Audit API

Immutable, hash-chained audit logs for compliance.

List Audit Entries

GET /audit

Headers

Header	Required	Description
`X-API-Key`	Yes	Your API key

Query Parameters

Parameter	Type	Description
`event_type`	string	Filter by event type
`agent_id`	UUID	Filter by agent
`after`	datetime	Entries after this time
`before`	datetime	Entries before this time
`limit`	int	Max results

Response

[
  {
    "id": "entry-uuid",
    "sequence_number": 12345,
    "event_type": "txn.started",
    "organization_id": "org-uuid",
    "agent_id": "agent-uuid",
    "metadata": {
      "transaction_id": "txn-uuid",
      "action_type": "transfer_funds"
    },
    "entry_hash": "sha256:abc123...",
    "previous_hash": "sha256:xyz789...",
    "timestamp": "2025-01-16T14:30:00Z"
  }
]

Event Types

Event	Description
`org.created`	Organization created
`agent.created`	Agent registered
`agent.revoked`	Agent revoked
`auth.token_issued`	JWT token issued
`auth.token_revoked`	Token revoked
`session.started`	Session created
`session.ended`	Session ended
`txn.started`	Transaction began
`txn.committed`	Transaction completed
`txn.rolled_back`	Transaction rolled back

Verify Chain Integrity

Verifies the audit log hash chain hasn't been tampered with.

GET /audit/verify

Response

{
  "is_valid": true,
  "entries_checked": 12345,
  "first_sequence": 1,
  "last_sequence": 12345,
  "verified_at": "2025-01-16T14:30:00Z"
}

If tampering detected:

{
  "is_valid": false,
  "entries_checked": 5000,
  "break_point": 4532,
  "error": "Hash mismatch at sequence 4532"
}