Skip to main contentModule integrity
Source - LineVerification
- Verification result for a single line.
- VerificationResult
- Verification result for the entire audit log.
- compute_chain_hmac
- Compute the HMAC for an audit line, chained with the previous hash.
Chain formula: HMAC(key, previous_hash || line_content)
- is_using_default_key
- Returns true if the HMAC key is the hardcoded default (publicly known).
- last_chain_hash
- Read the last HMAC hash from an audit log file for chaining.
Returns “genesis” if the file is empty or has no signed lines.
- parse_line
- Extract the content and HMAC from a signed line.
Returns (content, hmac_hex) or (content, None) for unsigned lines.
- sign_line
- Append integrity hash to an audit JSONL line.
Format: original_json\t#HMAC:hexhash
- verify_audit_log
- Verify the integrity of an audit log file.
- warn_if_default_key
- Emit a one-time warning if the default key is in use.
Called on every audit write so the operator is aware.