Tools / Seal

Lock the moment. Prove it forever.

When something happens — a transaction, a reading, a decision, a signature — VLI takes its exact contents and produces a cryptographic seal. The original can never change without leaving a trace. The seal can be verified by anyone, anywhere, without trusting us.

What it means.

A seal is a cryptographically signed, canonically-encoded record of something that happened. The data itself is locked: change a single byte and the seal breaks. The signature proves who created the record. The hash proves the contents haven't been altered. The seal is portable — it's just bytes, and anyone with the public key can check it.

What gets sealed.

Transactions

Sensor readings

Contracts

AI decisions

Document versions

Attendance records

Custody transfers

How to do it on VLI.

CLI

clearkey seal payload.json \
  --identity ./me.key

MCP

vli_seal_event({
  "payload": {...}
})

From mcp-server-vli

API

POST /registry-api/seal
Content-Type: application/json
{ "payload": {...} }

Under the hood.

</> Seal procedure

1. canon = JCS(payload)
2. hash  = SHA-256(canon)
3. sig   = Ed25519.sign(privKey, hash)
4. bundle = {
     payload, hash, sig, keyId,
     issuedAt, schema
   }
5. (optional) submit bundle to registry → leafHash + auditPath

Once sealed, register what you sealed →