How DocGovernance protects document integrity through cryptographic design.
| Component | Algorithm | Purpose |
|---|---|---|
| Content hashing | SHA-256 | Fingerprint every document and derived artifact. Hash is computed on original bytes before any transformation. |
| Event signing | Ed25519 | Every ledger event is signed with the server's Ed25519 private key. Signature covers the canonicalized event JSON. |
| JSON canonicalization | RFC 8785 (JCS) | Deterministic sorted-key serialization ensures hash reproducibility across Node.js, Python, and browser verifiers. |
| Ledger chaining | SHA-256 hash chain | Each event includes the hash of the previous event. Any deletion or reordering breaks the chain. |
| Batch integrity | Merkle tree (SHA-256) | Order-sensitive Merkle root computed over event hashes. Batch integrity verifiable without reading every event. |
The ledger is an append-only JSONL file. Each line is a signed event record. The structure ensures:
Every court bundle export contains two independent verifiers:
| Verifier | Runtime | Network required |
|---|---|---|
verify.html | Any modern browser | None — fully self-contained |
dg-court-verify.cjs | Node.js (any version ≥ 16) | None — no external dependencies |
Both verifiers check: SHA-256 content hashes, Ed25519 signature validity, hash chain continuity, Merkle root consistency, and key status (valid / rotated / revoked).
Ed25519 keypairs are generated on first server start and persisted to PEM files. The public key registry is co-packaged with every exported bundle, enabling offline signature verification. Key rotation archives the old key with its rotation timestamp; all historical bundles continue to verify against the archived public key.
| Control | Detail |
|---|---|
| Authentication required | All upload endpoints require a valid JWT. Unauthenticated requests return 401. |
| File type validation | Extension allowlist + MIME type check + PDF magic bytes validation. |
| Size limits | 50MB per file, 500 pages per PDF. |
| Storage key randomization | Original filename stored as metadata only. Object storage keys are randomized UUIDs. |
| Hash before transformation | SHA-256 of original bytes computed before any processing step. |
All connections use TLS 1.2+. Document storage uses S3-compatible object storage with server-side encryption. Database connections use SSL. Signing keys are stored with filesystem permissions restricted to the application process.
Document content is treated as untrusted input. System prompts and document text are strictly separated. AI output cannot create approvals, alter events, delete artifacts, or export bundles without explicit user action. Every AI report requires human review and approval before the report hash is written to the ledger.
If you discover a security vulnerability in DocGovernance, please report it responsibly to: [email protected]
We aim to respond within 48 hours and will work with you to understand and address the issue before public disclosure.