Spec Signing

Signing ensures specs haven't been tampered with and provides an audit trail of all changes.

How it works

Every spec is cryptographically signed before deployment. The signature proves that the spec hasn't been modified since it was signed and creates a permanent record of who deployed it and when.

Signing a spec

contractspec sign app.spec.ts --key ~/.contractspec/key.pem
contractspec deploy --signed app.spec.ts.signed

Verifying signatures

contractspec verify app.spec.ts.signed
# Output: ✓ Signature valid
# Signed by: alice@example.com
# Timestamp: 2024-11-08T10:30:00Z

Next: Policy Decision Points