Integrity (Receipts & Fixity)

Verifiable provenance, by design

Every version emits a signed provenance receipt. Primary storage uses enterprise-grade infrastructure; we mirror to a decentralized layer and run nightly fixity checks. You can verify a version's integrity in seconds.

What's inside a receipt

Content & Metadata

• Content digest (e.g., SHA-256) of the metadata/file bundle
• Issued-at timestamp
• Version facts: root ARK, version number, change note

Storage & Security

• Pointers: Primary storage key and decentralized mirror URL
• Signer: service identity (rotated keys)
• Result on verify: Signature valid / Mirror OK / Fixity OK

Mirroring

On publish, we upload to our decentralized mirror and record the pointer.

Decentralized backup

Fixity

Nightly primary↔mirror checks; mismatches trigger quarantine + rebuild.

Automated verification

Visibility

Fixity state shows on the resolver

Mirror OKInvestigatingFixity Error

Optional anchoring (post-GA)

We can batch daily Merkle roots of receipts and anchor the root on a public chain. This is invisible to users but produces a public timestamp for auditors.

FAQ

Do I see private keys?

No. Receipts are verifiable with our public keys.

What if the mirror is down?

The primary copy remains available; we retry the mirror.

Can I download receipts?

Yes—resolver Proofs tab (per version).