Trace integrity

• Tamper-evident means any alteration after recording breaks hash links or external anchors — the change is detectable, not invisible.
• We do not claim traces are tamper-proof or that model outputs are always correct. Cryptographic chaining attests to ledger continuity, not business truth.
• Pre-cutover events may be marked pre-chain and are outside the ledger.

• Each tenant has an append-only ledger of canonical JSON payloads.
• Each entry hash is SHA-256(prev_hash + payload) with sorted JSON keys; genesis uses a fixed zero prev-hash.
• Runs sealed after cutover receive a run_seal entry linked to the prior head.
• Quantlix runs an hourly integrity job that re-verifies hash continuity per tenant.

• Completed segments are batched into Merkle trees; segment roots are published to Sigstore Rekor (public transparency log).
• Optional OpenTimestamps calendars provide a secondary time-stamping path when enabled.
• Anchoring matters because it binds Quantlix's internal ledger to an independent, queryable record — useful for audits and incident response.

• In the portal, open a run or enforcement event and download the integrity proof bundle (JSON).
• Run the open-source CLI — no Quantlix API credentials required:

  npx @quantlix/verify --proof quantlix-proof-<run_id>.json

• The CLI checks local chain proof + Merkle path, then fetches the Rekor entry once to confirm the segment root matches the public log.

@quantlix/verify package → · Verification algorithm →

PDF and CSV exports ship as zip files containing audit-bundle.pdf or section CSVs, plus HOW_TO_VERIFY.txt, bundle.json, and verify_audit_bundle.py — no Quantlix login required.

• Content digest — confirms evidence sections match the digest recorded in the manifest (internal consistency). To prove the artifact has not changed since export, compare that digest with a trusted external copy (Quantlix export history, a separately shared digest, or another trusted channel).
• Chain snapshot — confirms the org trace head and anchor references in the manifest are internally consistent.
• Rekor anchors — when present and passing, listed segment Merkle roots match public Rekor log entries (checkable without Quantlix software).

Manual Rekor step (browser or curl): open the lookup URL listed in HOW_TO_VERIFY.txt for each anchor UUID and confirm spec.data.hash.value matches the segment Merkle root in the manifest. Air-gapped reviewers can use embedded rekor_entry_b64 snapshots in the manifest or run --offline.

pip install httpx
unzip audit-bundle.zip
python verify_audit_bundle.py bundle.json
python verify_audit_bundle.py bundle.json --json
python verify_audit_bundle.py bundle.json --offline

Verification checks internal consistency of the exported bundle and, when Rekor anchors are present and passing, public-log anchoring of listed segment Merkle roots. It does not prove completeness of your AI estate (see the bundle Coverage section), legal compliance, or export authenticity from a passing digest check alone. When no Rekor UUIDs are present, the Rekor check reports SKIP (not PASS). Full hash-chain replay requires Quantlix governance tools or run integrity proof bundles.

Organization admins can view chain head, latest anchor, and integrity job status at Dashboard → Integrity. The badge on a trace never shows "Verified" unless an anchor covers that sequence and the integrity monitor is current.