A page that anchors artefacts (bytecode, detector configs, CLI
invocations, scan reports, findings, capsules, custom blobs) into a
hash-chain ledger. The actions row exposes Verify chain,
+ Anchor artefact, Try Me, Export JSON, Export CSV,
and Clear ledger. A Simulate a tamper section contains a
Tamper record action for teaching and testing.
Why it exists
Audit output is only defensible if its provenance is verifiable.
This page records each artefact’s hash in a chain, exposes
verification on demand, and lets a reviewer simulate a tamper to
see the chain fail — so the property is visible instead of implicit.
Who uses it
Auditor — anchors key artefacts during an engagement.
Reviewer — verifies chain integrity for reporting or court
use.
How to open it
Sidebar → Ledgers → Provenance Ledger.
Direct URL — /provenance-ledger.
Using the page
+ Anchor artefact — opens the anchor form with a kind
selector: Bytecode, Detector config, CLI invocation,
Scan report, Finding, Capsule, Custom.
Verify chain — recomputes hashes and reports whether the
chain is intact.
Try Me — loads a sample chain.
Export JSON / Export CSV — download the ledger (with
anchor metadata) or the records table.
Clear ledger — admin-restricted; shows a notice that the
operation requires the CLI or an admin.
Simulate a tamper → Tamper record — disabled against the
server-backed ledger; displays a notice explaining that API
records are tamper-evident by construction.
Inputs and outputs
Input
Source
Required
Artefact
Anchor form
yes to anchor
Output
Format
Destination
Ledger + anchor metadata
JSON
Browser download
Records table
CSV
Browser download
Verification result
In-page status
Ledger header
Controls reference
Verify chain — recomputes the chain.
+ Anchor artefact — opens the anchor form.
Try Me — loads a sample.
Export JSON / Export CSV — output actions.
Clear ledger — admin-gated; displays a notice.
Tamper record — disabled in server mode; displays a notice.
Limits
Requires a signed-in account.
Clear ledger and Tamper record are admin-restricted and
cannot be performed from this UI against the server-backed ledger.
The hash chain is maintained per-ledger; it does not
cross-reference external anchors such as timestamping services.