Tamper-Proof Receipts Could Be the Key to Auditing AI Agent Actions

·1 views

As AI agents gain the ability to perform high-stakes tasks like issuing refunds or calling production APIs, relying on editable logs is no longer a sufficient safeguard. A developer has built a demo system where an AI agent generates a cryptographically signed, tamper-evident receipt after each task, proving it followed pre-approved rules. The approach chains each action step using hashing so that any alteration — whether to the rules, a step, or the signature — causes verification to fail. The technique draws on a broader research concept called verifiable agent behavior, or zkML, which aims to let third parties audit an agent's conduct without re-running it or exposing private data. The demo, built in roughly 120 lines of standard cryptography code, is publicly available on GitHub and requires no API key to run.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

How Developers Can Build a Live CS2 Score Bot for Discord in 50 Lines

A developer tutorial published on DEV Community outlines how to create a Discord bot that displays live Counter-Strike 2 match scores using Node.js and the Tachio Sports API. The bot fetches real-time match data — including scores, maps, formats, and betting odds — and posts formatted updates to a designated Discord channel every 60 seconds. The project requires setting up a Discord application, installing the discord.js library, and authenticating with environment variables for the bot token and API key. Developers can optionally add a slash command so users can manually trigger score updates on demand. The guide also suggests deploying the bot for free on Railway, making it accessible to Discord server owners without hosting costs.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Polymarket Confirms Hack via Third-Party Vendor; Affected Users Promised Full Refunds

Crypto prediction platform Polymarket confirmed that hackers stole user funds after compromising a third-party vendor, which was used to inject malicious code into the platform's website. Spokesperson Connor Brandi told TechCrunch that the vendor breach directly resulted in theft, though the company declined to disclose the total amount stolen, the vendor's identity, or the precise attack mechanism. Blockchain security firm PeckShield independently flagged suspicious on-chain activity around the same time Polymarket made its public announcement. The attack is classified as a supply chain breach, meaning Polymarket's own smart contracts were not compromised — the vulnerability existed in the conventional web infrastructure surrounding them. The platform says it has contained the incident and is contacting affected users directly with commitments to issue full refunds.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Nylas Agent Policies Let Developers Set Per-Tier Email Quotas for Multi-Tenant Apps

Multi-tenant email setups traditionally apply identical send limits, storage caps, and retention windows to all customers regardless of their tier, creating problems for both free and enterprise users. Nylas addresses this through a policy-based system where reusable policy objects define daily send limits, storage ceilings, and retention periods that can be assigned to workspaces. Each workspace holds a single policy, and every Agent Account within that workspace automatically inherits its limits, eliminating per-account configuration. When a tenant is provisioned, developers simply place them in the appropriate workspace bucket and the tier's caps apply immediately. This server-side enforcement means quota tracking, retention pruning, and storage monitoring are handled by Nylas rather than requiring custom application logic.

0 comments Read more at DEV Community

ProgrammingDEV Community ·

Developer builds dependency-free unit converter with 70+ units and 165 tests

A developer has released a browser-based unit converter that runs entirely client-side with no external dependencies, no ads, and no server communication. The tool covers seven categories — length, weight, temperature, volume, area, speed, and data — supporting over 70 units in total. It features real-time bidirectional conversion, a swap button, an all-units panel, and a formula display showing conversion factors. The project is packaged as a single HTML file requiring no build tools or package manager. Reliability was a key focus, with 165 automated tests written using only Node.js's built-in assert module, covering edge cases, roundtrips, and known reference values.

0 comments Read more at DEV Community