Built this after hitting the same gap on multiple projects: teams log critical events (admin actions, permission changes, PII access) but have no structural way to prove those records weren't altered after the fact.

Immutable storage (S3 Object Lock, WORM) are common, but it only covers tampering after the write lands. It doesn't protect against someone with DB write access, and it doesn't give a third party, e.g. an auditor, a way to verify integrity without touching your infrastructure.

My approach: hash chaining. Each event is SHA-256 hashed against its canonical payload + the hash of the previous event. Any insertion, deletion, or modification breaks all subsequent hashes. Anyone with the public API can re-verify the chain independently.

A few decisions I'm happy to discuss:

- Canonicalization before hashing: JSON isn't canonical by default. Ended up writing a strict sorted-key schema rather than fighting recursive serialization. - Per-actor chains vs. one global chain: Global is simpler to verify but creates write contention and makes auditor exports painful. Per-actor trades some global integrity for operational sanity.

- Trusted server-side timestamps anchored into the hash: If the client controls the timestamp, you can reorder events without breaking hashes.

- Periodic anchoring to a public chain: On the roadmap for the "full infra access + rewrite the whole chain" attack vector.

SDK is available (nodejs, others are coming). Integration is trivial. Free tier available without CC.

Happy to go deep on the crypto model, the canonicalization approach, or the trust assumptions.