TL;DR
LangSmith helps you debug and optimize LangChain agents during development. Sigstore proves that a package you downloaded came from its claimed publisher. Marturia produces tamper-evident receipts that show exactly what an AI agent decided for a specific user at a point in time. Use the decision tree below to pick the right starting point.
The three distinct problems¶
LangSmith instruments LangChain (and increasingly other frameworks) so developers can see every step of an agent run: which prompt was sent, which tools were called, token counts, and intermediate outputs. Its value is in iteration speed and cost control while you are still writing the agent.
Sigstore is a public transparency log for software artifacts. When a maintainer signs a wheel, container image, or npm tarball with Fulcio-issued certificates and Rekor records the signature, anyone can later verify that the binary they pulled was produced by that maintainer and has not been altered since. It solves supply-chain provenance, not runtime behavior.
Marturia attaches an Ed25519-signed receipt to every production decision an agent makes. The receipt contains a hash of the inputs, the model version, the output, and a timestamp. Receipts are hash-chained and periodically anchored to a Merkle tree so that, months later, you can still prove to a customer, regulator, or court that the agent returned a particular answer on a particular date.
Where each tool is strongest and where it falls short¶
LangSmith shines while the agent is still in the prompt-engineering phase. Its traces make it obvious when retrieval is failing or a tool is returning noisy data. It does not, however, produce anything an external auditor can treat as evidence; the data lives in LangSmith’s SaaS store and can be edited or deleted by the operator.
Sigstore is the right choice for every package you publish or consume. Once a release is signed, downstream users obtain cryptographic proof of origin without trusting your website. It says nothing about what the running agent later decided to do with user data.
Marturia is built for the production audit use case. Because receipts are signed at decision time and anchored, they survive log rotation, database migrations, and even the deletion of the original trace. The trade-off is that it adds a small signing step to every agent response and is not intended for interactive debugging.
Using all three together¶
A realistic stack looks like this:
- LangSmith runs in staging and early production to surface prompt or retrieval problems.
- Sigstore signs every Docker image and Python wheel that leaves CI.
- Marturia wraps the production agent endpoint, emitting a receipt for each user-facing decision.
The three systems do not overlap in the data they protect, so there is no duplication of effort.
Decision matrix¶
| Primary need | Recommended tool | Secondary tools that still help | Reason |
|---|---|---|---|
| Reduce token spend and fix broken chains | LangSmith | Marturia (later) | Requires live traces and prompt comparison |
| Prove a released package was not tampered | Sigstore | None | Only Sigstore maintains a public, append-only log |
| Show a regulator what the agent told user X on date Y | Marturia | LangSmith (dev), Sigstore (deployment) | Receipts are signed and timestamped at decision time |
| All of the above for a customer-facing agent | All three | — | Different layers of the stack |
Related Marturia resources¶
- /docs/
- /learn/lesson_09_competitive_landscape.html