Skip to main content
While hash chains provide per-agent tamper evidence, the Merkle tree provides a global integrity proof across all events from all agents.

How it works

A Merkle tree is built over all event hashes across all chains. The tree produces a single root hash that represents the integrity state of the entire system. 
                    [Root Hash]
                   /            \
            [Hash AB]          [Hash CD]
           /        \         /        \
      [Hash A]  [Hash B]  [Hash C]  [Hash D]
         |         |         |         |
      Event 1   Event 2   Event 3   Event 4
Key property: Any change to any event in any chain changes the root hash.

Use cases

Verifiable exports

When you export a subset of events with plog export, each event includes a Merkle inclusion proof — a set of sibling hashes that proves the event belongs to the original tree without revealing other events. 
plog export --agent-id my-agent
The recipient can verify each event’s inclusion proof independently: 
plog verify-export package.plog

RFC 3161 timestamping

The Merkle root is what gets signed by an RFC 3161 Timestamp Authority. One signature covers all events across all chains. 
plog timestamp
This proves to third parties that your entire audit trail existed at a particular time.

Computing the root

# CLI
plog verify --agent-id my-agent  # includes Merkle root

# API
GET /v1/merkle/root
The root is computed on demand — it reflects the current state of all stored events.