Documentation
RANKIGI Documentation
Everything you need to govern your AI agents. Copy-paste ready.
Quickstart
Up and running in 3 steps
Install
npm install @rankigi/sdkInitialize
import { Rankigi } from "@rankigi/sdk";
const rankigi = new Rankigi({
apiKey: process.env.RANKIGI_API_KEY,
agentId: "your-agent-id",
});Wrap your agent
// LangChain
agent.use(rankigi.middleware());
// OpenAI Assistants
const run = await rankigi.observe(assistant.run(thread));
// Custom agent
await rankigi.log({
action_type: "tool_call",
tool_invoked: "send_email",
input: { to: "user@example.com" },
output: { status: "sent" },
});Core Concepts
How RANKIGI works
Event Logging
Every agent action is SHA-256 hashed and appended to a tamper-evident chain.
await rankigi.log({
action_type: "tool_call",
tool_invoked: "query_database",
input: { query: "SELECT * FROM accounts" },
output: { rows: 42 },
});
// Hash computed automatically:
// sha256("tool_call:query_database:1703...")
// → "a3f9b2c1d8e3f2a1b6c4d7e9"Hash Chain
Each event references the previous event hash. Any modification breaks the chain instantly.
// Every event stores its own hash + the previous event hash
{
"event_id": "evt_9k2m",
"hash": "a3f9b2c1...", // SHA-256 of this event
"prev_hash": "7e4d1f8a...", // SHA-256 of previous event
}
// Tamper detection: hash(event) !== stored_hash → chain broken
// Run GET /api/agents/{id}/verify to check integrityPolicy Enforcement
Define rules that evaluate synchronously before your agent proceeds.
// Policies evaluated synchronously before the agent proceeds
{
"name": "block_wire_transfers",
"condition": "tool_invoked == 'send_wire'",
"action": "block", // or "flag" / "alert"
"alert": true,
}
// Blocked actions return { allowed: false } to your sidecarCompliance Reports
One-click exports mapped to EU AI Act, SOC 2, and HIPAA.
const report = await fetch("/api/reports/generate", {
method: "POST",
headers: { "Authorization": "Bearer " + apiKey },
body: JSON.stringify({
framework: "EU_AI_ACT", // or "SOC_2" / "HIPAA"
agent_ids: ["agent_123"],
date_range: { from: "2024-01-01", to: "2024-12-31" },
}),
});Intent Chain
Encrypted agent reasoning chained alongside events. Proves why an agent acted, not just what it did.
import { Rankigi } from "@rankigi/sdk";
const rankigi = new Rankigi({
apiKey: process.env.RANKIGI_API_KEY,
agentId: "your-agent-id",
intentKey: process.env.RANKIGI_MASTER_KEY, // AES-256 key
});
// Reasoning is encrypted client-side before transmission
await rankigi.trackWithIntent(
"web_search",
{ query: "Q4 revenue" },
{ results: [...] },
"User asked about revenue. Searching financials database first."
);
// The ciphertext hash is chained — proving intent existed at that momentIntent Chain
Encrypted agent reasoning
Intent Chain captures why your agent acted alongside what it did. Reasoning is AES-256-GCM encrypted client-side before transmission, and the ciphertext hash is included in the tamper-evident chain. Available on Professional plans and above.
Node.js SDK
Pass an intentKey at initialization and include reasoning with any track call.
import { Rankigi } from "@rankigi/sdk";
const rankigi = new Rankigi({
apiKey: process.env.RANKIGI_API_KEY,
agentId: "your-agent-id",
intentKey: process.env.RANKIGI_MASTER_KEY, // AES-256 key
});
// Reasoning is encrypted client-side before transmission
await rankigi.trackWithIntent(
"web_search",
{ query: "Q4 revenue" },
{ results: [...] },
"User asked about revenue. Searching financials database first."
);
// The ciphertext hash is chained — proving intent existed at that momentPython SDK
Pass intent_key at initialization. Requires pip install rankigi[intent].
from rankigi import Rankigi
rk = Rankigi(
api_key="rk_live_...",
agent_id="your-agent-uuid",
intent_key="your_64_char_hex_key",
)
rk.track_tool_call(
"web_search",
{"query": "Q4 revenue"},
results,
intent="Searching financials to answer user's revenue question.",
)Dashboard decryption
Authorized users can decrypt intent from the event detail page. Every decryption is logged in the intent access audit trail.
/api/agents/{id}/intent?event_id={eid}Integrations
Works with every major framework
Integrate as callbacks, middleware, or direct HTTP — no lock-in.
LangChain (Node.js)
Full callback integration — every chain, tool call, and LLM invocation captured automatically.
