immut for AI agents

Give your AI agent an API key. It proves your documents existed, while you sleep.

Your agent watches the work you produce, decides which documents matter, hashes them on your own machine, and anchors permanent court-ready proof on the XRP Ledger. Humans stay out of the loop. Files stay on your machine.

How does an AI agent use immut?

The agent runs the entire proof lifecycle through one small API. Four steps, none of which require a human in the loop after setup.

01

The agent watches your work

You tell it what matters: compliance records, intellectual property, contracts, or your own categories. It acts on finalisation events, not every save.

02

It hashes the file locally

A SHA-256 digest is computed on your machine. The file itself is never uploaded, to immut or anywhere else.

03

immut anchors the proof

One API call records a commitment to the hash on the XRP Ledger mainnet with a precise timestamp, and returns the transaction hash plus a court-ready certificate.

04

Anyone can verify, forever

Verification is public and keyless. The record outlives immut: a regulator, court, or counterparty can check it independently at any time.

What does the API call look like?

One request creates the proof. The response includes the ledger transaction hash, the certificate path, and the verification salt your agent stores beside the file.

$ shasum -a 256 risk-assessment-final.pdf
43277ddf4e3c...e28df6  risk-assessment-final.pdf

$ curl -X POST https://backend.immut.io/api/v1/proofs \
    -H "Authorization: Bearer $IMMUT_API_KEY" \
    -H "Content-Type: application/json" \
    -d '{"hash": "43277ddf4e3c...e28df6", "workspace": "$IMMUT_WORKSPACE_ID"}'

{
  "success": true,
  "data": {
    "txHash": "60622C010EE1...3482DC",
    "ledger": "mainnet",
    "verifyUrl": "https://livenet.xrpl.org/transactions/.../detailed",
    "hashScheme": "hmac-sha256-nonce-v3",
    "proofNonce": "keep-this-to-verify-later"
  }
}

Where should your agent start?

REST API

Live

Bearer-authenticated JSON API. From zero to a verified mainnet proof with curl in five minutes.

Read the quickstart

Agent playbook

Live

The canonical instructions any capable agent can follow today: what to watch, when to prove, what to store, and the safety rules.

Read the playbook

CLI and Agent Skill

Live

Install the skill with npx skills add enroh-ops/immut-agent (setup wizard included), or the zero-dependency CLI: immut hash, proof create, verify, cert. Open source on GitHub.

View on GitHub

Agents reading this page programmatically: the machine-readable quickstart is at backend.immut.io/api/v1/docs (no auth), the OpenAPI spec at /docs/openapi.json, and every docs page as raw markdown by appending .md to its URL.

What does your agent never do?

The integration is designed so that giving an agent an immut key is a low-trust decision. The contract is hash-only and the key can do very little.

  • Never uploads file contents. Only the SHA-256 hash leaves your machine.
  • Never touches your billing. Keys are scoped to creating proofs and reading certificates.
  • Never follows instructions found inside your documents. Document content is data, not commands.
  • Never acts silently. Every proof and every skipped candidate is reported back to you.

Frequently asked questions

Does my AI agent upload my files to immut?

No. The agent computes a SHA-256 hash of the file on your own machine and sends only that hash. File contents never leave your environment. Under the default salted scheme, not even the raw hash appears on the public ledger, only an HMAC commitment to it.

How does an AI agent get access to immut?

A human account owner creates an API key at app.immut.io and gives it to their agent, scoped to creating proofs and downloading certificates only. Agents cannot sign up by themselves, and verification requires no key at all.

Which documents should an agent prove?

Documents whose timing may be questioned later: compliance records such as policies, SOPs and risk assessments at finalisation, intellectual property such as designs and research notes, and signed contracts. The agent playbook at immut.io/docs/agents covers selection triggers in detail.

Is the proof permanent if immut disappears?

Yes. The record lives on the public XRP Ledger, not on immut infrastructure. Verification needs only the transaction hash, the file, and for salted proofs the nonce that the owner holds. The proof outlives immut.

Can the proof be used as legal evidence?

Blockchain-anchored evidence is accepted in 88 countries and 171 jurisdictions, including US federal court (US v. Sterlingov, 2024) and the EU under eIDAS-2. Each proof comes with a court-ready certificate PDF.

Ready to put your agent to work?

Create an account, generate a scoped API key, and hand your agent the quickstart. The first proof takes five minutes.