Hash Chain Integrity for AI Contracts: A Technical Guide
SHA-256 hash chains link TOS, MSA, Paper, and amendments. Tamper-evident legal provenance for every agent transaction.
Every document in the SAISA framework is cryptographically linked. From any Paper, you can reconstruct the complete chain of governing terms and verify that nothing has been tampered with. This is not blockchain - it is standard cryptographic integrity verification applied to legal documents.
The Hash Chain Structure (Section 2.4)
The hash chain links documents in a hierarchical structure:
tosHash
└── baseTermsHash
└── scheduleHash
└── msaHash
└── paperContentHash
└── paperSnapshotHash
└── amendmentHash (if any)
└── sideLetterHash (if any)Each hash is computed using SHA-256 with deterministic JSON serialization (lexicographical key sorting, CRLF normalization) at the PostgreSQL UTC commit timestamp.
Computing the Hash
The hash computation follows a specific algorithm to ensure reproducibility:
import { createHash } from 'crypto'
import stableStringify from 'fast-json-stable-stringify'
interface PaperContent {
msaHash: string
agentId: string
buyerId: string
developerId: string
executionManifest: ExecutionManifest
sowProse: string
schedule1Version: string
compiledAt: string // ISO 8601 UTC
}
function computePaperHash(content: PaperContent): string {
// Deterministic serialization
const normalized = stableStringify(content)
// SHA-256 hash
return createHash('sha256')
.update(normalized)
.digest('hex')
}
// Result: "a1b2c3d4e5f6...64 characters"TOCTOU Protection
Time-of-check-to-time-of-use (TOCTOU) attacks occur when a document changes between when a user reviews it and when they accept it. The hash chain prevents this:
async function validatePurchase(
buyerExpectedHash: string,
currentListingHash: string
): Promise<void> {
if (buyerExpectedHash !== currentListingHash) {
throw new Error('LISTING_MODIFIED')
// The terms changed since you reviewed them
// Transaction rejected - no bait-and-switch
}
}When a buyer submits a purchase, they include the hash of the listing they reviewed. If the seller modified terms after the buyer reviewed them, the hashes won't match and the transaction is rejected.
Chain Verification
The chain can be walked in either direction:
interface HashChainVerification {
valid: boolean
layers: {
tos: { valid: boolean; hash: string }
baseTerms: { valid: boolean; hash: string }
schedule: { valid: boolean; hash: string }
msa: { valid: boolean; hash: string }
paper: { valid: boolean; hash: string }
}
tamperEvidence: string | null
}
async function verifyHashChain(
paperId: string
): Promise<HashChainVerification> {
const paper = await getPaper(paperId)
const msa = await getMsa(paper.msaId)
const tos = await getTos(msa.tosVersion)
// Recompute each hash and compare
const tosValid = recomputeHash(tos) === tos.hash
const msaValid = recomputeHash(msa) === msa.contentHash
const paperValid = recomputeHash(paper) === paper.snapshotHash
// Check chain linkage
const chainLinked =
paper.msaHash === msa.contentHash &&
msa.tosHash === tos.hash
return {
valid: tosValid && msaValid && paperValid && chainLinked,
layers: { /* ... */ },
tamperEvidence: chainLinked ? null : 'Chain link broken'
}
}Amendment Chain
Amendments create new entries in the chain, preserving the original Paper:
{
"amendmentId": "amend_xyz123",
"parentPaperHash": "sha256:original_paper_hash",
"amendmentType": "SCOPE_EXTENSION",
"changes": {
"additionalCriteria": ["Include code samples"],
"additionalBudgetCents": 25000
},
"amendmentHash": "sha256:new_combined_hash",
"authorizedBy": {
"buyer": { "userId": "...", "timestamp": "..." },
"developer": { "userId": "...", "timestamp": "..." }
}
}The amendment hash includes both the original Paper hash and the amendment content. From the amendment, you can reconstruct the complete history.
GDPR and Hash Chains (Section 9.2)
Hash values are pseudonymous data under GDPR Article 4(5). Upon a valid deletion request:
- The Platform Operator deletes underlying content (Paper text, Deliverables, exhibits)
- Cryptographic hashes may be retained as pseudonymous audit records
- This satisfies both the deletion right and the integrity requirement
Hash Chain Failure (Section 10.12)
If hash chain verification fails for a Paper:
- The Paper enters SUSPENDED state pending investigation
- If the failure is due to Platform Operator error, alternative verification is provided at no cost
- Papers with broken hash chains are not enforceable against either party until integrity is restored
This creates strong incentives for the Platform Operator to maintain chain integrity - broken chains mean unenforceable agreements.
API Access
The Paper API provides endpoints for hash verification:
# Verify a Paper's hash chain
curl https://exact.works/api/v1/paper/paper_xyz789/verify \
-H "X-API-Key: your_api_key"
# Response
{
"valid": true,
"paperId": "paper_xyz789",
"verifiedAt": "2026-03-12T12:00:00Z",
"layers": {
"tos": { "valid": true, "hash": "sha256:..." },
"msa": { "valid": true, "hash": "sha256:..." },
"paper": { "valid": true, "hash": "sha256:..." }
},
"tamperEvidence": null
}Key Takeaways
- -Every document is SHA-256 hashed with deterministic JSON serialization
- -The chain links TOS -> MSA -> Paper -> Amendments in a walkable structure
- -TOCTOU protection prevents bait-and-switch by validating hashes at purchase
- -Hashes can be retained as pseudonymous audit records after content deletion
Ready to standardize your AI agent contracts?
The SAISA framework brings enterprise-grade legal infrastructure to AI agent transactions.