What it is
Signal Provenance is file-level hash-chain integrity monitoring. Every file operation, every change, every access gets a cryptographic hash chained to the previous entry. The result is a tamper-evident ledger that proves what happened to any file at any point in time.
Rust core. Tauri desktop app. Runs on your machine. No cloud. No data leaves the building.
What problem it solves
The EU AI Act (Article 12, effective August 2, 2026) mandates automatic event logging for high-risk AI systems. Article 15 mandates cybersecurity resilience. Neither explicitly requires cryptographic log integrity. But the combination of Articles 12, 15, and 73 (forensic evidence preservation) makes hash-chained, tamper-evident logs the economically rational implementation.
Beyond compliance: any team that needs to prove what happened to their files, when, and by whom. Legal discovery. Audit trails. Forensic investigation. Regulatory submissions.
Evidence
| Claim | Value |
|---|---|
| Rust test suite | 49 tests passing (39 core + 5 cross-impl + 2 encryption + 3 license) |
| Hash-chained ledger | 7,012 entries, chain VALID |
| macOS binary | 14MB arm64, codesigned + notarized + stapled |
| Linux binary | 17MB |
| Self-referential deployment | Signal Provenance monitors the codebase that builds Signal Provenance |
| Compliance frameworks | EU AI Act, FDA 21 CFR 11, HIPAA, CMMC, ISO 27001, SOX 404 |
| Price | $10,000/yr |
Every number above is sourced. The test count is from cargo test. The ledger count is from the production database. The binary sizes are from the build artifacts on disk. I built it. I run it. I can show you every line.
What exists in this space
VeritasChain (VCP v1.1) provides cryptographic audit trails for algorithmic trading. RFC 6962 Merkle trees, Ed25519 signatures. Trading-specific.
TrueScreen provides forensic-grade digital provenance at point of content creation. eIDAS-compliant qualified timestamps. Content-capture-specific.
Neither provides continuous, local-first, file-level monitoring as a downloadable desktop app at $10,000/yr. The difference is in the delivery model and price tier, not the concept of cryptographic integrity.
How to get it
Contact me. I'll walk you through what it does, show you the ledger, run a demo on your files. If it fits, you'll have a desktop app running on your machine within a week.