What a Proof Guarantees

Every dataset revision on VisiHub produces a verification proof — a machine-readable, cryptographically signed JSON document that records exactly what was checked at the time of publication.

This page describes what a proof guarantees today. No roadmap. No future tense. Only claims that are true right now.

What a proof contains

Proof version

Currently v1. The version identifies the proof schema. If the schema changes, the version increments. Old proofs remain valid under their original version.

Repository and dataset identity

The proof records the repository owner, repository name, dataset path, and version number. This binds the proof to a specific dataset at a specific point in time.

Integrity check results

Each check assertion is recorded with a pass or fail status. The proof includes the overall verdict: verified or failed.

Content fingerprint

The BLAKE3 content hash of the uploaded file, if provided by the publishing client. This fingerprint ties the proof to the exact bytes that were published.

Ed25519 digital signature

The entire proof payload is signed with an Ed25519 key. The signature, algorithm identifier, and key ID are included in the envelope. A third party can verify the signature without contacting VisiHub.

The snapshot integrity check

Every tabular dataset revision is checked automatically at the time of import. The check compares the current revision against the previous revision of the same dataset. The first revision establishes a baseline.

Assertion What it verifies
dataset_path The dataset path has not changed between revisions.
row_count The number of rows matches the previous revision.
column_names The column headers are identical to the previous revision.
content_hash A content hash is present and recorded. A change in hash is not a failure — the check confirms the hash was captured.

If any structural assertion fails (row count changed, columns renamed), the overall check status is fail. A failed check does not block publication — it records the change.

What a proof does not guarantee

A proof is a record of what was checked, not a claim about the underlying data quality. These distinctions matter.

A proof does not guarantee the data is correct. It guarantees the structure was checked.

A proof does not guarantee the data has not been modified outside VisiHub.

A proof does not verify the content of individual cells or values.

A proof does not enforce schema types, null constraints, or referential integrity.

A proof does not replace an audit. It provides evidence for one.

Proof format

Proofs are JSON documents wrapped in a signed envelope. The payload is canonical JSON (sorted keys, deterministic output) to ensure signature stability. 

{
  "payload": {
    "proof_version": "v1",
    "repo": { "owner": "acme", "name": "payments" },
    "dataset": { "path": "ap_payments.csv", "version": 3 },
    "status": "verified",
    "checks": [
      { "name": "dataset_path", "status": "pass" },
      { "name": "row_count", "status": "pass" },
      { "name": "column_names", "status": "pass" },
      { "name": "content_hash", "status": "pass" }
    ],
    "fingerprints": { "source": "upload", "content": "blake3:a1b2c3..." },
    "engine": "visihub",
    "timestamp": "2026-02-10T14:30:00Z"
  },
  "signature": "base64...",
  "sig_alg": "ed25519",
  "key_id": "2026-01"
}

Immutability

A proof is generated from the state of a revision at import time. It is deterministic: the same revision always produces the same proof. If a dataset is updated, the new revision produces a new proof with a new run ID. The previous proof remains unchanged.

Proofs are never modified after generation. Corrections create new revisions, which create new proofs.

Third-party verification

Any party can verify a proof without a VisiHub account. Two methods are available:

API verification

Submit the full proof envelope to the public verification endpoint. VisiHub will verify the signature, validate the schema, and return a pass/fail result with the signer's identity.

POST https://api.visihub.app/public/verify-proof

Send the proof JSON as the request body. Returns verified: true or verified: false with error details.

Offline verification

Fetch the public key from GET /api/public_keys, match the key_id from the proof envelope, re-serialize the payload as canonical JSON (recursively sorted keys, no whitespace), and verify the Ed25519 signature. No network call to VisiHub is required after fetching the key.

In one sentence

A VisiHub proof is a cryptographically signed record that a specific dataset, at a specific version, passed a defined set of structural integrity checks at the time of publication.