b1rdmania wants Mike's exports to prove they weren't tampered with
An open proposal to fingerprint every document version so a firm can prove the file it holds is the one the system actually reviewed.
Right now, once a document leaves Mike there's no way to tell an untouched export from an altered one. b1rdmania's change fixes that by recording a cryptographic fingerprint (a SHA-256 hash, a short string that changes if even one byte of the file changes) for every version as it's written, across uploads, edits, generated documents, and copies.
On top of that sits a new per-project export that emits a manifest: the project's identity, each version's fingerprint, where it came from, when it was created, and the accept/reject trail of edits by reference only, with no edit text exposed. Verification becomes a one-line check - hash the file you're holding, compare it to the manifest. The change is deliberately conservative: nothing else in the product behaves differently, and older documents simply show a blank fingerprint until they're next touched.
Spotted something wrong? Or know the PR text has fresher detail than the writeup above?