docs(integrations): add Asqav (signed agent audit trails) to frameworks#2882
Closed
jagmarques wants to merge 2 commits intolangfuse:mainfrom
Closed
docs(integrations): add Asqav (signed agent audit trails) to frameworks#2882jagmarques wants to merge 2 commits intolangfuse:mainfrom
jagmarques wants to merge 2 commits intolangfuse:mainfrom
Conversation
Adds a frameworks integration page describing how to use Asqav alongside Langfuse. Asqav holds a signed, tamper-evident record of each agent action; Langfuse holds the trace, prompts, completions, and scores. The page shows the join pattern via a shared trace_id and registers the new page in content/integrations/frameworks/meta.json.
|
@jagmarques is attempting to deploy a commit to the langfuse Team on Vercel. A member of the Team first needs to authorize it. |
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
|
|
dosubot
Bot
added
size:L
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
|
|
||
| This page shows how to combine [Asqav](https://asqav.com) with Langfuse so the trace you use to debug an agent and the audit record you hand to a regulator stay linked by a shared `trace_id`. | ||
|
|
||
| > **What is Asqav?** [Asqav](https://github.com/asqav/asqav-sdk) is an AI agent governance layer that produces signed, tamper-evident audit records for agent actions. Each call to `agent.sign(...)` returns a verification URL backed by an ML-DSA (post-quantum) signature. By default the SDK runs in hash-only mode, so prompts and tool inputs are hashed locally and only the digest plus metadata is sent to Asqav. The default deployment is GDPR-aware data minimization and is designed to support EU AI Act reporting obligations. |
Contributor
There was a problem hiding this comment.
The link https://github.com/asqav/asqav-sdk will 404. Based on the PyPI package metadata, the asqav.com homepage, and the PR author's profile, the actual repository is at https://github.com/jagmarques/asqav-sdk.
Suggested change
| > **What is Asqav?** [Asqav](https://github.com/asqav/asqav-sdk) is an AI agent governance layer that produces signed, tamper-evident audit records for agent actions. Each call to `agent.sign(...)` returns a verification URL backed by an ML-DSA (post-quantum) signature. By default the SDK runs in hash-only mode, so prompts and tool inputs are hashed locally and only the digest plus metadata is sent to Asqav. The default deployment is GDPR-aware data minimization and is designed to support EU AI Act reporting obligations. | |
| > **What is Asqav?** [Asqav](https://github.com/jagmarques/asqav-sdk) is an AI agent governance layer that produces signed, tamper-evident audit records for agent actions. Each call to `agent.sign(...)` returns a verification URL backed by an ML-DSA (post-quantum) signature. By default the SDK runs in hash-only mode, so prompts and tool inputs are hashed locally and only the digest plus metadata is sent to Asqav. The default deployment is GDPR-aware data minimization and is designed to support EU AI Act reporting obligations. |
Prompt To Fix With AI
This is a comment left during a code review.
Path: content/integrations/frameworks/asqav.mdx
Line: 12
Comment:
**Incorrect GitHub URL for Asqav SDK**
The link `https://github.com/asqav/asqav-sdk` will 404. Based on the PyPI package metadata, the `asqav.com` homepage, and the PR author's profile, the actual repository is at `https://github.com/jagmarques/asqav-sdk`.
```suggestion
> **What is Asqav?** [Asqav](https://github.com/jagmarques/asqav-sdk) is an AI agent governance layer that produces signed, tamper-evident audit records for agent actions. Each call to `agent.sign(...)` returns a verification URL backed by an ML-DSA (post-quantum) signature. By default the SDK runs in hash-only mode, so prompts and tool inputs are hashed locally and only the digest plus metadata is sent to Asqav. The default deployment is GDPR-aware data minimization and is designed to support EU AI Act reporting obligations.
```
How can I resolve this? If you propose a fix, please make it concise.|
|
||
| ## Resources | ||
|
|
||
| - [Asqav SDK on GitHub](https://github.com/asqav/asqav-sdk) |
Contributor
There was a problem hiding this comment.
Same broken link as in the blockquote above — the repository owner is jagmarques, not asqav.
Suggested change
| - [Asqav SDK on GitHub](https://github.com/asqav/asqav-sdk) | |
| - [Asqav SDK on GitHub](https://github.com/jagmarques/asqav-sdk) |
Prompt To Fix With AI
This is a comment left during a code review.
Path: content/integrations/frameworks/asqav.mdx
Line: 112
Comment:
**Same incorrect GitHub URL in Resources**
Same broken link as in the blockquote above — the repository owner is `jagmarques`, not `asqav`.
