Vision
The activity logger (#32) records what happened. A truly serious app needs to prove that the log itself wasn't tampered with — for SOC2, for legal disputes, for fraud investigation.
Proposal
Each `activity_log` row carries:
- `prev_hash` — SHA-256 of the previous row's canonical bytes
- `hash` — SHA-256 of `(prev_hash || canonical(this_row))`
A nightly cron walks the chain and asserts integrity; mismatches alert. Bonus: optional anchoring of the daily root hash to a public ledger (a tweet, a transaction, a Sigstore log) for external verifiability.
Admin UI under Settings → Audit Trail shows:
- Chain integrity status (green / red)
- Per-day root hashes
- One-click export of a signed PDF log for a date range (legal-grade evidence)
Why this is differentiating
This is genuinely "superior software" territory. Most apps cannot answer "prove this audit log is real". A framework that gives that answer for free unlocks fintech, healthcare, legal, and government use cases.
Acceptance
- Mutating a row in `activity_logs` directly via SQL gets detected on the next chain check
- A SOC2 auditor can be handed an exported, hash-anchored PDF and verify it against the public anchor
Vision
The activity logger (#32) records what happened. A truly serious app needs to prove that the log itself wasn't tampered with — for SOC2, for legal disputes, for fraud investigation.
Proposal
Each `activity_log` row carries:
A nightly cron walks the chain and asserts integrity; mismatches alert. Bonus: optional anchoring of the daily root hash to a public ledger (a tweet, a transaction, a Sigstore log) for external verifiability.
Admin UI under Settings → Audit Trail shows:
Why this is differentiating
This is genuinely "superior software" territory. Most apps cannot answer "prove this audit log is real". A framework that gives that answer for free unlocks fintech, healthcare, legal, and government use cases.
Acceptance