bluefield
Bluefield

Tamper-evident web data

Bluefield makes scraped data tamper-evident: every result is signed (Ed25519) over a SHA-256 content hash, so any later modification breaks verification. Run `npx bluefields verify` and a single changed byte fails the check — you always know whether the data is exactly what was fetched.

What is tamper-evident web data?

Tamper-evident web data carries a cryptographic seal that breaks if the content is altered after capture. It does not prevent edits — it makes any edit detectable, so you can trust that verified data is unchanged since it was fetched.

Tamper-evidence
A property where any modification after capture is detectable via a broken signature.
Content hash (SHA-256)
A fingerprint of the content; the signature is computed over it.
Ed25519 signature
The public-key signature over the manifest, made with a key in AWS KMS.

Bluefield capabilities

Bluefield API capabilities relevant to this use case
CapabilityDetail
Signed content hashSHA-256 of the content, sealed by an Ed25519 signature
Offline verification`npx bluefields verify` checks integrity with the published key
Change detectionWatch mode flags meaningful changes to a monitored page
Per-result coverageEvery live scrape result is signed
Self-hostSame tamper-evidence in your own deployment

Frequently asked questions

How does it detect tampering?
The signature is computed over a SHA-256 hash of the content. If even one byte changes afterward, the recomputed hash no longer matches the signed one and verification fails.
What is covered by the hash?
The extracted content plus the canonical manifest fields (URL, fetch time, status, headers hash). Verification confirms both the content and that metadata are unaltered.
Is the signing key public?
The public key is published so anyone can verify offline. The private key is held in AWS KMS and never leaves it.

Ready to start

1,000 free credits per month. No credit card required.