Skip to main content
Every compliance action in Complior produces a cryptographic evidence entry. The chain is stored in .complior/evidence/chain.json.

How it works

1

Action occurs

Scan completes, fix applied, passport updated, document generated.
2

Hash computed

SHA-256 hash of the artifact (scan result, fix diff, passport JSON, document).
3

Signature created

Ed25519 signs the hash with the project’s private key (~/.config/complior/keys/).
4

Chain entry added

Entry includes: event type, timestamp, hash, signature, and reference to previous entry.

Recorded events

Verification

For auditors

The evidence chain proves: what was checked, when, what was found, what was fixed, and in what order. Each entry is independently verifiable without trusting Complior itself — the auditor can re-hash any artifact and verify the ed25519 signature.