Goal. keep a complete, tamper-evident record of what happened (Sith's audit-log) and why it was allowed (Ardur's decision-ledger), together forming one agent-action record for humans and agents alike.
Phase / depends. P1 (reads are audited through the seam) → P2 (the full ledger is populated when the first write flows). Depends on: E1 (tenancy), E5 (the PEP is where entries are produced). The two records are deliberately separate and complementary (ARCHITECTURE §5, §8).
Features
Exit criteria
- Every phase of every action and read produces an audit entry; no unlogged action reaches a spoke.
- Every verdict records its reasons in the decision-ledger, keyed to intent id and bound to the arg-hash.
- Both records are append-only and hash-chained; tampering is detectable.
- Audit and decision correlate into one tenant-scoped lifecycle view with a portable export.
Source: docs/EPICS.md, docs/SITH-NOTION.md · part of the Sith implementation backlog (see the master roadmap issue).
Goal. keep a complete, tamper-evident record of what happened (Sith's audit-log) and why it was allowed (Ardur's decision-ledger), together forming one agent-action record for humans and agents alike.
Phase / depends. P1 (reads are audited through the seam) → P2 (the full ledger is populated when the first write flows). Depends on: E1 (tenancy), E5 (the PEP is where entries are produced). The two records are deliberately separate and complementary (ARCHITECTURE §5, §8).
Features
Exit criteria
Source:
docs/EPICS.md,docs/SITH-NOTION.md· part of the Sith implementation backlog (see the master roadmap issue).