Docs / Primitives / Provenance chains

Provenance chains

A chain is an append-only, cryptographically signed log for audit trails and provenance tracking.

Declaration

cleat

chain AuditTrail {
    signing: ed25519
    fn">@retention(7y)

    record Entry {
        source: string,
        hash: sha256,
        timestamp: time,
    }
}

Clauses

Clause	Description
`signing:`	Cryptographic algorithm (`ed25519`)
`@retention(duration)`	Retention period annotation
`record Name { ... }`	Typed schema for chain entries

Operations

cleat

let trail = new_AuditTrail()

// Append a signed record
let hash = trail.append(Entry {
    source: "review-agent",
    hash: crypto.sha256("data"),
    timestamp: time.now(),
})?

// Verify chain integrity
let valid = trail.verify()  // checks signatures and hash linkage

// Count records
let n = trail.count()

Each record is JSON-serialized, hashed against the previous record's hash (creating a linked chain), and signed with the Ed25519 key generated at construction time.

✎ Edit this page on GitHub