I've been working on a question that kept coming up in audits: How do you actually prove that logs haven’t been modified after the fact?

Most logging stacks (Splunk, Datadog, ELK) are great for analytics, but when auditors ask “how do you prove integrity?”, the answer is usually vague or procedural.

Spine answers this using cryptographic audit logs that can be verified offline, without trusting the logging system itself.

The SDK and CLI are now open source. GitHub: https://github.com/EulBite/spine-oss

The problem Recent EU regulations (DORA, NIS2) explicitly require tamper-evident audit trails, but the problem exists independently of regulation:

- Auditors increasingly ask how logs can be proven immutable

- Most companies I talked to had no concrete technical answer

Quick example:

from spine_client import WAL, WALConfig, SigningKey

key = SigningKey.generate() wal = WAL(key, WALConfig(data_dir="./audit_log"))

await wal.initialize() await wal.append({"event_type": "user.login", "user_id": "alice"})

Then verify offline:

$ spine-cli verify --wal ./audit_log

Status: VALID Events verified: 2,341 Signatures verified: 2,341 Chain integrity: INTACT

No server required. An auditor can verify integrity without access to the system that generated the logs.

What’s open source

- spine-sdk-python – create signed audit logs locally

- spine-cli (Rust) – independently verify integrity

Apache 2.0 licensed

The server-side components (batch ledger coordination, timestamping, HA) remain proprietary.

Technical approach:

Each event → BLAKE3 hash → Ed25519 signature → append-only chain.

Instead of a single linear chain (where one corrupted entry invalidates everything after), Spine uses a batch ledger model: events are grouped into signed batches. A compromised batch doesn’t invalidate unrelated history.

Performance notes:

Benchmarks (Criterion, NVMe), included mainly to sanity-check overhead:

Signed + fsync: ~3,900 events/sec

Chain verification: ~537k events/sec

BLAKE3 @ 1KB: ~1.24 GiB/s

Benchmarks are included to validate design tradeoffs, not to claim absolute performance leadership.

Why open source the client? Audit systems require trust. By releasing the SDK + CLI:

Anyone can verify the integrity claims

Audit data remains readable without our infrastructure

Independent security review of verification logic is possible

Looking for discussion

Happy to get feedback or be challenged on architecture choices, crypto primitives, or verification logic.

Repo: https://github.com/EulBite/spine-oss

Project page: https://eulbite.com/open-source

Satya Nadella: a masterclass in saying everything while promising nothing

Show HN: Qrystal Uplink – External watchdog for IoT fleets, setup in <5 mins

New chip speeds up computing and reduces energy consumption

Mystery Plane Spotted Flying in Sky at Area 51 [video]

Can you still run old App Store apps?

pdit: Output-Focused Python Editor

Software occlusion culling in Block Game

Can Humans Smell Rain Better Than Sharks Smell Blood?

Learn Japanese alphabet fast in 3 minutes [video]

Show HN: AI-Powered Virtual Haircut Simulator with 360° View

Show HN: Spine – Verifiable audit logs with BLAKE3 and Ed25519

Anna's Archive perd son domaine en .org mais reste debout

Show HN: FlowWatch – Decorator-first file watcher for Python workflows

Anthropic writes Constitution for Claude it thinks will soon be proven misguided

The Data Box; Why "Smarter" AI Feels Dumber

Erdős Problem #347 Solved (AI assisted math)

Designing an Authentication System: A Dialogue in Four Scenes (1997)

Oldest cave painting could rewrite human creativity timeline

Anthropic's new Claude 'constitution': be helpful, and don't destroy humanity

Starlink in Iran: How the regime jams the service and what helps against it

Semantica: Open-source semantic layers, knowledge graphs, and GraphRAG

New Security Vulnerability Database Launches in the EU

Why Greenland Looks (It's Not) [video]

Graph of All Human Languages

Mixing incentives and penalties found key to cutting carbon emissions long term

With this tool, you can enjoy NAS functionality even without a NAS

The Tighter Weave: On Editing and Not Editing

OpenSkills – Stop bloating your LLM context with unused agent instructions

Rare Data Hunters [video]

Video for ROS2

Ask HN: Books for LLMs