automation.

When a courier hands over a parcel, they get a signature. You don’t write it; you can’t change it later; and if there’s a dispute, you both look at it. AXR is that, done automatically for your AI — and the stamp can’t be swapped out afterwards.

Editable story

Your server log

Written by you, on your server, at any time. In a dispute it’s your word about your own systems.

Verifiable record

An AXR receipt

Sealed when the decision happened, checkable offline by anyone — no access to you or your systems needed.

A log you alone can rewrite is a story. A receipt anyone can check is a record.

Under the hood it’s standard, proven cryptography — a digital signature and a tamper-evident chain, nothing experimental. You never have to see any of it to use it. (If you want to check, the code is open source.)

You might need this and not know it yet.

Nobody searches for "tamper-evident audit trail." They hit a moment like one of these — and suddenly the question is can you prove it?

You run a webshop

"I returned the parcel two weeks ago — your system says the refund went out. It didn’t."

You handle the books

"Your system dunned an invoice I already paid. Three times. Fix it or I call a lawyer."

You screen applicants

"Your AI rejected me because I’m 52." Now prove age was never an input.

You answer to a regulator

"Show that last year’s automated decision followed the policy in force at the time."

You just use ChatGPT for everything

"The contract says something else than we agreed." — "But the AI wrote it…" is not a defence.

What it looks like when it saves you.

Webshop

The refund that never left

Your automation says refund_processed: true. The customer never got the money; the bank says it never received a request. Whose fault is it? With a receipt for that step, you can show whether the bot actually issued the instruction — so you know in seconds where the chain broke, instead of eating a chargeback to keep the peace.

Finance / bookkeeping

The invoice that was already paid

An AI kept sending payment demands on a settled invoice, and the customer is threatening to sue. Your internal log says everything was correct — but you wrote that log. A signed receipt for each billing decision is something the other side (or a court) can check without phoning your developer.

Hiring / HR

The rejected candidate

A rejected applicant suspects the AI screened them out for a forbidden reason. You need to show what the decision actually saw. A signed decision record lets an authority check that the banned data was never an input — they don’t have to take your word for it. (And personal data can still be erased later without breaking the signature.)

Regulated

The audit, a year later

A supervisor asks you to prove a past automated decision followed the rules in force at the time. The model has changed since. An anchored, signed trail lets them verify the record was not edited after the fact — and you can hand them an auditor-ready report instead of raw files.

Not a thought experiment: AXR runs in production today on a live booking workflow — 200+ signed receipts, anchored hourly since June 2026. See the technical account.

Now picture yourself in front of a judge.

You hold up a screenshot of your log. The judge asks: "You wrote this yourself, correct?" With a receipt, the answer changes — because the other side can check it without trusting you. These moments are already arriving:

  • DisputeA customer’s screenshot against your log — and no neutral record to settle it.
  • Audit"Prove the automated decision followed the rules in force at the time."
  • LawThe EU AI Act’s high-risk rules include automatic, retainable logging, with the main regime applying from 2 August 2026 — and it has to be auditable.

Three steps. No cryptography degree.

  1. Record. Every decision your automation makes gets a receipt — what went in, what it decided, when, and which version of the logic ran.
  2. Seal. The receipt is signed and chained to the one before it. Change a single character and the seal breaks; remove one and the chain breaks.
  3. Check. Anyone can verify a receipt — in a browser, with nothing uploaded — without trusting you or your systems.

If you use n8n

Drop one Code node at the end of your workflow. That’s it — about ten minutes, no server, no dependencies. From then on every run leaves a signed receipt.

The n8n walkthrough

If you don’t (yet)

Start by checking a receipt yourself — one click, nothing uploaded — so you can see exactly what the green seal means before you produce one.

Check a receipt in your browser

The honest small print.

"My log already shows this. Why do I need more?"
You wrote that log, on your own server. In a dispute it counts for about as much as your own word. Your logs are still your first line of defence — an AXR receipt just makes them independently checkable, by the customer, an auditor or a court, without your help.
"Isn’t this too complicated for us?"
One click in your browser to check a receipt. Or one node at the end of your n8n workflow. No install, no server, no new account. It’s free and open source. If it doesn’t click in ten minutes, you’ve lost ten minutes.
"What if I set it up wrong?"
The receipt step never blocks your workflow. If signing fails, your business process still completes — you get an honest "unsigned" gap in the record, never a forged one. There’s no silent failure to clean up after.
"AI is new — why worry about this now?"
The EU AI Act’s high-risk rules include automatic logging, and the main regime applies from 2 August 2026. And the first dispute where you can’t prove what your AI did will cost more than setting this up ever will.
"Does it slow my system down?"
No. Writing the receipt runs alongside your workflow; anchoring runs outside it. If the receipt step ever fails, your business process still completes — it just leaves a visible, honest gap.

What it does not claim

  • HonestA green seal proves the record hasn’t changed since it was signed. It does not prove the decision was correct, or that the AI told the truth. AXR makes mistakes visible and undeniable — it doesn’t prevent them.
  • Honest"Verified" means the record checks out locally. It is not, by itself, a certificate of legal compliance.
  • OpenIt’s open source (MIT). The point of being open is that you don’t have to trust us — anyone can read exactly how it works.

Don’t take our word for any of this.

That’s the whole idea. Check a real receipt in your browser right now — nothing uploaded, nothing installed. Green seal, genuine record; red seal, it was changed. That’s the whole test.

Prefer the deep end? The full technical account covers the threat model, the two independent verifiers, and the limits.