Evidence integrity infrastructure for compliance and audit workflows.
TrustSignal issues signed verification receipts so organizations can prove when evidence was created, where it came from, and whether it has changed — without replacing the system that collected it.
→ trustsignal.dev · Developer Docs · Request a Pilot
Compliance and audit teams rely on artifacts that pass through multiple systems. After collection, evidence can change, provenance fades, and reviewers weeks later have no reliable way to confirm what was originally captured.
TrustSignal adds an integrity layer at the handoff point — no workflow replacement required:
| Capability | What It Does |
|---|---|
| Signed verification receipts | Issued at artifact ingestion, binding hash, source, control, and timestamp |
| Verifiable provenance | Source metadata travels with the receipt from the start |
| Later integrity checks | Compare current artifact against original receipt before audit review |
| Tamper detection | Mismatch signals surface when a record no longer matches intake state |
| Zero workflow disruption | Fits alongside Vanta, Drata, and existing GRC platforms via a clean API boundary |
| Repository | Description |
|---|---|
| TrustSignal | Core API and verification engine — TypeScript, Fastify, Prisma, Halo2, Solidity |
| v0-signal-new | Public website at trustsignal.dev — Next.js |
| TrustSignal-App | GitHub App for CI verification and check-run publishing |
| TrustSignal-Verify-Artifact | GitHub Action for build artifact verification — local + managed modes |
| TrustSignal-Reddit | Reddit trust scoring and moderation toolkit — Devvit + web dashboard |
| trustagents | Defensive-security R&D for compliance evidence anomaly detection — Python |
| TrustSignal-docs | Public documentation and review materials |
TrustSignal provides: Signed verification receipts · Verification signals · Verifiable provenance metadata · Later integrity-check capability
TrustSignal does not provide: Legal determinations · Compliance certification · Fraud adjudication · Replacement for the system of record
- Evaluate: Run
npm install && npm run demoin the core repo - Integrate: Add the Verify Artifact Action to your CI pipeline
- Learn more: Read the developer docs
- Pilot: Request a lightweight pilot