CFChimeraforge
Skip to demo
back to showScene · 03
A live walkthrough · TDD-004 provenance chain

Every action,signed and chained.

When an agent does something — read a file, write a file, make an HTTP call — that action becomes a signed, hash-chained event. Anyone with the public key and the chain root can verify it happened, in this exact position, after these exact predecessors. No central audit service in the loop. The whole thing verifies in any language with crypto primitives.

Most chatbots
0
records of what they did
Audit logs
1 log
that you have to trust
This system
3 checks
per event, locally verifiable

most chatbots: ran the tool, forgot what happened.

audit logs: centralized log you have to trust the operator of.

this system: SHA3-256 + Ed25519 + chain + Merkle — three independent crypto checks per event.

Below is a real trace — five events in one chain. Pick any event in the timeline to inspect its canonical bytes, its hash, its signature, its chain link, and its Merkle proof against the chain root. The fifth event was signed honestly, then tampered with after the fact — the signature catches it.

Scope:all crypto material on this page is real. The Ed25519 keypairs were generated by Node's native crypto.generateKeyPairSync; the SHA3-256 hashes are real digests; the Merkle proofs verify against the real root. The wire format mirrors tdd004_provenance/src/lib.rs structurally — same domain tag, schema version, length-prefixed strings, sorted metadata. The JS port has not been diffed against a Rust-produced fixture, so cross-implementation byte-equality is structural intent, not asserted.

spec · TDD-004 provenancegenerated · 2026-05-15events · 5
Event 1 of 5. An agent was spawned — the genesis event. Every audit trail starts
Trace · 5 events · single chain
trace-2026-05-15-7f3a
Merkle root
e38439a06313…8de4f0b4
Event timeline
Event 1 of 5
agent.spawn · agent-orchestrator

spawn cognitive agent (style=Adversarial, domain=security)

An agent was spawned. Real Ed25519 keypair, real SHA3-256 digest, real Merkle path against the chain root.

Walkthrough · beat 1 of 18intro
per-event audit cost
~0.41ms(est.)
SHA3-256 hash + Ed25519 sign + Merkle proof (3 levels)
centralized audit DB
~25ms
network + replicated DB write — and you have to trust the operator
saved
98.4%
and verifiable in any language with crypto primitives

The crypto algorithms on this page are deterministic, well-known, and ported from the Rust implementation in tdd005/crates/tdd004_provenance/src/lib.rs. The canonical_bytes wire format (domain tag PROV_EVENT_V1, schema version 1, length-prefixed UTF-8 strings, sorted metadata) follows the same structure. The Merkle root and per-event proofs use SHA3-256 with duplicate-last-for-odd, matching the Rust merkle_root() and merkle_proof() shape. The JS port has not been cross-verified against a Rust-produced fixture; byte-level wire equality is structural intent, not asserted.

The build pipeline lives at demo/build-data-provenance-chain.mjsin Banterpacks. It uses Node's built-in node:crypto module — no external crypto dependency. Hot/warm/cold lifecycle tiering (WAL → rotated logs → S3 archive) is implemented in tdd005/crates/chimera-core/src/util.rs (env-gated by TDD005_PROVENANCE_HOT_DAYS/_WARM_DAYS) with S3 backup via the chimera-core /backup/run handler; tdd004_provenance/src/wal.rs is the per-agent append-only WAL the tiering compacts from. Runtime concern, not visualised in this walkthrough.