SHA-256

Cryptographic integrity verification.

What is it?

SHA-256 is a cryptographic hash function that produces a unique 256-bit (32-byte) fingerprint for any input. Change a single byte of the input and the hash changes completely. It is computationally infeasible to find two different inputs that produce the same hash.

In Membot

Every brain cartridge includes a _manifest.json file containing SHA-256 hashes of all cartridge components. When a cartridge is mounted, Membot recomputes the hashes and compares them to the manifest. If any file has been tampered with, the mount is rejected.

// Example _manifest.json
{
  "name": "web4-docs",
  "version": "1.0.0",
  "model": "nomic-ai/nomic-embed-text-v1.5",
  "entries": 24817,
  "hashes": {
    "_index.npz": "a3f8c9...d41e",
    "_text.db": "7b2e01...f983",
    "_brain.npy": "e5c412...b07a"
  }
}

Why it matters

Brain cartridges are designed to be portable — shared, downloaded, and swapped between systems. Without integrity verification, a tampered cartridge could inject false memories into an agent's recall. SHA-256 hashing ensures that what you mount is exactly what was built.

Properties

Deterministic — same input always produces the same hash
Avalanche effect — a single changed bit produces a completely different hash
One-way — cannot reconstruct the input from the hash
Collision resistant — infeasible to find two inputs with the same hash

SHA-256

What is it?

In Membot

Why it matters

Properties

Further reading