symblon GitHub ↗
@symblon/core · open-source provenance engine

Tamper-evident
provenance on any storage.

Signed, hash-linked, append-only attestation chains for any product — with custody handover, selective disclosure, and tamper-evidence. Run the same engine on a centralized database, peer-to-peer, or a public blockchain — your choice of trust model, the same guarantees.

cyan · structure & links
green · verified
See it work → GitHub ↗
LICENSE Apache-2.0 VERSION v0.2.0 RUNTIME pure TypeScript
01 / what it is

Provenance by math,
not trust.

Every record is an attestation: a signed claim that carries the hash of the record before it. The chain is append-only — you add to history, you never rewrite it. Rewriting any past link changes its hash and breaks every link after it, so tampering is detectable by anyone, with nothing but the data and a public key.

centralized, P2P, or on-chain

Tamper-evidence lives in the data — hash links + Ed25519 signatures — not in any one database.
So the same chain verifies on a centralized database, peer-to-peer, or a public blockchain.
Start on a managed database today; move to P2P or anchor on a chain whenever you want — no rebuild.

The engine owns no keys and no storage — you inject a Signer and a key resolver. That is why the same core serves a custodial platform today and a self-sovereign owner tomorrow, with no rebuild.

03 / live demo

See it work — in this browser tab.

Seven guided steps — submit & approve, disclose, verify, transfer, release, tamper — each running the real engine on real Ed25519 signatures. No backend, no server to trust.

Submit & approve — the custodian mints, then delegates

You submit the unit (Aurex H-120 Integrated Amplifier) with its serial and a receipt. The custodian verifies it and signs the genesis — that signature is the approval, and assurance: receipt records what they checked. The serial and manufacturing date are public; the price is stored as a salted commitment. Then custody is delegated to you.
02 / how it works

Four primitives.
One append-only chain.

Everything the engine does composes from four ideas. Each is a pure function — keys and storage are yours.

Chains
signed & hash-linked
Each attestation signs its payloadHash and points at the previous one. Order is provable.
Custody handover
control migrates
A custody_change, signed by the current owner, moves control to a new key — to a buyer (transfer) or back to the custodian (release).
Selective disclosure
commit & open
Private fields live as hash(value ‖ salt). Reveal a chosen subset later.
Tamper-evidence
break = detect
Rewrite any record and verifyChain returns the exact broken index.

All four are demonstrated live above — running in your browser, on real signatures.

04 / use cases

One neutral core.
Many passports.

symblon is domain-neutral by design — it knows nothing about hi-fi or fruit. The subject scheme is yours; the engine just proves the chain. That neutrality is the product.

Engine
@symblon/core this project · domain-neutral
Chains, custody handover, commitments, presentations — pure functions, no I/O.
signing · verify
commitments
presentations
Use case
hifipass provenance for hi-fi gear
VIN-style passports for amplifiers, turntables & speakers — the demo above is a hifipass unit.
hifipass.unit
model · serial · price
Use case · planned
agropass fruit / agriculture DPP
The sibling proof that the engine — not any one product — is the reusable part.
own scheme
own domain
Use case · yours
any Digital Product Passport bring your own scheme
Pharma, luxury resale, machinery, certificates — anything that needs provable history.
your subject
your claims
05 / open source

Apache-2.0.
Read the whole engine.

No SaaS, no lock-in. @symblon/core is a small, audited-dependency TypeScript library you can vendor, fork, or build on. Install it from the source tag: 

# pinned git release — npm package coming once published
npm install github:zerostorypoints/symblon#v0.2.0

the API at a glance

buildbuildAttestation · signAttestation
verifyverifyChain · verifyAttestation
commitcommitField · verifyOpening
provebuildPresentation · verifyPresentation
readcurrentController · currentCommitments

Pure functions, named exports, strict TypeScript, Zod-mirrored types, cryptography via audited @noble/* libraries — never hand-rolled.

Read the source ↗ README ↗