Show HN: Air – Open-source black box for AI agents (tamper-evident audit trails)

Your AI agent just sent an email, moved money, or changed production data. Someone asks: "Show me exactly what it saw and why it made that decision."

Can you answer that today?

AIR Blackbox Gateway is a flight recorder for AI systems. Drop it in front of any OpenAI-compatible provider and every LLM call produces a tamper-evident, replayable audit record — without exposing sensitive content to your observability stack.

15 repos. 200+ tests. CI on every push. Apache-2.0.

See it live: Interactive Demo — watch an agent run, inspect the audit chain, tamper with a record, and see the chain break.

Also: Test Suite — 30 tests across 8 LLM providers.

1. Start the stack

2. Install the SDK

3. Record everything

Works with your framework:

4. View traces → localhost:16686 (Jaeger)

5. Replay any run

Langfuse, Helicone, and Datadog answer "how is the system performing?"

AIR answers "what exactly happened, and can we prove it?"

Nobody else ships tamper-evident audit chains for AI systems as open source. Not Langfuse (6k+ stars), not Helicone, not LangSmith. They're observability. This is accountability.

Platform engineers deploying agents that call LLMs. You need every request recorded without leaking PII into your observability stack. Drop this in front of your provider — zero code changes.

Compliance teams whose regulators are asking "show me what the AI did." AIR records give you legal-grade reconstruction with SHA-256 checksums and signed evidence packages.

Startup CTOs who know "we can't prove what our AI did" will block enterprise deals, SOC 2, or insurance. Install this now so you're not scrambling later.

Agent builders moving beyond chatbots toward systems that operate across hours, call tools, and interact with production data. You need decision provenance, replay, and the ability to prove your agent did the right thing — or a clear record of where it didn't.

This is the part nobody else has.

Audit Chain — Every proxied request is appended to an HMAC-SHA256 chain. Each entry links to the previous entry's hash. Modify any record and the chain breaks from that point forward. Same integrity model as certificate transparency logs, without the blockchain overhead.

Compliance Reporting — The gateway evaluates your live configuration against 22 controls across SOC 2 (12 controls) and ISO 27001 (10 controls). Controls pass or fail based on what's actually enabled — vault, guardrails, analytics, audit chain. No self-assessment forms. The gateway evaluates itself.

Evidence Export — GET /v1/audit/export generates a signed evidence package: full audit chain, compliance report, time range, HMAC attestation. Hand it to your auditor as a single JSON document. The attestation can be independently verified against your signing key.

AIR is a witness, not a gatekeeper. It cannot cause your AI system to fail.

Non-blocking — Vault unreachable? Gateway still proxies. Your AI never stops because recording failed.

Lossy-safe — A dropped record is acceptable. A dropped request is not. Recording is best-effort; proxying is guaranteed.

Self-degrading — OTel Collector down? Spans dropped silently. Filesystem full? AIR records fail gracefully. Warnings logged, never errors returned.

Same contract as Datadog agents, OTel collectors, and every other production observability tool. Companies won't insert infrastructure that can break their pipeline.

You control all data. You choose what gets recorded.

"We can prove what happened without exposing the data." That's what makes this viable for regulated industries.

15 repos, all tested, all with CI/CD, all Apache-2.0.

Each layer builds on the one below. You can't detect what you can't see. You can't prevent what you can't detect. You can't trust what you can't prove. And you can't grant autonomy without trust.

Each run produces a .air.json file:

Apache-2.0. The open-source protocol layer will always be Apache-2.0.

The path to adoption: Open protocol → common dependency → operational expectation → compliance requirement.

See LICENSE for details. See COMMERCIAL_LICENSE.md for future commercial governance services.