Attestation chain head.

Every snapshot Fonteum publishes is SHA-256 hashed at write time and appended to a Certificate-Transparency-style log. The head of that log — the most recent attestation — is published below. Once the per-snapshot previous_link_hash backfill lands under §sprint3-attestation-chain, every row will additionally chain backwards to the prior row, making any tampering detectable by a single recomputation.

Current head

snapshot_id: 24
source_id: cms-outpatient-utilization
snapshot_date: 2026-05-31
content_hash (SHA-256): f55bb4f38924fc319fcbdac42a1d95ad7c0edd9f0c4d32eb5697bbe9136033a0
attested_at: 2026-05-31T06:40:03.590853+00:00
previous_link_hash: (deferred — §sprint3-attestation-chain)
signing_key: (STH signing key publishes with first signed tree head)

Total attestations on file: 10

Witness co-signatures — snapshot 24

No witness signatures on file for this snapshot.

Verify this snapshot programmatically: /api/attestation/verify/24

How the chain works

Each upstream archive is downloaded, SHA-256 hashed, and written to snapshot_attestations with the source archive URL preserved verbatim.
Each new row carries a previous_link_hashfield set to the prior row's content_hash (or all-zero for the first row in a source family). Tampering with any historical row breaks every downstream link.
A periodic STH (Signed Tree Head) seals the chain head with Fonteum's chain-signing public key. Verifiers fetch the STH, walk the chain backwards, and confirm every link.

Compliance posture

Compliance posture

Attestation chain head.

How the chain works