Bluefield
Content credentials for scraped data
Content Credentials are tamper-evident provenance metadata — the principle behind C2PA for images and video. Bluefield applies it to scraped web data: every result carries an Ed25519-signed manifest recording the source URL, a content hash, and the fetch time, so anyone can verify the data’s origin and integrity offline.
What are content credentials for web data?
Content credentials are a signed, tamper-evident record of how a piece of content was produced and where it came from. Media uses the C2PA standard; Bluefield brings the same provenance principle to scraped web pages with a cryptographically signed manifest attached to every result.
- C2PA / Content Credentials
- An industry standard for tamper-evident provenance metadata on media; the inspiration for signing web data.
- Provenance manifest
- The signed JSON Bluefield attaches to each result, recording source and integrity data.
- Chain of custody
- A verifiable trail showing the data has not been altered since it was fetched.
Bluefield capabilities
| Capability | Detail |
|---|---|
| Signed manifest per result | Ed25519 over content hash, source URL, and fetch time |
| Offline verification | `npx bluefields verify` — no vendor round-trip |
| Store with your data | Keep the manifest beside each record or RAG chunk |
| Watch mode | A fresh signed credential each time the source changes |
| Self-host | Same provenance pipeline in your own infrastructure |
Frequently asked questions
- Is this the C2PA standard?
- It is built on the same provenance principle as C2PA / Content Credentials, but Bluefield’s manifest is a compact Ed25519-signed JSON document for web data, not the C2PA media file format.
- Why does scraped data need content credentials?
- Once data leaves the page it loses its context. A signed credential lets an agent, pipeline, or auditor confirm the source and that the bytes have not changed — the difference between "trust me" and "here is the receipt".
- How is a credential verified?
- With the published key and `npx bluefields verify`. The check is offline and deterministic: a single changed byte fails it.