Durable evidence identity for agent-built software

BitterLog

Content-addressed, append-only evidence receipts for work, provider artifacts, runtime traces, QA proof, decisions, and property evidence. Future agents, supervisors, operators, and auditors can move from claim to proof without trusting summaries.

Read the API contract Open evidence TV

identity

Evidence receipts Digest, byte count, observed timestamp, source, service, run, agent, and origin.

custody

Bucket objects Raw bodies or raw-ref manifests survive first. Parsing and projection come later.

review

Annotations Interpretations are appended beside the evidence. They do not rewrite it.

recovery

Lineage queries Projection pointers connect derived views back to inspectable source proof.

01 / Owned primitive

The proof spine, not another dashboard.

BitterLog owns the durable identity layer around evidence. It keeps receipts, raw material, manifests, annotations, projection pointers, and ingest receipts queryable and recoverable while other systems keep their own authority.

Evidence receipt

Every stored item has identity: content digest, byte count, observed time, origin, service, source, run, and agent.

Raw body or raw-ref

Full bodies can be preserved directly; large or external artifacts can be represented by a manifest without losing custody metadata.

Annotation ledger

Human and agent interpretations attach as append-only annotations with confidence, score, author, and payload.

Projection pointer

Analytical read models can be useful, but they point back to the receipt instead of becoming the source of truth.

Ingest receipt

Write paths return proof of what was accepted, how it was identified, and where follow-up reads can recover it.

Lineage query

Operators can trace a conclusion, QA result, or runtime claim back to the exact evidence object behind it.

02 / Custody path

Preserve first. Interpret without overwriting.

1

Ingest

Accept events, provider artifacts, run receipts, logs, raw bodies, or raw-ref manifests.

2

Address

Attach digest, byte count, observed timestamp, source, service, run, agent, and origin.

3

Annotate

Add operator or agent notes as new facts beside the evidence, never as destructive edits.

4

Project

Build queryable views for inspection while retaining a pointer back to each raw receipt.

5

Recover

Return from a claim, failure, or decision to the original proof body or manifest.

03 / Boundary

Authority stays where it belongs.

BitterLog owns

  • Evidence receipts, bucket objects, log events, raw bodies, raw-ref manifests, and content digests.
  • Observed timestamps, source, service, run, agent, origin, manifests, annotations, and projection pointers.
  • Lineage queries and ingest receipts that let future workers prove what happened.

BitterLog refuses

  • Factory control-plane authority, allocation, runtime deployment truth, or credential custody.
  • GoltMund memory synthesis, final judgment, generic SIEM posture, or transcript dumping.
  • Dashboard-led product drift where the API bends around charts instead of evidence identity.

04 / Operator surface

Headless first, inspectable at the edge.

The public index documents the API. One Bitter account is the normal entry: the account runtime delegates short-lived, account-scoped BitterLog credentials to the CLI and constellation services. Global tokens remain operator fallback material, not the customer path. 

GET  /api/v1
GET  /api/v1/status
POST /api/v1/auth/bitterhub/log/delegation
POST /api/v1/events
POST /api/v1/buckets/:bucket/objects
POST /api/v1/annotations