OpenChainGraph Chain · Client-Side Conversions

Document Sanitization Integrity

Three-node workflow that makes local metadata removal provable. Strip a file's metadata in the browser, prove exactly what was removed, bind the sanitization into a canonical receipt, and record the original and cleaned files in a hash-anchored digest manifest. Each stage produces a tamper-evident SHA-256 execution hash, and no file bytes ever leave the browser.

EXIF / Metadata Sanitization Record Digest Manifest 3 nodes W3C VC §13.11 v0.6.0
Workflow summary
Metadata strippers remove EXIF, GPS, and authoring fields but leave no evidence of what was taken out. This workflow records that evidence. Stage 1 produces a proof-of-sanitization record binding the original digest to the removed, redacted, or retained findings and the sanitized digest, plus a residual-risk analysis by file type. Stage 2 binds the sanitization edge into a canonical receipt. Stage 3 records the original and cleaned digests in one manifest. The metadata prover receives field names and categories only, never the values, because those values can themselves be personal data. Nodes: ART-193 then ART-191 then ART-194.
ART-193 Sanitization Prover ART-191 Receipt Builder ART-194 Digest Manifest ★
★ terminal node · gold border = export
Stage 1: Prove the Sanitization
1
prove_metadata_sanitization · ART-193
Bind the original digest to the removed, redacted, or retained findings and the sanitized digest, and return a residual-risk analysis by file type. The page strips JPEG and PNG metadata segments locally and computes the digests; the record carries field names and categories only, never values.
→ Open tool
MCP tool: prove_metadata_sanitization
{
  "tool": "prove_metadata_sanitization",
  "arguments": {
    "original_sha256": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
    "sanitized_sha256": "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb",
    "file_type": "jpeg",
    "findings": [
      { "field": "GPSLatitude", "category": "gps", "action": "removed" },
      { "field": "GPSLongitude", "category": "gps", "action": "removed" },
      { "field": "Make", "category": "device", "action": "removed" }
    ],
    "bytes_before": 204800,
    "bytes_after": 203100
  }
}
Stage 2: Bind the Receipt
2
build_conversion_receipt · ART-191
Bind the sanitization edge (original digest to sanitized digest, with the sanitizer as the converter identity) into a canonical receipt whose binding_sha256 is a SHA-256 over the JCS-canonical receipt.
→ Open tool
MCP tool: build_conversion_receipt
{
  "tool": "build_conversion_receipt",
  "arguments": {
    "input_sha256": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
    "output_sha256": "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb",
    "source_format": "jpeg",
    "target_format": "jpeg",
    "converter": { "name": "art-193-metadata-sanitization-prover", "version": "1.0.0" },
    "parameters": { "removed_categories": ["gps", "device"] }
  }
}
Stage 3: Record the Digest Manifest (terminal)
3
build_digest_manifest · ART-194
Record the original and cleaned file digests in one canonical, hash-anchored manifest. manifest_sha256 is a SHA-256 over the JCS-canonical sorted entries array. Final stage, exportable as Policy Mandate JSON or W3C VC.
→ Open tool
MCP tool: build_digest_manifest
{
  "tool": "build_digest_manifest",
  "arguments": {
    "entries": [
      { "name": "photo-original.jpg", "sha256": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", "bytes": 204800 },
      { "name": "photo-clean.jpg", "sha256": "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb", "bytes": 203100 }
    ],
    "purpose": "sanitized-image-release",
    "sort": "name"
  }
}
Full Chain MCP Sequence

Run the three tools in order. The sanitization digests feed the receipt builder, and the original and cleaned digests are recorded together in the manifest.

Full chain: 3 MCP calls
// Step 1: prove what metadata was removed
const step1 = await mcp.call("prove_metadata_sanitization", {
  original_sha256: "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa",
  sanitized_sha256: "bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb",
  file_type: "jpeg",
  findings: [
    { field: "GPSLatitude", category: "gps", action: "removed" },
    { field: "Make", category: "device", action: "removed" }
  ],
  bytes_before: 204800,
  bytes_after: 203100
});

// Step 2: bind the sanitization edge into a receipt
const step2 = await mcp.call("build_conversion_receipt", {
  input_sha256: step1.sanitization_record.original_sha256,
  output_sha256: step1.sanitization_record.sanitized_sha256,
  source_format: "jpeg",
  target_format: "jpeg",
  converter: { name: "art-193-metadata-sanitization-prover", version: "1.0.0" },
  parameters: { verdict: step1.verdict }
});

// Step 3: record both files in one manifest (final stage)
const step3 = await mcp.call("build_digest_manifest", {
  entries: [
    { name: "photo-original.jpg", sha256: step1.sanitization_record.original_sha256 },
    { name: "photo-clean.jpg", sha256: step1.sanitization_record.sanitized_sha256 }
  ],
  purpose: "sanitized-image-release",
  sort: "name"
});

console.log("Verdict:", step1.verdict);
console.log("Manifest:", step3.manifest.manifest_sha256);
Chain Metadata
Chain slugdocument-sanitization-integrity
Nodesart-193 → art-191 → art-194
ClusterClient-Side Conversions
StandardsJPEG (ISO/IEC 10918) · PNG (ISO/IEC 15948) · RFC 8785 (JCS)
Spec version0.6.0
Terminal exportPolicy Mandate JSON · W3C VC (§13.11)
Hash schemeSHA-256 over JCS-canonical {policy_parameters, output_payload}