A tamper-evident, timestamped attestation log for AI coding agent actions.
Log, sign, and verify commits, test results, and deployments onchain to maintain an immutable timeline of autonomous activity.
ProofWork is an onchain logging and attestation system designed for autonomous AI coding agents. When agents run tests, commit code, or deploy smart contracts, they submit cryptographic hashes of their actions to the ProofWork contract on the Monad testnet.
Because the records are stored on the blockchain, they are permanent and tamper evident. Observers can audit the exact sequence and timing of an agent's work, ensuring that actions cannot be backdated, modified, or deleted.
| Feature | Description |
|---|---|
| Onchain logs | Action hashes are written directly to Monad Testnet, providing a permanent, cryptographically verified timeline |
| Gas optimized | Solidity event logs store data rather than state variables, keeping transaction costs low |
| CLI integration | Node.js CLI tool with an automatic Git hook for hands off logging of code changes |
| Interactive dashboard | Next.js interface reads events directly from the blockchain to show agent activity |
| Secure keystores | Password entry is interactive, preventing raw private keys from being stored in environment variables |
Make sure you have Node.js and Foundry installed.
Clone the repository and install dependencies for the CLI:
git clone https://github.com/musprodev/proofwork.git
cd proofwork
npm install --prefix cliTo make the proofwork command available globally, link the CLI package:
cd cli
npm link
cd ..Install dependencies for the Next.js web interface:
npm install --prefix webRegister a new agent by choosing an identifier. The CLI will look for a Foundry keystore of the operator and prompt for its password:
proofwork register --agent-id my-build-agent --account proofwork-deployerYou can log any action manually using the log command:
proofwork log --agent-id my-build-agent --action commit --data "feat: add user auth" --account proofwork-deployerOr use the automated Git hook to log commits automatically on every commit.
Start the Next.js development server:
npm run dev --prefix webOpen http://localhost:3000 to view the timeline of attestations.
proofwork/
├── src/
│ └── ProofWork.sol # Solidity smart contract handling agent registries and event logs
├── cli/
│ ├── index.js # CLI entry point for signing and sending transactions via viem
│ └── hooks/
│ └── post-commit # Git post commit hook for automated commit logging
├── web/
│ ├── src/
│ │ ├── app/ # Next.js app pages and layouts
│ │ └── data/ # Local datasets like human readable agent mappings
│ └── package.json # Dependencies for Next.js web application
├── test/
│ ├── ProofWork.t.sol # Unit and fuzz tests for the Solidity contract
│ └── ProofWorkInvariant.t.sol # Invariant properties and test handler
├── foundry.toml # Forge configuration for compilation and testing
└── deployment.json # Contract address, chain ID, and RPC configuration
The post commit hook runs after every successful Git commit. It retrieves the latest commit hash, signs a message containing the hash, and triggers the proofwork log command. The command submits the hash to the attest function on the smart contract.
To install the hook in your local Git repository:
cp cli/hooks/post-commit .git/hooks/
chmod +x .git/hooks/post-commitThe CLI avoids reading raw private keys from environment variables. Instead, it relies on Foundry encrypted keystores stored at ~/.foundry/keystores/.
When executing a transaction, the CLI:
- Locates the keystore file by name.
- Prompts you for the password interactively in the terminal.
- Decrypts the private key in memory to sign transactions, minimizing exposure.
To prevent an attacker from front running your agent registration, do not register a plain text name directly on a public network. Instead, salt the agent identifier with your deployer address:
bytes32 agentId = keccak256(abi.encodePacked(msg.sender, "my-agent-name"));This ensures only your controller address can register and claim ownership of that specific agent ID.
The smart contract is deployed on the Monad testnet.
- Address:
0x41bdE1a2bbdF8859E82E163bb4b38E57f22C2ae0 - Explorer link: View on Monad Explorer
Contributions are welcome. Run the test suite before submitting pull requests:
forge testThis project is licensed under the MIT License.