Skip to content

Tamper-evident append-only fault audit log #483

Description

@mfaferek93

Persist an append-only, hash-chained audit log of fault state transitions so the fault history is verifiable and any edit or deletion is detectable.

  • Append-only table, one immutable row per fault state-transition (occurred/confirmed/cleared/ack); no UPDATE/DELETE.
  • On insert compute record_hash = sha256(prev_hash + canonical(event)); store record_hash + prev_hash + monotonic seq; maintain a persisted chain head. Hash is set once at insert, never recomputed.
  • Provide a verify routine over the persisted chain and a read API returning the ordered log + current head.
  • Configurable: enable flag (default off, since it adds write + storage overhead); which transitions to log (all vs confirmed-only); retention/rotation that seals a segment (persisting its final head as an anchor) before pruning, so the remaining history stays verifiable.
  • Acceptance: each fault transition appends a chained row when enabled; verify confirms an untampered chain; editing or deleting any past row makes verify fail; with the feature off there is no audit-log overhead.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type
No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions