Signed audit trails for every LLM call through the proxy

[jagmarques]

Built an integration that cryptographically signs every LLM call routed through litellm, creating a tamper-evident audit trail.

The idea: each proxy request gets an ML-DSA-65 signature chained to the previous one, so you can prove after the fact that no call was modified or deleted.

from litellm import completion
import asqav

asqav.init(api_key="sk_...")
agent = asqav.Agent.create("litellm-proxy-auditor")
session = agent.start_session(name="proxy-audit")

response = completion(model="gpt-4o", messages=[{"role": "user", "content": "Summarize Q1 revenue"}])

# Sign the call - hash-chained to previous action
session.log("llm:completion", metadata={
    "model": response.model,
    "tokens": str(response.usage.total_tokens),
    "prompt_hash": asqav.hash_content(str(response.choices[0].message.content))
})

Each log entry gets a post-quantum signature and a chain hash linking it to the previous entry. You can export the full trail as JSON for compliance reviews.

Useful if you need to demonstrate to auditors that your LLM interactions were not tampered with after the fact - especially relevant for EU AI Act Article 12 logging requirements.

Repo: https://github.com/Upsonic/Upsonic

[arian-gogani]

This is a problem I've been solving at a different layer. Signed audit trails for LLM calls through the proxy is valuable — but the gap I kept hitting was at the action layer, not the call layer.

An LLM call might return a plan with 5 steps. The audit trail for the call tells you the model was invoked. It doesn't tell you whether each of those 5 steps was allowed to execute, or whether the agent actually followed its constraints.

I built Nobulex for this layer — agents declare behavioral rules, every action gets evaluated before execution, and the decisions go into a SHA-256 hash-chained log. Each entry links to the previous, making tampering detectable.

The two layers compose well:

• LiteLLM proxy: signed audit trail for model calls (what was asked)
• Proof-of-behavior: signed audit trail for agent actions (what was done)

Together you'd have end-to-end cryptographic evidence from prompt to action.

Try it: nobulex.com/playground