Audit log

The audit log is the load-bearing artifact behind Kenaz's "you can prove what happened" pitch. Every event that enters or leaves the Sandbox VM gets a structured row in the log before it's allowed through.

🚧 Stub. Replace each section as the schema and storage layer firm up.

Event schema (TBD)

Tentative shape:

type AuditEvent = {
  id: string;            // ULID
  session_id: string;
  occurred_at: string;   // RFC 3339
  kind:
    | 'session.start'
    | 'session.end'
    | 'prompt.sent'
    | 'response.received'
    | 'tool.invoked'
    | 'tool.completed'
    | 'policy.allow'
    | 'policy.deny';
  payload: object;       // kind-specific
  prev_hash: string;     // hash of the previous event
  hash: string;          // hash(prev_hash || canonical(payload))
};

The prev_hash / hash chain makes tampering detectable: rewriting any historical event invalidates every later hash.

Local storage

📝 TODO: SQLite path, retention policy, vacuum schedule, where the encryption key lives.

Optional sync to S3 (enterprise)

For enterprise customers who need the audit log off-device for compliance, the harness can sync events to a customer-provided S3 bucket. The harness batches events and writes them as line-delimited JSON files keyed by session.

📝 TODO: bucket policy template, IAM role docs, sync interval defaults.

Querying the log

🚧 TODO. Document: the in-app log viewer, the kenaz audit export CLI for raw event dumps, and the suggested structure for downstream analytics (likely Athena over the S3-synced JSONL).

Event schema (TBD)​

Local storage​

Optional sync to S3 (enterprise)​

Querying the log​

Event schema (TBD)

Local storage

Optional sync to S3 (enterprise)

Querying the log