Audit infrastructure

Audit chain verifier

Convexly publishes a SHA-256 hash-chained audit log for every CME pipeline run plus a file-level integrity log for logged research artifacts (papers, data bundles, snapshot CSVs). This page walks both chains in your browser and renders a verdict for each. Mutable daily snapshots (leaderboard JSON, wallet-labels JSON, daily CME signals archive) are LOGGED on each regenerate and the verifier compares the LATEST entry per file to the live file (older entries are publication history, not live-file hash assertions). Row-level CME pipeline hash recomputation and RFC-3161 timestamp anchoring are roadmap items.

Cross-references: AsPredicted manifest · negative-result registry · full research index.

CME pipeline audit chain

Every row of the CME pipeline audit log carries a SHA-256 prev_hash that must match the prior row's row_hash. The genesis row's prev_hash is the all-zero string. Tampering with any row mid-stream breaks the linkage and the verifier below reports the first invalid row.

Rows

41

First row

2026-04-29T01:19:42

Latest row

2026-05-04T08:59:03

Download audit_log.jsonl

Research-artifact integrity log

Every published research artifact (paper PDF, leaderboard JSON, whale-audit CSV) is logged with its SHA-256 + git parent commit + retroactive timestamp. For mutable artifacts (the daily leaderboard, wallet-labels, etc.) the integrity log accumulates one row per regenerate; the verifier compares the LATEST row per file to the live file. Older rows are publication history, not live-file hash assertions.

Artifacts

49

First entry

2026-04-12

Latest entry

n/a

Loading integrity manifest...
Download integrity-log.jsonl

What this verifier proves

  • Chain linkage: no row in the CME pipeline audit log can be edited without invalidating every subsequent row's prev_hash. The verifier identifies the first invalid row when it walks the chain.
  • Artifact integrity: every published research artifact (paper PDFs, JSON snapshots, CSV bundles) hashes match the integrity-log claim at publication time. Tampering after publication breaks the SHA-256.
  • Open verification: the verifier code is inspectable in the page source. Anyone can re-run the same checks offline by downloading the JSONL files and running shasum -a 256.
  • Pre-registration linkage: each AsPredicted entry on /research/preregistrations has an audit_chain_anchor field referencing the run identifier in the audit log. Combined, this shows that the data behind the verdict is the data Convexly committed to before running the test.