TheDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/SamBleed/opencode-obsidian/llms.txt
Use this file to discover all available pages before exploring further.
evidence-index skill creates a tamper-evident chain of custody for security audit artifacts. When you run a security audit, penetration test, or any operation that produces artifacts you need to preserve — scan outputs, ZIP archives, JSON reports — the skill calculates SHA256 checksums for every file and writes a manifest to the wiki. Any subsequent modification to the original artifact is immediately detectable by re-running the index and comparing checksums.
Evidence artifacts are indexed, not modified. The skill reads the originals, computes checksums, and writes to two destinations: wiki/meta/evidence-index.md (human-readable) and wiki/meta/evidence-manifest.json (machine-readable). The original files remain untouched.
What Gets Indexed
The skill currently indexes two artifact types out of the box:| Artifact | Type label | How it’s indexed |
|---|---|---|
report.zip | zip-evidence | SHA256 of the archive + SHA256 of every internal entry |
security-audit-report.json | security-audit-json | SHA256 of the file + summary of top-level JSON keys |
Running the Evidence Index
Via skill trigger:BUNKER_HOME to the repo root and runs an embedded Python script that handles all hashing, manifest generation, and index writing. No external dependencies are required beyond Python 3.10+.
CLI Output
How Checksums Are Computed
Thebin/evidence-index.sh script uses Python’s stdlib hashlib module with SHA256. Files are read in 1 MB chunks to handle large archives without memory pressure:
report.zip), the script additionally opens the archive with zipfile.ZipFile and computes a SHA256 for each internal entry. This detects tampering at the individual-file level inside the archive, not just at the archive level.
Output Files
wiki/meta/evidence-index.md
A human-readable Obsidian page written with this structure:wiki/meta/evidence-manifest.json
A machine-readable JSON manifest:The security-audit-report.json Format
The bundledsecurity-audit-report.json is a Trivy scan output (schema version 2). Key top-level fields:
| Field | Description |
|---|---|
SchemaVersion | Trivy schema version (currently 2) |
Trivy.Version | Trivy CLI version that produced the report |
ReportID | UUID for this specific scan run |
CreatedAt | ISO 8601 timestamp of the scan |
ArtifactID | SHA256 digest of the scanned artifact |
ArtifactName | Target path or repository name scanned |
ArtifactType | repository, image, or filesystem |
Metadata | Git metadata: RepoURL, Branch, Commit, CommitMsg, Author |
Results | Array of scan results — one entry per target file (go.mod, package.json, etc.) |
Results contains a Target (file path), Class (e.g., lang-pkgs), Type (e.g., gomod), and Packages or Vulnerabilities arrays.
Safety model — evidence artifacts are indexed, not modified. The skill writes only to
wiki/meta/evidence-index.md and wiki/meta/evidence-manifest.json. It never alters report.zip or security-audit-report.json. If an artifact comes from a historical repository state, the index note says so explicitly: “Stored as original audit output; review before using as current truth.”Integration with the Wiki
Evidence pages are linked from wiki pages — they are not duplicated. When writing an audit analysis or security note inwiki/, reference the evidence index:
When to Use
Run./bin/evidence-index.sh (or evidence-index) after:
- Completing a security audit or penetration test that produces a
report.zip - Generating a new Trivy/scanner output in
security-audit-report.json - Any operation that produces artifacts you need to preserve with verifiable integrity
- Before archiving an audit cycle — index the final state so future comparison is possible
wiki/meta/evidence-manifest.json.