LEDGIT

No. Without an ENS name, set LEDGIT_TOPIC_ID in your .env and it works the same way. ENS just makes verification self-discoverable — anyone can resolve the name instead of passing around a topic ID.

Two steps. First, run ledgit init --agent yourname.eth to create an HCS topic. Second, go to sepolia.ens.app (or your ENS manager), find your name, and add a text record with key ledgit.hcs.topic and value set to your topic ID. Then ledgit verify yourname.eth resolves automatically — no env vars needed.

For high and medium risk actions, yes — that's the point. Low-risk actions skip hardware. If you don't have a Ledger, you can still use low-risk actions for development, or the CLI falls back to software signing.

Everything in this demo runs on Hedera testnet (free HBAR from portal.hedera.com) and ENS Sepolia (testnet). No real funds required. For mainnet production, you'd need real HBAR for HCS messages and transfers, and real ETH for ENS operations.

The code is ready — set HEDERA_NETWORK=mainnet and network.ens: 'mainnet' in config. HashScan and mirror node URLs auto-switch. But the demo was built and tested on testnet.

Each action is reviewed independently on the device. The human sees and approves every high/medium risk action one at a time. This is intentional — you don't want blind batch approvals.

Yes — edit .ledgit/config.json. Each action type has a type name, label, description template, fields, and risk level. Run ledgit tools schema after editing to regenerate the agent tool definition.

Run ledgit verify-sig <action-id> --agent <name>. This recovers the signer's Ethereum address from the Ledger signature using viem. Software-generated signatures (low risk) show a note instead.

It won't appear in the audit trail. The dashboard shows a red dashed border with Missing Signature for high-risk actions without a Ledger signature. The action is visible on HCS but flagged as unverified.

Yes — set the same topic ID for each agent in .ledgit/config.json. Each action records the agent name so the trail is filterable. Alternatively, each agent gets their own topic for full isolation.

Set ENCRYPTION_KEY (64 hex chars) in your .env. Actions submitted after that are encrypted with AES-256-GCM before HCS submission. Sequence numbers and timestamps remain public; content is private to key holders. The dashboard shows 🔒 Encrypted if the key isn't available.

The Hedera Agent Kit is a LangChain toolkit for Hedera operations (transfers, tokens, HCS messaging). LEDGIT is the human-in-the-loop audit layer. The Agent Kit returns unsigned bytes for human approval — you figure out signing. LEDGIT sends actions directly to a Ledger device for one-button hardware approval, then records the signed proof to HCS with risk levels and ENS identity. They're complementary: use the Agent Kit for agent framework integration and LEDGIT for hardware signing and audit. See the full comparison in the README.

Most audit approaches weren't designed for autonomous agents. Basic logs can be faked or deleted and provide no cryptographic proof. Software prompts ("Are you sure?") can be automated or bypassed by the agent. Multi-sig wallets are designed for humans, not agents, and provide no audit trail of why an action was approved. Blockchain explorers show raw transactions but not the human reasoning or approval context. Agentic logging platforms (LangSmith, Weights and Biases, MLflow) track prompt inputs and outputs but don't provide hardware-backed human approval, immutable record-keeping, or on-chain agent identity. LEDGIT addresses all of these: hardware-backed signing proves human intent, HCS provides immutable ordered records, and ENS names give agents human-readable, discoverable identities with full approval context.