b1rdmania wants Mike's exports to prove they weren't tampered with

An open proposal to fingerprint every document version so a firm can prove the file it holds is the one the system actually reviewed.

securitycompliance

Right now, once a document leaves Mike there's no way to tell an untouched export from an altered one. b1rdmania's change fixes that by recording a cryptographic fingerprint (a SHA-256 hash, a short string that changes if even one byte of the file changes) for every version as it's written, across uploads, edits, generated documents, and copies.

On top of that sits a new per-project export that emits a manifest: the project's identity, each version's fingerprint, where it came from, when it was created, and the accept/reject trail of edits by reference only, with no edit text exposed. Verification becomes a one-line check - hash the file you're holding, compare it to the manifest. The change is deliberately conservative: nothing else in the product behaves differently, and older documents simply show a blank fingerprint until they're next touched.

So what Any GC or managing partner who needs to answer "can you prove what was reviewed and accepted" before adopting a legal-AI tool should watch this one.

View this fork on GitHub →

Spotted something wrong? Or know the PR text has fresher detail than the writeup above?