Expand description
Append-only, hash-chained event log (SQLite).
Every observed command becomes one immutable row. Each row’s hash is
SHA-256(prev_hash || canonical(row)), so any edit to a past row — or any
reordering — breaks the chain and is detectable by EventLog::verify_chain.
Security spine: the event chain is append-only. Day-to-day “delete” is
redaction — an append-only redactions row that hides
an entry from views while the original row and the hash chain stay intact and
verifiable. True erasure is the separate, explicit EventLog::purge_matching
(hard delete + re-chain): it deliberately rewrites history for the purged span
and records a marker event, and is never invoked automatically.
Structs§
- Event
Log - Handle to the append-only event log.
- Filter
- A filter over the event log, used by views, redaction, and purge.
- Logged
Event - A single immutable row of the event log.
- Pending
Item - One entry in the approval queue (a held command awaiting a human decision).
Enums§
- Chain
Status - The result of verifying the hash chain.
- LogError
- Errors from the event log.
Constants§
- GENESIS_
HASH - The genesis predecessor hash for the very first event.