We built hash-chained workflow histories to make agent execution tamper-evident(v1-18.docs.dapr.io)
v1-18.docs.dapr.io
We built hash-chained workflow histories to make agent execution tamper-evident
https://v1-18.docs.dapr.io/developing-applications/building-blocks/workflow/workflow-history-signing/
Each batch of workflow events is cryptographically linked to the previous batch and signed using the SPIFFE workload identity that produced it. This makes workflow histories tamper-evident and allows verification of execution integrity, provenance, and identity.
The docs cover the design, verification model, and implementation details.
Happy to answer questions about the architecture or tradeoffs.