How I added cryptographic audit trails to any CrewAI crew in 3 lines

Your CrewAI crew is running in production. It researches, writes, reviews, decides.
It produces results. But if someone asks you what exactly happened — which agent
ran which step, in what order, and that nothing was altered after the fact —
you don't have a cryptographic answer. You have logs.

Logs can be faked. A cryptographic chain cannot.

The problem with logs

When your crew produces a result, your logs record what happened. But they're
append-only text files — there's no structural guarantee that they haven't been
modified. There's no signature. There's no way to prove, to a third party, that
event B actually followed event A and that neither was tampered with.

This doesn't matter much for a weekend project. It matters a lot once you're in
production, under an audit, or working in any regulated context (EU AI Act Art.12,
MiFID II, HIPAA).

The fix: 3 lines

pip install piqrypt
from piqrypt.bridges.crewai import AuditedAgent as Agent

researcher = Agent(
    role="Researcher",
    goal="Find competitive pricing data",
    backstory="Expert at finding and analyzing market data.",
    agent_name="researcher_01"
)

That's it. AuditedAgent is a drop-in replacement for CrewAI's Agent.
Your crew definition doesn't change. Your tasks don't change.
Your tools don't change.

What changes: every action this agent takes is now an Ed25519-signed,
hash-chained event stored locally.

What that actually means

Each event contains a previous_hash pointing to the hash of the event before it.
The structure looks like this:

{
  "version": "AISS-1.0",
  "agent_id": "researcher_01_xK9mP...",
  "timestamp": 1744531200,
  "nonce": "550e8400-e29b-41d4-a716-446655440001",
  "payload": {
    "event_type": "tool_call",
    "tool": "web_search",
    "input": "competitor pricing Q1 2026"
  },
  "previous_hash": "sha256:a3f7e8c9b1d5f2...",
  "signature": "base64:RXZlbnQ..."
}

If someone modifies any event after the fact — even a single byte — every
previous_hash downstream breaks. The tampering is detectable instantly,
offline, with no server needed.

Verification:

import piqrypt as aiss

events = aiss.load_events("researcher_01")
result = aiss.verify_chain(events)
# Chain verified — 47 events, 0 anomalies, trust_score: 0.97

A full crew example

from crewai import Crew, Task
from piqrypt.bridges.crewai import AuditedAgent as Agent

researcher = Agent(
    role="Researcher",
    goal="Find competitive pricing data",
    backstory="Expert at finding and analyzing market data.",
    agent_name="researcher_01"
)

writer = Agent(
    role="Writer",
    goal="Produce a pricing analysis report",
    backstory="Turns raw data into clear executive summaries.",
    agent_name="writer_01"
)

research_task = Task(
    description="Research competitor pricing for product X",
    agent=researcher
)

write_task = Task(
    description="Write a pricing analysis based on the research",
    agent=writer
)

crew = Crew(
    agents=[researcher, writer],
    tasks=[research_task, write_task]
)

result = crew.kickoff()

Every action from researcher_01 and writer_01 is independently hash-chained
and signed. Two separate cryptographic histories. Nothing else changed.

Monitoring with Vigil

pip install piqrypt also installs Vigil — a local monitoring dashboard that
launches on http://localhost:8421.

from vigil import start_vigil
start_vigil()

Vigil shows you VRS (Verifiable Risk Score) in real time, chain health per agent,
and raises CRITICAL alerts if anomalies are detected. No external dependency.
No data leaves your machine.

What this is and what it isn't

PiQrypt doesn't decide whether your agents make good decisions. It doesn't
evaluate output quality. The trust score is a measure of chain integrity,
not decision quality — fully deterministic, no ML involved.

It also doesn't replace legal counsel for compliance. What it does: provide the
cryptographic infrastructure that makes your agent's history tamper-evident and
verifiable by any third party, offline, without PiQrypt infrastructure.

The MIT core (AISS protocol) is open source. The signing primitives are standard:
Ed25519 (RFC 8032), SHA-256 (NIST FIPS 180-4), RFC 8785 canonicalization.
No proprietary black box.

Get started

pip install piqrypt

• GitHub: github.com/piqrypt/piqrypt
• Protocol spec (MIT): github.com/piqrypt/aiss-standard
• Site: piqrypt.com aiss-standard.org

Next article in this series: multi-agent accountability — what happens when your
Researcher passes output to an Analyst and you need cryptographic proof of the
exchange itself, not just each agent's individual history.