Integration: Cryptographic signing for traces with asqav

[jagmarques]

Proposing an integration to add cryptographic integrity to Langfuse traces using asqav.

The gap: Langfuse captures comprehensive LLM traces, but those traces are stored in a regular database. For regulated industries (EU AI Act, SOC2, HIPAA), auditors need proof that logs haven't been tampered with.

Proposed integration: An asqav plugin/exporter that signs Langfuse traces at collection time with ML-DSA-65 (quantum-safe, NIST FIPS 204). Each trace gets a cryptographic signature and a public verification URL.

This turns Langfuse traces from "we logged it" into "we can prove it happened exactly this way."

• SDK: https://github.com/jagmarques/asqav-sdk (MIT)
• Website: https://asqav.com

[Steffen911]

@jagmarques Thank you for submitting this idea! I've moved this to a discussion to gauge whether this is interesting to the community as discovery and voting is easier here.

[jagmarques]

Concrete integration sketch: a LangfuseExporter in the asqav SDK that hooks into Langfuse span events and calls asqav.sign(action_type=langfuse.trace, context={trace_id, span_id, inputs_hash, outputs_hash}) per span. One env var (ASQAV_API_KEY), no changes to Langfuse internals. Would ship as pip install asqav[langfuse]. Happy to open a PR if there is traction here.