Leibodex Provenance Bundle v1
- Version:
v1 - Status: active
bundle_spec:leibodex.provenance_bundle.v1
Purpose
Define a portable provenance ZIP artifact (evidence/research/release/contracts style use cases) for hash stamping.
Hashing Rule
- Compute SHA-256 over the exact ZIP bytes.
- Stamp with
POST /v1/stamps. - Verify with
/verify/<hash>.
Required Files
manifest.json- At least one primary artifact file (
front.jpg,document.pdf,artifact.bin, etc).
Optional Files
statement.txtorstatement.pdfreceipt.txtcertificate.jsonsignatures/*payload files
manifest.json Schema (v1)
Canonical top-level keys (sorted lexicographically in deterministic tooling):
bundle_spec(string, required)created_at_utc(ISO8601 Z, required)description(string, optional)internal_file_count(integer, optional)metadata(object, optional)signatures(array, optional)title(string, optional)
metadata suggested keys:
bundle_type(provenancerecommended)creator_aliassource_uri(optional)
signatures[] shape is identical to Capture Bundle v1.
Example manifest.json
{
"bundle_spec": "leibodex.provenance_bundle.v1",
"created_at_utc": "2026-03-01T00:00:00Z",
"description": "research provenance bundle",
"internal_file_count": 5,
"metadata": {
"bundle_type": "provenance",
"creator_alias": "research"
},
"signatures": [
{
"type": "detached",
"signature_hash": "a3bcb52f6f6e7ff48e17f8f92ce4c4f9f4d8f7896e13b6f5e4a9d6b9d1e5a277",
"signed_at_utc": "2026-03-01T00:05:00Z"
}
],
"title": "dataset release"
}Determinism Notes
- Browser bundles are best-effort deterministic.
- CLI bundles are strict deterministic.