v2.2.1 is a stability milestone. The core now enforces:

- Tamper-evident, hash-linked state history - Deterministic state + replay (same input → same state hash) - Crash-safe atomic persistence (no partial state) - Concurrency protection (no silent overwrite) - Strong integrity fail-closed model - Key lifecycle + rotation without data loss

Crypthold is not a secret manager and not a database. It is a verifiable state substrate for security-sensitive software.

If a single bit changes, integrity breaks. If history changes, root hash breaks. If state replays, hash matches.

Repo, spec, and invariants: https://github.com/laphilosophia/crypthold

Technical feedback is welcome — especially around invariants, replay model, and failure semantics.