Skip to main content
SCSyndicate Code
Get Started

Audit

Every governed execution produces a durable, append-only audit record. The audit chain is cryptographically linked — each event references the hash of the prior event, making gaps or modifications detectable.

What is recorded

Every proposal intake, policy evaluation, approval decision, permit issuance, tool execution, and trust state transition is recorded as an evidence event. The raw request and response for external tool calls (including MCP) are audit evidence.

Invariants

  • The audit chain must be continuous and verifiable at all times.
  • Audit-before-effect guarantee: An intent event MUST be successfully emitted to the audit chain before any tool execution. If the event write fails, execution is hard-blocked and the tool is never called.
  • Audit records are immutable after write.
  • Trust state is authoritative control-plane state — not cache, not hint. Trust transitions are durable events reconstructable from history.

Verification

syndicate audit verify

A clean chain reports successful continuity verification and exits 0. Any gap, hash mismatch, or missing anchor exits non-zero.

Querying and exporting

syndicate audit log --session <id> --output ndjson
syndicate audit export <session-id> --format ndjson --out audit.ndjson
syndicate audit replay <session-id> --stage policy

In this section

  • Chain — hash-linked event log, genesis anchor, chain integrity
  • Evidence Model — evidence classes, event schema, required fields
  • Permits — permit lifecycle, fields, revocation
  • Trust State — per-boundary trust, accumulation, revocation
  • Verification — chain verification, replay, export