.complior/evidence/chain.json.
How it works
1
Action occurs
Scan completes, fix applied, passport updated, document generated.
2
Hash computed
SHA-256 hash of the artifact (scan result, fix diff, passport JSON, document).
3
Signature created
Ed25519 signs the hash with the project’s private key (
~/.config/complior/keys/).4
Chain entry added
Entry includes: event type, timestamp, hash, signature, and reference to previous entry.