We built hash-chained workflow histories to make agent execution tamper-evident(v1-18.docs.dapr.io) |
We built hash-chained workflow histories to make agent execution tamper-evident(v1-18.docs.dapr.io) |
Each batch of workflow events is cryptographically linked to the previous batch and signed using the SPIFFE workload identity that produced it. This makes workflow histories tamper-evident and allows verification of execution integrity, provenance, and identity.
The docs cover the design, verification model, and implementation details.
Happy to answer questions about the architecture or tradeoffs.