Signed audit log
Hash-chained, HMAC-signed log that makes it cryptographically detectable if any record is altered or deleted.
Compliance and incident response both depend on a log you can trust. createSignedAuditLog writes each event with a sequence number, timestamp, HMAC, and a hash of the previous record β so tampering with any entry breaks the chain and verify() throws.
import { createSignedAuditLog } from '@agentskit/observability'
const audit = createSignedAuditLog({
path: '.agentskit/audit.log',
key: process.env.AK_AUDIT_KEY!,
})
const runtime = createRuntime({ adapter, observers: [audit.observer] })#Verify
const ok = await audit.verify() // throws on tamperEach record contains { seq, at, kind, payload, prevHash, hmac }.
#Related
Explore nearby
- PeerObservability
Attach loggers, tracers, and cost guards to any runtime β no code changes beyond adding an observer.
- PeerLoggers + tracers
Attach console, LangSmith, or OpenTelemetry observers to any runtime β mix and match, all receive the same event stream.
- PeerTrace viewer
Generate a self-contained HTML trace file from any run β inspect spans offline without a tracing backend.