AttestMCP is a transparent proxy that generates tamper-evident audit trails for AI agent memory — so your SOC 2 auditor stops blocking the deal.
Security questionnaires include questions about agent behavior, memory access, and data retention. No audit trail means no attestation.
"We love your AI product, but we can't pass security review." The same conversation, repeated across every Series A/B startup shipping agents.
Carriers require documented AI controls. 33% of organizations lack evidence-quality audit trails for their AI systems.
Mem0, Zep, Hindsight — great memory. Lunar MCPX, MintMCP — great governance. Zero products combine memory awareness with compliance evidence.
Change one URL in your MCP config. Your agent talks to AttestMCP instead of the memory server directly. Requests and responses pass through unchanged.
Identity extracted from JWT tokens. Request and response hashed. Audit record written to a SHA-256 hash chain before the response returns. Synchronous. No lost records.
Run attestmcp report to generate a self-contained HTML evidence report mapped to SOC 2 CC6.1, CC6.3, CC7.2, and CC8.1. Chain integrity verified on every run.
{
"record_id": "0192e4a1-7b3c...",
"timestamp": "2026-04-15T14:32:01Z",
"agent_identity": {
"source": "oauth_jwt",
"user": "deploy-bot@acme.com",
"agent_name": "support-agent-v2",
"org": "acme-corp",
"verified": true
},
"method": "tools/call",
"tool_name": "search_memories",
"params_hash": "a1b2c3d4e5f6...",
"policy_decision": "allow",
"result_hash": "f6e5d4c3b2a1...",
"chain_hash": "9f8e7d6c5b4a..."
}
Identity on every record — who accessed memory, verified by JWKS or claimed from JWT.
Policy decisions (allow/deny/escalate/redact) logged with role claims for access reviews.
Continuous audit trail. Every tool invocation captured with request/response hashes and latency.
SHA-256 hash chain. Modify, delete, or reorder any record → chain breaks. Tamper-evident by design.
Open source. Drop-in proxy. Evidence in minutes, not months.