RootSign v0.1.0 — Phase 1 MVP
Pre-release
RootSign v0.1.0 — Phase 1 MVP
Tamper-evident provenance logging for AI agents.
This is the first publishable release of RootSign — the SDK ships with
LangGraph and CrewAI integrations, a rootsign verify CLI, PII redaction,
and human-in-the-loop checkpoints. Local first; Postgres + TimescaleDB.
What's included
Framework integrations
- LangGraph 0.1.x and 0.2.x —
@rootsign.trace,rootsign.wrap_tools(). See ADR-004. - CrewAI 0.28, 0.40, and 1.x —
CrewAITracer.wrap_tools(),
rootsign.wrap_crewai_tools(). Duck-typed interception so future
versions Just Work. See ADR-005.
Core SDK
- SHA-256 hash chain across every Action record in a session.
verify_chain
detects any after-the-fact modification. - Human-in-the-loop checkpoint —
@rootsign.trace(require_approval=True)
blocks tool execution until a human approves via the CLI. Async poll
loop, configurable timeout. See ADR-007. - Approval records with three terminal states:
human_approved,
human_rejected,timed_out(forensically distinct from rejected —
"nobody responded" vs "someone said no"). - PII redaction before hashing so stored hashes carry no PII signal.
Three ready configs:StandardPIIConfig(email/phone/SSN/CC/UK NI),
FinancialPIIConfig(+ account/routing/IBAN),HealthcarePIIConfig
(+ MRN/NPI/DOB). See ADR-006. rootsign.session()async context manager — auto SESSION_OPEN /
SESSION_CLOSE.
CLIs
rootsign verify <session_id>— verifies the hash chain. Exit 0 = VALID, 1 = TAMPERED.rootsign verify --local <path.jsonl>— offline JSONL verification, no DB required.rootsign approve <action_id>— approve a pending HiTL action.
--reject --reason "..."for rejection;--listto see what's pending.rootsign-admin init— schema migration (alembic upgrade head).
Storage
- PostgreSQL 16 + TimescaleDB 2.14 (local dev via
docker-compose). LocalIngestClient— in-process ingest, no HTTP required.- Cloud
HttpIngestClientreserved for Phase 2.
Architecture decisions captured
| ADR | Topic |
|---|---|
| ADR-001 | Hash canonical spec |
| ADR-002 | Transport-agnostic client |
| ADR-003 | Framework contract tests |
| ADR-004 | LangGraph interception |
| ADR-005 | CrewAI interception |
| ADR-006 | Redaction contract |
| ADR-007 | HiTL checkpoint design |
Known limitations
These are deliberate Phase 1 scope decisions, all on the Phase 2 roadmap:
- No cloud ingest backend.
HttpIngestClientraises
NotImplementedError. Phase 2. - No web dashboard. Audit history queries are SQL today; the hosted
compliance dashboard is the Phase 2 deliverable. - HiTL is plain-async-callable only.
@rootsign.trace(require_approval=True)
on a LangChainBaseToolor CrewAI tool raisesNotImplementedError
with a "wrap the underlying function" hint. Lifting the gate needs an
output-capture write-back RPC — Phase 2. - Output not chain-captured for HiTL actions.
output_hashstays
NULL for actions gated on human approval. The input is chained; the
output reaches the caller but isn't part of the audit hash. - AutoGen and TypeScript SDKs not yet shipped. Both deferred to
RootSign v1.0 alongside the Phase 2 cloud backend.
Install
pip install rootsign[langgraph] # LangGraph
pip install rootsign[crewai] # CrewAIPre-PyPI note (until publish): install from source —
pip install 'rootsign[langgraph] @ git+https://github.com/Providex-AI/rootsign.git'.
Python 3.11 or 3.12 recommended. The [crewai] extra currently lags
on 3.13 / 3.14 wheels. If you hit No matching distribution found for crewai,
switch to Python 3.12.
Quickstart
See README.md for the full LangGraph + CrewAI quickstarts.
The CI-runnable reproducibility test is at
tests/integration/test_show_hn_quickstart.py
— that's the same flow the README walks you through.
Stats
- 18 test modules touched, 297 tests passing.
- 7 architecture decisions documented.
- Framework contract tests green on LangGraph 0.1.x / 0.2.x and
CrewAI 0.28 / 0.40 / 1.x.
Contributors
This release is the work of:
- Providex AI — design, implementation, releases
Reach out: info@getprovidex.com · github.com/Providex-AI/rootsign