LangChain (Python)
Drop-in callback handler for LangChain Python — zero changes to your agent code.
OpenAI Assistants
Wrap assistant runs to capture all tool invocations and model outputs.
AutoGen
Drop-in observability for multi-agent AutoGen conversations.
CrewAI
Monitor every task, crew action, and tool call across your CrewAI pipelines.
Custom HTTP
POST events directly from Python, Go, or any HTTP client — no SDK required.
API Reference
REST API
Base URL: https://rankigi.com/api
Auth header: Authorization: Bearer <API_KEY>
/api/ingestSubmit an event to the tamper-evident audit chain
curl -X POST https://rankigi.com/api/ingest \
-H "Authorization: Bearer $RANKIGI_API_KEY" \
-H "Content-Type: application/json" \
-d '{
"agent_id": "agent_123",
"action": "tool_call",
"tool": "send_email",
"severity": "info",
"payload": { "to": "user@example.com" }
}'/api/agents/{id}/eventsQuery the full event timeline for an agent
curl https://rankigi.com/api/agents/agent_123/events \
-H "Authorization: Bearer $RANKIGI_API_KEY"/api/agents/{id}/verifyVerify hash chain integrity — returns any broken events
curl https://rankigi.com/api/agents/agent_123/verify \
-H "Authorization: Bearer $RANKIGI_API_KEY"
# Response: { "valid": true, "broken_events": [] }/api/snapshots/runGenerate a cryptographic point-in-time snapshot
curl -X POST https://rankigi.com/api/snapshots/run \
-H "Authorization: Bearer $RANKIGI_API_KEY" \
-H "Content-Type: application/json" \
-d '{ "agent_id": "agent_123" }'/api/reportsList all generated compliance reports
curl https://rankigi.com/api/reports \
-H "Authorization: Bearer $RANKIGI_API_KEY"/api/passport/verify/{passportId}Publicly verify a passport's governance status — no auth required
curl https://rankigi.com/api/passport/verify/{passportId}
# No authentication required — fully public endpoint
# Response: { ok, result, passport, governance, verified_by }Public Verification
Verifiable agent governance
Any third party can verify an agent's governance status without a RANKIGI account. Share the verification link or call the API directly.
Shareable links
Every passport has a public verification URL:
https://rankigi.com/verify/{passportId}The page displays agent name, passport status, scope, chain integrity, compliance score, and drift status. Organization name is only shown when the org has enabled their public profile in Settings.
API endpoint
No authentication required. Rate limited to 60 requests/minute per IP.
/api/passport/verify/{passportId}// Response schema
{
"ok": true,
"result": "pass",
"passport": {
"id": "...",
"agent_name": "payments-processor",
"version": 3,
"status": "active",
"risk_score": 97,
"authorized_tools": ["stripe_refund", "db_read"]
},
"governance": {
"chain_verified": true,
"compliance_score": 99,
"total_governed_events": 12847,
"drift_status": "nominal"
},
"organization": { "name": "Acme Corp" },
"verified_by": "RANKIGI Open Agent Governance Standard v1.0",
"verify_url": "https://rankigi.com/verify/..."
}Integration example
Verify an agent's governance status from your backend before granting access.
const res = await fetch(
"https://rankigi.com/api/passport/verify/" + passportId
);
const { result, governance } = await res.json();
if (result !== "pass" || !governance.chain_verified) {
throw new Error("Agent governance check failed");
}Policies
Defining policies
Policies are evaluated synchronously before each agent action executes. Configure them in /dashboard/enforce or POST to /api/enforce/policies. Supported actions: block, flag, alert.
{
"policies": [
{
"name": "block_financial_tools",
"condition": "tool_invoked IN ['send_wire', 'transfer_funds']",
"action": "block",
"alert": true
},
{
"name": "off_hours_restriction",
"condition": "hour(timestamp) NOT IN [9..17]",
"action": "flag",
"alert": true
}
]
}SDK Reference
SDK Documentation
Full reference documentation for each SDK.
Incident Replay
Incident Replay
Select any time window and replay exactly what an agent did — step by step, hash by hash. Every action, input hash, output hash, intent reasoning, and policy flag in chronological order. The forensic record CISOs and auditors actually need.
Dashboard Replay
Navigate to any agent's detail page and click View Replay. Set a start and end time, then hit Replay. Events flow as a timeline — click any event to expand full hashes, intent reasoning, and policy flags. Use the Export button to download the replay as a signed JSON artifact for legal evidence.
