Every deploy. Anchored.

Each container image SHA, the git commit it was built from, and the deployer’s identity get written into Knox the moment a Cloud Run revision goes live. The chain is hash-linked and hourly Bitcoin-anchored via the same pipeline that protects customer events.