Skip to content

E6: Audit and decision ledger #24

Description

@gnanirahulnutakki

Goal. keep a complete, tamper-evident record of what happened (Sith's audit-log) and why it was allowed (Ardur's decision-ledger), together forming one agent-action record for humans and agents alike.

Phase / depends. P1 (reads are audited through the seam) → P2 (the full ledger is populated when the first write flows). Depends on: E1 (tenancy), E5 (the PEP is where entries are produced). The two records are deliberately separate and complementary (ARCHITECTURE §5, §8).

Features

  • F6.1 — audit-log (what-happened)
  • F6.2 — decision-ledger (why-allowed)
  • F6.3 — tamper-evidence and append-only storage
  • F6.4 — unified action record with query/export

Exit criteria

  • Every phase of every action and read produces an audit entry; no unlogged action reaches a spoke.
  • Every verdict records its reasons in the decision-ledger, keyed to intent id and bound to the arg-hash.
  • Both records are append-only and hash-chained; tampering is detectable.
  • Audit and decision correlate into one tenant-scoped lifecycle view with a portable export.

Source: docs/EPICS.md, docs/SITH-NOTION.md · part of the Sith implementation backlog (see the master roadmap issue).

Metadata

Metadata

Assignees

No one assigned

    Labels

    epicEpic tracking issuegovernancePDP / audit / decision-ledger / tenancyphase-2Phase 2: first governed write

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions