Audit integrity

Covenant writes a local SHA-256 hash-chain sidecar next to the audit JSONL log. For events.jsonl, the sidecar is events.chain.jsonl. The primary log remains readable as one JSON event per line.

Sidecar entry

{
  "index": 0,
  "event_id": "uuid",
  "timestamp_ms": 1714938000000,
  "event_hash_hex": "sha256(event-json-line)",
  "previous_hash_hex": "0000…0000",
  "chain_hash_hex": "sha256(previous + '\n' + event_hash)"
}

Verify

covenant audit verify
covenant audit verify --json

GET /audit/verify
Authorization: Bearer <operator-token>

Both routes return an AuditIntegrityReport containing events, anchors, valid, root_hash_hex, and deterministic failure messages. The daemon restricts this report to the operator identity because it exposes global audit metadata.

Boundary

This is local tamper evidence. It detects retained-row edits, missing sidecar entries, and chain mismatches after local anchoring. Covenant can generate and verify unsigned audit-root attestations from this report, but it does not prevent deletion or replacement of both files by a host-level attacker and it does not yet publish signed roots to a transparency log.

Root signing direction

The implemented first step is an unsigned covenant.audit-root-attestation.v1 payload that binds the retained event count, anchor count, root hash, subject commit, task or release id, timestamp, and validation evidence. Project signing identity and transparency-log publication remain planned.

covenant audit verify > audit-report.json
node agent-os/scripts/provenance.mjs audit-root write \
  --report audit-report.json \
  --task <task-id> \
  --commit <commit> \
  --out docs/provenance/audit-roots/<commit>-audit-root.json

node agent-os/scripts/provenance.mjs audit-root verify \
  --file docs/provenance/audit-roots/<commit>-audit-root.json

Related