> ## Documentation Index
> Fetch the complete documentation index at: https://docs.provenlog.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Merkle Trees

> Global integrity proofs across all agent chains

While [hash chains](/concepts/hash-chains) provide per-agent tamper evidence, the Merkle tree provides a **global integrity proof** across all events from all agents.

## How it works

A Merkle tree is built over all event hashes across all chains. The tree produces a single **root hash** that represents the integrity state of the entire system.

```
                    [Root Hash]
                   /            \
            [Hash AB]          [Hash CD]
           /        \         /        \
      [Hash A]  [Hash B]  [Hash C]  [Hash D]
         |         |         |         |
      Event 1   Event 2   Event 3   Event 4
```

**Key property:** Any change to any event in any chain changes the root hash.

## Use cases

### Verifiable exports

When you export a subset of events with `plog export`, each event includes a **Merkle inclusion proof** — a set of sibling hashes that proves the event belongs to the original tree without revealing other events.

```bash theme={null}
plog export --agent-id my-agent
```

The recipient can verify each event's inclusion proof independently:

```bash theme={null}
plog verify-export package.plog
```

### RFC 3161 timestamping

The Merkle root is what gets signed by an RFC 3161 Timestamp Authority. One signature covers all events across all chains.

```bash theme={null}
plog timestamp
```

This proves to third parties that your entire audit trail existed at a particular time.

## Computing the root

```bash theme={null}
# CLI
plog verify --agent-id my-agent  # includes Merkle root

# API
GET /v1/merkle/root
```

The root is computed on demand — it reflects the current state of all stored events.