API Endpoint
/api/agents/{id}/replayQuery parameters:
| start | ISO 8601 timestamp — beginning of replay window |
| end | ISO 8601 timestamp — end of replay window (max 24h) |
| include_intent | boolean — decrypt intent reasoning (Pro+ only) |
Verifying the Replay Hash
Every replay response includes a replay_hash— a SHA-256 digest of the entire payload (excluding the hash itself). To verify independently: remove the replay_hashfield, JSON-stringify the remaining object, and compute SHA-256. The result must match. This proves the exported replay file hasn't been tampered with after export.
Example Use Case
“Show me exactly what this agent did during the outage.”
- Open the agent's profile in the RANKIGI dashboard
- Click View Replay
- Set the time window to cover the outage period
- Review each step: tool calls, hashes, intent reasoning, policy flags
- Click Export to download the replay as a JSON evidence artifact
- Share the file with your auditor — the
replay_hashproves integrity
Agent Federation
Agent-to-Agent Federation
Cross-organization agents verify each other's governance passports before delegating tasks or sharing data. Every handshake is trust-scored, scope-limited, time-bound, and cryptographically logged to both agents' audit trails.
How It Works
- Initiate — Company A's agent sends its passport ID + requested scopes to RANKIGI
- Verify — RANKIGI resolves both passports, verifies governance posture, calculates a trust score (0–1)
- Scope — Permitted scope = intersection of requested scopes and receiver's accepted scopes
- Session — A time-bound session token (15 min) is issued with a federation hash
- Execute — Agents interact within the scoped session, then mark the handshake completed
Trust Score Calculation
The trust score is computed from the initiating agent's governance posture:
| Signal | Weight |
|---|---|
| Base score | +0.50 |
| Chain verified (no gaps) | +0.15 |
| Compliance score > 90% | +0.15 |
| Drift status: nominal | +0.10 |
| Has human owner | +0.05 |
| Has approver | +0.05 |
| Recent violations (> 0) | -0.10 |
| Drift status: critical | -0.20 |
API Endpoints
/api/federation/initiateStart a cross-org handshake. Body: initiator_passport_id, receiver_passport_id, requested_scope[]
/api/federation/verify/{handshakeId}Public verification. Returns validity, status, trust score, permitted scope, and federation hash.
/api/federation/complete/{handshakeId}Mark handshake as completed after task execution. Logs federation_completed to both audit trails.
/api/federation/reject/{handshakeId}Reject a handshake with optional reason. Logs federation_rejected to both audit trails.
/api/federation/history/{agentId}All federation handshakes for an agent (both initiator and receiver). Supports ?status= and pagination.
/api/agents/{id}/federation/statusAgent's federation configuration: enabled status, endpoint URL, accepted scopes, handshake counts.
Federation Hash
Every handshake includes a federation_hash— a SHA-256 digest of the canonical JSON containing both passport IDs, permitted scope, trust score, and session token. Either party can independently verify the hash to confirm the handshake hasn't been tampered with.
Example: Cross-Org Data Sharing
“Before our agent shares customer data with Partner Corp's agent, verify their governance posture.”
- Your agent calls
POST /api/federation/initiatewith both passport IDs andrequested_scope: ["read:customers"] - RANKIGI resolves Partner Corp's agent passport, checks their chain integrity and drift status
- Trust score comes back 0.85 — their chain is clean, owner assigned, no violations
- A 15-minute session token is issued with scope
read:customers - Your agent uses the session to share data, then calls
POST /api/federation/complete - Both agents' audit trails now contain the complete federation record
Policy Marketplace
Policy Marketplace
Pre-built, auditable governance policies mapped to compliance frameworks. Install with one click. Verified by RANKIGI.
Available Frameworks
soc2-agentAccess control, change management, and monitoring mapped to SOC 2 Trust Services Criteria
hipaa-agentPHI access logging, minimum necessary access, breach detection thresholds
pci-dss-agentTransaction limits, card data restrictions, velocity checks, off-hours monitoring
eu-ai-act-agentHuman oversight, transparency logging, bias detection, right-to-explanation
API Endpoints
/api/marketplaceBrowse all policies. Supports ?category=, ?framework=, ?verified=true, ?search= filters.
/api/marketplace/{slug}Get full policy details including rules, config schema, and trust signals.
/api/marketplace/{slug}/installInstall a policy to your org. Optional body: { config: {} }
/api/marketplace/{slug}/uninstallRemove an installed policy from your org.
/api/marketplace/installedList your org's installed marketplace policies with configuration.
/api/marketplace/{slug}/configureUpdate configuration or enable/disable an installed policy.
Tier Limits
| Tier | Marketplace Policies |
|---|---|
| Free / Starter | Up to 2 |
| Pro / Growth | Up to 10 |
| Business+ | Unlimited + community submissions |
| Enterprise | Unlimited + private org marketplace |
Ready to govern your agents?
Start capturing tamper-evident logs in under 5 minutes.