Self-hosted witness
Be your own witness.
A signed log proves it was not rewritten. A witness proves something stronger: that everyone is being shown the same log. Run your own witness daemon to pull and co-sign our signed tree heads, so a split view cannot stay hidden from you.
split-view detection · self-hostable · co-signed heads
checked head @ size 184203 consistent with prior yes co-signed ed25519:2c91… fork detected no
Why a witness
The one trick a signed log cannot catch alone.
A signed, append-only log cannot be rewritten without detection. But a dishonest operator could in theory show one history to you and another to someone else. A witness is the independent observer that makes that impossible to hide.
What you get
Independent eyes you control.
The witness is a small daemon you run. It needs nothing of ours beyond the public heads, and it answers to your key, not ours.
Run it anywhere
A self-contained daemon on your own infrastructure, pulling the public heads on a schedule you set.
Co-sign the heads
Each head you observe is co-signed under your key, building an independent record of what you were shown.
Catch a split view
If our log ever presented a different history elsewhere, your co-signed chain would not reconcile, and you would know.
Run it
One daemon, one registration.
Start the witness and register its URL on the workspace. From then on it watches continuously and your co-signatures are part of your evidence.
# pull and co-sign our signed tree heads on a schedule npx @axiorank/log-witness --log-id <id> --jwks jwks.json \ --sign-key ./witness.key
Stronger than trust
Keep exploring
Continue across the control plane.
Keep your own watch on our log.
Run a witness, co-sign what you see, and turn the integrity of the audit trail into something you check, not something you trust.