Lab testing
Ledger
Tamper-evident PostgreSQL extension for append-only table history
Ledger is delivered as a PostgreSQL extension that turns selected tables into append-only, hash-linked audit ledgers with checkpoints, schema tracking, verification helpers, Linux packages, and bundled PostgreSQL images.
Current capabilities
- Installs as a PostgreSQL extension instead of a standalone service
- Enables table-level ledgering with the extension SQL lifecycle functions
- Maintains chained row hashes, checkpoints, schema history, table policies, and external anchor records
- Exports proofs, verification results, and anchor payloads through SQL functions
- Blocks UPDATE and DELETE and installs a DDL guard for ledger-enabled tables
Not in scope yet
- Other database engines beyond PostgreSQL
- A separate control plane or cluster manager
What ships on day one
- Opt-in per-table activation with backfill, checkpointing, and append-only triggers
- Hash-linked row chain plus schema history, proof export, and verification helpers
- Linux RPM/DEB packages and bundled PostgreSQL container images for PostgreSQL 16, 17, and 18
Deployment reality
Deploy with Docker: pull the PostgreSQL-version-matched Ledger image (16/17/18), run it with standard POSTGRES_* environment variables, then create the extension in the database.
- Self Hosted
Operational assumptions
- Ledgering is opt-in per table rather than global to the database
- Protected tables accept inserts but reject updates and deletes
- Checkpoint, policy, schema, and anchor metadata live inside PostgreSQL with the extension
- PostgreSQL remains responsible for authn, authz, backup, and replication
- The extension package must match the PostgreSQL major version and architecture
Current boundaries
- Not a standalone datastore anymore
- Not a replacement for native PostgreSQL security controls
- Not yet available for non-PostgreSQL databases
Platform guarantees
Core extension behaviors in the current release.
Invariant 1
Extension-managed tables gain four Ledger-managed columns for sequence, timestamp, row hash, and previous hash.
Invariant 2
Each insert derives a row hash from table identity, sequence, prior hash, schema fingerprint, and canonicalized payload.
Invariant 3
The first ledgered row starts from a zero-filled genesis hash sized to the current SHA-256 digest.
Invariant 4
UPDATE and DELETE are rejected by the extension-managed triggers installed during enablement.
Invariant 5
Disabling Ledger removes extension-managed triggers and drops the ledger columns cleanly.
Install surface
The extension ships in published PostgreSQL Docker images on GHCR with Ledger files preloaded while preserving the base Postgres runtime contract.
Enable and backfill
Enablement adds the ledger columns, installs the triggers, records schema metadata, and can deterministically backfill existing rows.
Verification and proofs
Full-table verification, bounded-range verification, checkpoint-based verification, row debugging, and proof export are part of the current extension surface.
Checkpoints and anchors
Checkpoint creation, checkpoint policies, anchor payload export, anchor registration, signature attachment, and status updates are implemented today.
SQL surface
What database operators call directly.
SELECT ledger_status();Returns whether the extension is installed.
SELECT ledger_enable('public.events', true, 'id');Enables deterministic backfill for an existing table.
SELECT * FROM ledger.ledger_create_checkpoint('public.events');Returns the current checkpoint row.
SELECT * FROM ledger.ledger_verify_table('public.events');Returns structured verification results.
SELECT * FROM ledger.ledger_export_anchor_payload('public.events', 100);Exports the payload used for external anchoring of checkpoint 100.
Operational readiness
Ready to roll out the extension?
- Published GHCR PostgreSQL Docker images exist for PostgreSQL 16, 17, and 18
- Docker-based install path is available for version-matched PostgreSQL deployments
- Enable/disable, policy, checkpoint, schema, proof, and anchor flows are explicit SQL calls
Email labs@titaniumguard.in to review table eligibility, migration strategy, and rollout sequencing.