I'm building Traceprompt - an open-source SDK that seals every LLM call and exports write-once, read-many (WORM) logs auditors trust.
Here's an example - a LLM that powers a bank chatbot for loan approvals, or a medical triage app for diagnosing health issues. Regulators, namely HIPAA and the upcoming EU AI Act, missing or editable logs of AI interactions can trigger seven-figure fines.
So, here's what I built:
- TypeScript SDK that wraps any OpenAI, Anthropic, Gemini etc API call
- Envelope encryption + BYOK – prompt/response encrypted before it leaves your process; keys stay in your KMS (we currently support AWS KMS)
- hash-chain + public anchor – every 5 min we publish a Merkle root to GitHub -auditors can prove nothing was changed or deleted.
I'm looking for a couple design partners to try out the product before the launch of the open-source tool and the dashboard for generating evidence. If you're leveraging AI and concerned about the upcoming regulations, please get in touch by booking a 15-min slot with me (link in first comment) or just drop thoughts below.
Thanks!
paulmbw•6mo ago