Auditor

The Auditor provides tamper-proof logging for all enforcement actions.

Classes

`Auditor`

Manages the append-only log and Merkle tree verification.

`log(event: AuditEvent) -> str`

Logs an event to the audit trail. Returns the cryptographic hash of the entry.

event: An AuditEvent object containing timestamp, actor, action, and result.

`verify(trail_path: str) -> VerificationResult`

Verifies the integrity of an audit trail file.

trail_path: Path to the .jsonl audit log.
Returns: VerificationResult indicating if the chain is valid or tampered.

Data Structures

`AuditEntry`

Represents a single log entry.

id: Unique UUID.
prev_hash: Hash of the previous entry.
timestamp: ISO 8601 timestamp.
actor: Identity of the agent/user.
action: The action performed (e.g., tool_call).
policy_decision: ALLOW or DENY.