展示HN：Conduit——带有SHA-256哈希链的无头浏览器 - Ed25519审计轨迹

I&#x27;ve been building AI agent tooling and kept running into the same problem: agents browse the web, take actions, fill out forms, scrape data -- and there&#x27;s zero proof of what actually happened. Screenshots can be faked. Logs can be edited. If something goes wrong, you&#x27;re left pointing fingers at a black box.<p>So I built Conduit. It&#x27;s a headless browser (Playwright under the hood) that records every action into a SHA-256 hash chain and signs the result with Ed25519. Each action gets hashed with the previous hash, forming a tamper-evident chain. At the end of a session, you get a &quot;proof bundle&quot; -- a JSON file containing the full action log, the hash chain, the signature, and the public key. Anyone can independently verify the bundle without trusting the party that produced it.<p>The main use cases I&#x27;m targeting:<p>- *AI agent auditing* -- You hand an agent a browser. Later you need to prove what it did. Conduit gives you cryptographic receipts. - *Compliance automation* -- SOC 2, GDPR data subject access workflows, anything where you need evidence that a process ran correctly. - *Web scraping provenance* -- Prove that the data you collected actually came from where you say it did, at the time you say it did. - *Litigation support* -- Capture web content with a verifiable chain of custody.<p>It also ships as an MCP (Model Context Protocol) server, so Claude, GPT, and other LLM-based agents can use the browser natively through tool calls. The agent gets browse, click, fill, screenshot, and the proof bundle builds itself in the background.<p>Free, MIT-licensed, pure Python. No accounts, no API keys, no telemetry.<p>GitHub: https:&#x2F;&#x2F;github.com&#x2F;bkauto3&#x2F;Conduit<p>Install: `pip install conduit-browser`<p>Would love feedback on the proof bundle format and the MCP integration. Happy to answer questions about the cryptographic design.