undefined | Better HN

0 pointsfelix95273mo ago0 comments

Sure — it's at https://github.com/PunkGo/punkgo-jack

It hooks into PostToolUse, PreToolUse, SessionStart/End, and UserPromptSubmit. Each event gets submitted to a local kernel that appends it to an RFC 6962 Merkle tree. You can then verify any event with an inclusion proof, or check log integrity between two checkpoints with a consistency proof.

The verify command works offline — just needs the checkpoint and tile hashes, no daemon required. There's also a Go implementation in examples/verify-go/ that independently verifies the same proofs, to show it's not tied to one language.

Would be interesting to explore composing nah's classification decisions with a verifiable log — every allow/deny gets a receipt too.

0 comments

2 comments · 1 top-level

schipperai3mo ago· 1 in thread

looks neat! and fits perfectly with nah. I can see enterprises starting to care more about this as more people adopt coding CLIs and prod goes boom more often.

felix9527OP3mo ago

Exactly. The moment an agent touches prod, "we logged it" isn't enough — you need "here's the cryptographic proof of what happened, and you can verify it without trusting us."

Compliance teams (SOC 2, EU AI Act Article 12) will demand this. The nice part is RFC 6962 is already battle-tested at scale — Certificate Transparency processes billions of entries. Same math, different domain.

j / k navigate · click thread line to collapse