Healthcare and legal customers kept asking the same question about our document extraction API: "How do we prove in court that the extracted JSON wasn't tampered with after the fact?" Good question. Here's the answer I shipped. The architecture in 60 seconds Every extraction record gets: HMAC-SHA256 signed at write time with a per-tenant secret Inserted into a daily Merkle tree (one tree per UTC day) The daily Merkle root is published — clients can see it any time When a customer needs to prove integrity, they request a Merkle proof for their specific record ID. The proof is a sequence of sibling hashes that lets anyone re-derive the tree root from the leaf. If the recomputed root matches the published root → the record is unaltered. If anything changed in the record after the daily tree was sealed, the proof fails. Pure Node crypto. Zero external service. ~150 LOC.…