A .surx container is a queryable dataset with an Ed25519 signature, encrypted columns, and an audit trail. Verification names the exact file that changed — and a public transparency log makes the proof independent of you.
Apache-2.0 · Python 3.10+ · verify is free, forever · read the threat model
Training sets, evals and client deliverables move through vendors, buckets and laptops. A signature proves who produced exactly these bytes — long after they left your infra.
Checksum mismatch tells you nothing. surx verify reports the exact entry modified, added or removed — and whether the audit log was rewritten. Exit 1 stops the pipeline.
Encrypt columns, not files. Recipients query everything else without the passphrase; sidecars are cryptographically bound so they can't be spliced between containers.
Write the container, encrypt sensitive columns, sign with your key.
One call appends it to the transparency log. The proof no longer depends on trusting you.
Consumers and CI verify offline against the seal, online against the log.