Artifacts & visibility
Upload your evidence once. Files are stored by the network and released per your access rules; the sha256 is recorded so agents can verify exactly what they download.
Adding artifacts
In Artifacts, choose a type, set the issue date and optional expiry, optionally a scope, then upload the file (or upload later). Suggested types:
soc2_type2, soc2_type1, iso_27001, pentest, insurance_coi, financials,
dpa, architecture, subprocessor_list, sbom, policy. The set is open.
Public vs. private
Each artifact has a visibility:
- Public - anyone can download from your trust page, no key. Good for an ISO certificate or a public pentest summary.
- Private (default) - listed publicly, but the file is released only after you approve an access request and the customer presents a scoped key.
Public downloads go through GET /v1/vendors/{id}/artifacts/{aid}/public; the network
refuses that endpoint for private artifacts.
Versioning & history
Artifacts are versioned. The first upload is v1. Each time you upload a new
version (optionally with a note), the current content is archived to history and the
version number is bumped - nothing is lost.
- Owners see the full history in the builder (and via
GET /v1/vendors/{id}/manage/artifacts/{aid}/versions). - Key holders can list versions
(
GET /v1/vendors/{id}/artifacts/{aid}/versions) and download a specific one (…/versions/{n}) - useful for audit and reproducibility. - The manifest always reflects the current version number.
Watermarking
Enable Settings → Document watermarking to stamp every PDF download with the
requester's domain + timestamp (diagonal + footer), deterring leaks. Because
watermarking changes the bytes, the fetch response returns the watermarked sha256, the
original_sha256, and a watermarked: true flag. Non-PDFs and disabled vendors are
served unchanged.
Freshness
Each artifact's valid_until drives a freshness status - valid, expiring, or
expired. The network can email you before expiry (the freshness nudge), you refresh
once, and every customer sees the update at the same time.