How Traces creates sealed, verifiable process proof
Traces groups independently anchored events, documents, and AI attestations into a single sealed process record. When you seal a trace, Invoance computes a composite SHA-256 hash over every item hash in true chronological order, signs it with Ed25519, and permanently closes the trace. The result is a single proof covering an entire multi-step process.
Trace lifecycle
A trace moves through three distinct states, each with specific guarantees about the items it contains.
Accepting new items (events, documents, attestations), mutable
Composite hash computed, Ed25519 signed, permanently closed
Any party has independently confirmed the proof
Step 1: Create a trace
Start by creating a trace. Provide a name and optional reference and metadata fields.
{
"name": "Loan Application #4021",
"reference": "loan_app_4021",
"metadata": {
"applicant": "jane_doe",
"loan_type": "commercial",
"amount": 500000
}
}{
"id": "trc_a1b2c3d4",
"name": "Loan Application #4021",
"status": "open",
"created_at": "2025-03-15T10:00:00Z"
}Step 2: Anchor items to the trace
Events, documents, and AI attestations are submitted to their respective endpoints with a trace_id field. Each item is independently hashed and signed (same as standalone items). Items of any type can be added over hours, days, or weeks, a single trace can contain any mix of all three types.
Step 3: Seal the trace
When you're ready to close the trace permanently, seal it. This triggers a deterministic cryptographic operation that binds all items (events, documents, and attestations) together.
All item hashes (events, documents, attestations) are gathered in true chronological order across all types.
SHA-256(item_hash_1 + item_hash_2 + ... + item_hash_n) is computed over the concatenated item hashes in chronological order.
Composite hash is signed with your tenant's Ed25519 private key.
Trace status is permanently changed to 'sealed'. No more items can be added.
The exact moment of sealing is recorded for audit purposes.
{
"id": "trc_a1b2c3d4",
"status": "sealed",
"event_count": 7,
"item_counts": { "events": 5, "documents": 1, "attestations": 1 },
"composite_hash": "9f8e7d6c5b4a...",
"signature": "a1b2c3d4e5f6...",
"sealed_at": "2025-03-20T16:45:00Z",
"verification_url": "https://www.invoance.com/proof/trace/trc_a1b2c3d4"
}Proof bundle export
Once sealed, you can export the trace as a self-contained proof bundle. Two formats are available: JSON for machines and systems, PDF for auditors, regulators, and legal review.
Machine-readable proof artifact. Contains trace metadata, all items (events, documents, attestations) with their hashes and signatures, composite hash, seal signature, and public keys. Ideal for programmatic verification and system integration.
Human-readable proof document. Includes a formatted summary, item timeline (events, documents, attestations in chronological order), all cryptographic values in readable form, and step-by-step verification instructions. Perfect for regulatory submission.
The proof bundle is self-contained. Anyone can verify it without an Invoance account.
How verification works
Trace verification confirms that the sealed record contains exactly the items (events, documents, attestations) it claims, in the order recorded, with no modifications after sealing.
The critical guarantee: The sealed trace proves the complete sequence of items, events, documents, and attestations. Removing or inserting any item would change the composite hash, making the proof invalid. This is the strongest form of process integrity proof.
Compliance mapping
Traces provide the strongest proof model in Invoance. When a regulator asks "prove this process happened exactly as described", this is what you hand them.
CC6.1, CC7.2, CC8.1Process integrity, change management, and technology infrastructure. Traces prove that authorized processes, including events, documents, and AI outputs, executed in documented sequence with no tampering.
§164.312(b), §164.312(c)Audit controls and integrity controls. Sealed traces create immutable audit logs of all items (events, documents, AI attestations) in a healthcare process with cryptographic proof of completeness.
A.12.4, A.14.2Logging and change management. Traces document process changes with timestamps and cryptographic proof, satisfying information security logging requirements.
SOX, Basel IIIProcess documentation and audit trail. Traces prove regulatory-required process execution and can be exported for regulator review without Invoance infrastructure dependency.
Traces use the same cryptographic primitives as all Invoance records, SHA-256, Ed25519, and append-only storage. The composite hash binding covers events, documents, and AI attestations in true chronological order. It is deterministic and verifiable offline, independent of Invoance infrastructure.
How Traces Works, Invoance
Technical walkthrough of how Invoance Traces groups independently anchored events, documents, and AI attestations into sealed, cryptographically verified process proof bundles. Create a trace, add items, seal with a composite hash, and export verifiable proof bundles for auditors or regulators.