```suggestion
- [Asqav SDK on GitHub](https://github.com/jagmarques/asqav-sdk)
```
How can I resolve this? If you propose a fix, please make it concise.| | Langfuse | trace, prompt, completion, latency, cost, evals, scores | engineers debugging the agent | | ||
| | Asqav | hash of the action, agent ID, action type, signature, timestamp, optional `trace_id` | auditors, risk and compliance teams | | ||
|
|
||
| The `trace_id` you put on both sides is the join key. If a regulator asks for evidence of a specific signed action, you hand them the Asqav verification URL; if you need to look up the prompt and completion behind that action, you search Langfuse for the same `trace_id`. |
Contributor
There was a problem hiding this comment.
trace_id" is misleading
The Asqav-generated trace_id is stored in Langfuse as metadata.asqav_trace_id, not as Langfuse's native trace ID (which is auto-generated by @observe). Telling readers to "search Langfuse for the same trace_id" implies a direct ID lookup that won't work — they'd actually filter by metadata.
Suggested change
| The `trace_id` you put on both sides is the join key. If a regulator asks for evidence of a specific signed action, you hand them the Asqav verification URL; if you need to look up the prompt and completion behind that action, you search Langfuse for the same `trace_id`. | |
| The `trace_id` you put on both sides is the join key. If a regulator asks for evidence of a specific signed action, you hand them the Asqav verification URL; if you need to look up the prompt and completion behind that action, you filter the Langfuse Trace Table by `metadata.asqav_trace_id` matching that value. |
Prompt To Fix With AI
This is a comment left during a code review.
Path: content/integrations/frameworks/asqav.mdx
Line: 108
Comment:
**"Search Langfuse for the same `trace_id`" is misleading**
The Asqav-generated `trace_id` is stored in Langfuse as `metadata.asqav_trace_id`, not as Langfuse's native trace ID (which is auto-generated by `@observe`). Telling readers to "search Langfuse for the same `trace_id`" implies a direct ID lookup that won't work — they'd actually filter by metadata.
```suggestion
The `trace_id` you put on both sides is the join key. If a regulator asks for evidence of a specific signed action, you hand them the Asqav verification URL; if you need to look up the prompt and completion behind that action, you filter the Langfuse Trace Table by `metadata.asqav_trace_id` matching that value.
```
How can I resolve this? If you propose a fix, please make it concise.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Adds Asqav as a frameworks integration page.
Asqav (https://asqav.com) is an AI agent governance layer that produces signed, tamper-evident audit records for agent actions. The page positions Asqav as a complement to Langfuse, not a replacement: Langfuse holds the trace, prompts, completions, and scores; Asqav holds a signed record that can be verified by an external auditor. The example shows both tools coexisting in one Python function with a shared
trace_id.The MDX matches the structure of recent framework pages (
crewai.mdx,pydantic-ai.mdx,openai-agents.mdx). Sidebar registration done incontent/integrations/frameworks/meta.json(alphabetical betweenamazon-agentcoreandautogen). No new image asset was added;logois optional in the schema.Test plan
FrameworksDisclaimer: Experimental PR review
Greptile Summary
This PR adds a new
asqav.mdxframework integration page showing how Asqav's signed audit trails and Langfuse traces can be linked by a sharedtrace_id, and registers the page alphabetically inmeta.json. The structure and writing style match existing framework pages well.https://github.com/asqav/asqav-sdk(lines 12 and 112), but the actual repository ishttps://github.com/jagmarques/asqav-sdk— both will 404 for readers.trace_id", but the Asqav ID is stored asmetadata.asqav_trace_idrather than as Langfuse's native trace ID; a small wording fix would prevent confusion.Confidence Score: 3/5
Not safe to merge as-is — two documentation links will 404 for all readers.
Two P1 findings (identical broken GitHub URL in two places) hold the score below 4. The remaining issues are P2 (import style, text clarity) and would not block on their own.
content/integrations/frameworks/asqav.mdx — fix the GitHub repository URLs on lines 12 and 112.
Important Files Changed
asqav/asqav-sdkinstead of the correctjagmarques/asqav-sdk, and a mildly misleading cross-referencing description for the shared trace_id.Sequence Diagram
sequenceDiagram participant App as Application Code participant LF as Langfuse (@observe) participant Asqav as Asqav SDK App->>LF: @observe wraps answer_question() App->>Asqav: asqav.generate_trace_id() Asqav-->>App: trace_id (shared key) App->>LF: update_current_trace(metadata={asqav_trace_id: trace_id}) App->>App: LLM call (OpenAI, LangChain, etc.) App->>Asqav: agent.sign(action, context, trace_id) Asqav-->>App: receipt (signature_id, verify_url) App->>LF: flush() — trace stored with asqav_trace_id in metadata Note over LF,Asqav: Linked by trace_id — debug in Langfuse, audit via Asqav verify_urlPrompt To Fix All With AI
Reviews (1): Last reviewed commit: "docs(integrations): add Asqav (signed ag..." | Re-trigger Greptile