Stonewrit
Sign up

Introduction

Stonewrit Documentation

Stonewrit is the evidence API for AI-operated companies.

Modern software systems are no longer just used by humans. AI agents, internal automations, support tools, admin panels, and vendor integrations now perform sensitive actions across production systems.

Stonewrit helps companies turn those actions into tamper-evident compliance evidence.

Use Stonewrit to record:

  • AI agent tool calls
  • Sensitive data access
  • Admin and privileged actions
  • Vendor data-sharing events
  • Approval records
  • Policy decisions
  • Control checks
  • Exceptions

Every event sent to Stonewrit is normalized, hash-chained, and made available through auditor-ready APIs, dashboards, and exports.

What you can build with Stonewrit

With Stonewrit, your company can prove:

  • what happened
  • when it happened
  • who or what performed the action
  • which system or resource was touched
  • whether sensitive data was involved
  • whether a policy allowed or denied the action
  • whether approval was required
  • which compliance controls the event supports
  • whether the event was tampered with

Core workflow

  1. Create a project.
  2. Create an environment.
  3. Create an API key.
  4. Send structured evidence events to the API.
  5. View events in the dashboard.
  6. Verify event integrity.
  7. Map events to compliance controls.
  8. Export evidence for auditors.

Base URL

txt
https://api.stonewrit.com/api/v1

Your first event

bash
curl -X POST https://api.stonewrit.com/api/v1/events \
  -H "Authorization: Bearer stonewrit_live_xxxxxxxxx" \
  -H "Content-Type: application/json" \
  -H "Idempotency-Key: app_evt_001" \
  -d '{
    "event_type": "agent.tool_called",
    "occurred_at": "2026-05-26T14:05:00.000Z",
    "external_event_id": "app_evt_001",
    "source": {
      "system": "internal-ai-platform",
      "service": "invoice-agent",
      "environment": "prod"
    },
    "actor": {
      "type": "ai_agent",
      "id": "agent_invoice_creator"
    },
    "action": {
      "name": "create_draft_invoice",
      "category": "ai_tool_call",
      "result": "success"
    },
    "resource": {
      "type": "invoice",
      "id_hash": "sha256:90d2...",
      "classification": ["customer_data", "financial_data"]
    },
    "policy": {
      "decision": "allowed",
      "approval_required": true,
      "control_ids": ["SOC2-CC6.1", "SOC2-CC8.1"]
    }
  }'

Response:

json
{
  "id": "evt_01J...",
  "status": "accepted",
  "event_type": "agent.tool_called",
  "sequence": 1845,
  "hash": {
    "algorithm": "sha256",
    "canonicalization": "jcs-v1",
    "payload_hash": "sha256:payload...",
    "event_hash": "sha256:abc123...",
    "previous_event_hash": "sha256:def456...",
    "chain_id": "chain_env_prod_001",
    "chain_position": 1845
  }
}

Where to go next

New to Stonewrit? Start with the Quickstart, then read How Stonewrit Works.

Designing an integration? See the Recipes for patterns covering AI agents, CRUD APIs, approval workflows, and historical backfills.

Building the API integration? Skim Authentication, Events API, and Errors. Use Client Libraries for language-specific snippets.

Preparing for an audit? Read Prepare a SOC 2 Evidence Pack and Auditor Access.

Going to production? Walk through the Going Live checklist.

Doing security review? Read Trust and Compliance for Stonewrit's own security posture.