Audit Guide

Anchor maintains a hash-chained audit trail of every operation. This provides tamper-evident logs for security reviews, compliance, and debugging.

What is Hash-Chaining?

Every audit log entry includes:

• A cryptographic hash (SHA-256) of the entry
• The hash of the previous entry (creating a chain)

This means if anyone modifies a log entry, all subsequent hashes become invalid. You get tamper-evident logs for security reviews.

Querying Audit Logs

# Query audit events
events = anchor.audit.query(
    agent.id,
    operations=["data.write", "data.delete"],
    limit=100
)

for event in events:
    print(f"{event.timestamp}: {event.operation} on {event.resource}")
    print(f"  Result: {event.result}")  # "allowed" or "blocked"
    print(f"  Hash: {event.hash}")

Verifying Chain Integrity

# Verify logs haven't been tampered with
verification = anchor.audit.verify(agent.id)

print(verification.valid)          # True = chain intact
print(verification.events_checked) # Number of events verified

Exporting for Compliance

# Export audit logs for compliance
export = anchor.audit.export(agent.id, format="json")
print(export.download_url)

Use Cases

• Security Reviews: Show what your agent did and prove logs haven't been tampered with
• Compliance: Export logs for GDPR, CCPA, or internal audits
• Debugging: Find when something went wrong and what changed
• Accountability: Track which agent performed which operations

For more details, see the Audit API reference.