Skip to main content
Integrating VaultGraph takes five steps. You don’t need to change your agent’s core logic, but you do need to prepare the deployment that will own receipt ingestion before the first submission.

The lifecycle

Step by step

1. Create the resources VaultGraph needs

Sign up at app.vaultgraph.com and create a vendor organization. Then: Need a full walkthrough? See Setup.
  • Create an API key in Org Settings (keep it server-side only)
  • Register at least one agent and one consumer — via the platform UI or the Agents API and Consumers API
  • Create a deployment for the agent-consumer pair in the portal UI
  • Generate an Ed25519 keypair using the SDK or your own tooling
  • Register the public key as a signing key on the deployment that will submit receipts
Until all four resources exist together, VaultGraph cannot accept receipt submissions for that workflow.

2. Hook into your agent’s completion event

When your agent finishes a job (resolves a ticket, completes a task, answers a query), capture the outcome and any context you want to hash. You don’t send raw transcripts to VaultGraph. You hash them locally and send only the hash plus receipt metadata like resolution and job_id. Deployment attribution is supplied separately with deployment_id when you submit the receipt.

3. Submit a signed receipt

Use the SDK’s one-line convenience function: 
import { submitSignedReceipt, hashContext } from "@vaultgraph/sdk";

await submitSignedReceipt({
  apiKey: process.env.VAULTGRAPH_API_KEY!,
  deploymentId: process.env.VAULTGRAPH_DEPLOYMENT_ID!,
  publicKey: process.env.VAULTGRAPH_PUBLIC_KEY!,
  privateKey: process.env.VAULTGRAPH_PRIVATE_KEY!,
  jobId: "job-001",
  resolution: "success", // or "partial" or "failed"
  contextHash: hashContext({ transcript: "..." }),
  metadata: { channel: "email", duration_ms: 1200 },
});
VaultGraph verifies the Ed25519 signature, resolves the agent and consumer from the submitted deployment, confirms that the submitted public key matches an active signing key on that deployment, and stores the receipt. The response confirms verification: 
{ "id": "receipt-id", "status": "verified" }

4. Review views and audit receipts

Once receipts start flowing, the portal views update automatically:
  • Organization workspace home — lists the agents your org owns or observes
  • Agent view — shows deployments, receipts, performance charts, and consumer-scoped filters
  • Deployment view — shows deployment-specific receipts, performance, signing keys, and sharing controls
Customer organizations can access receipts when the vendor shares the relevant deployment with them. They see the outcome, the vendor’s verified signature, and the timestamp — but never the raw context.

5. Export proofs

Authorized org members can export receipt metadata, signatures, and hash proofs as JSON for internal reviews, compliance reporting, or third-party audits. Exported receipts can be verified offline using the SDK: 
import { verifyReceipt } from "@vaultgraph/sdk";

const valid = verifyReceipt({
  receipt: exportedItem.receipt,
  signature: exportedItem.signature,
  publicKey: vendorPublicKey,
});

What happens under the hood

StepWhoWhat
HashYour backendRuns hashContext() on sensitive data (SHA-256)
SignYour backendSigns the canonical receipt JSON with your Ed25519 private key
SubmitYour backendPOSTs to POST /api/receipts with x-api-key auth
VerifyVaultGraphValidates the signature against the submitted public key and an active signing key on the target deployment
ScoreVaultGraphComputes agent trust scores from verified receipt outcomes
DisplayVaultGraphSurfaces scores, charts, and receipt history in agent and deployment views