Pillar 02
Every edit produces an immutable, cryptographically signed record. Trust is replaced by mathematical proof.
For teams
“Who changed this paragraph?” “When was this API endpoint documented?” “Is this the version we shipped?”
choco.tools answers these questions with cryptographic certainty — not git blame guesswork. Every document version is content-addressed (SHA-256), signed (Ed25519), and recorded in an append-only ledger that cannot be rewritten.
Content-addressed storage
Every version is identified by its SHA-256 hash. Change one character, get a completely different address.
Ed25519 signatures
Every edit is signed by the author's key pair. Authorship is non-repudiable.
Append-only ledger
The factory vault records every signature. Entries cannot be deleted or modified.
Public verification
Anyone with the content hash can verify a document's integrity — no account required.
Command-level audit trail
Block-level signing is the floor. Above it, every slash command emits a signed EventEnvelope — schema-versioned, content-addressed, idempotency-keyed. The ledger records the command, not just the output.
Slug allowlist
Only commands in the verified slug registry can emit ledger events. Unknown slugs are rejected at the gate — no partial writes, no ghost entries.
schemaVersion bound
Every EventEnvelope carries the schema version it was produced under. Consumers can reject or migrate stale events without guessing the shape.
Idempotency
Each event carries a deterministic idempotency key. Re-running a command produces one ledger entry. Retries and replays are safe by construction.
EventEnvelope
UUIDv7 sequence ID. SHA-256 payload hash. Ed25519 envelope signature. Every command event is independently verifiable — no trust in the transport layer required.
For business
Audit trails are typically retrofitted onto documentation tools as an afterthought. In choco.tools, they're the foundation. Your compliance team gets what they need without your engineering team building custom integrations.
SOC 2 Type II
Immutable audit logs satisfy the change management and monitoring controls required for SOC 2 compliance.
Regulatory readiness
Financial services, healthcare, and government teams use verifiable docs to prove policy adherence.
Tamper evidence
If a document is modified outside the system, verification fails immediately. No silent corruption.
For enterprise
The vault is choco.tools's permanent memory. Five Golden Tickets exist — cryptographic credentials signed by the factory, recorded in the ledger. They are permanent.
This same infrastructure powers your document verification. Every published version gets a vault entry. Every entry carries an Ed25519 signature and a content hash. The ledger is append-only — entries cannot be deleted.
Verification endpoint: GET /verify/ticket/[ticket_id] | Public, no auth required