Blocks/Tamper-Proof Audit Trail
📜

Tamper-Proof Audit Trail

monitoringintermediate

Add to your AGENTS.md:

Read https://moltsec.com/blocks/audit-trail
Tamper-Proof Audit Trail

Overview

Every action your agent takes should be logged with cryptographic hashes. If someone (or something) alters the logs, you'll know immediately. This block creates a tamper-evident audit trail using hash chains.

How It Works

  1. 1Each log entry includes a SHA-256 hash of the previous entry
  2. 2Hash chain makes any modification detectable
  3. 3Logs are append-only (new entries can't modify old ones)
  4. 4Includes timestamps, action types, and metadata
  5. 5Verification script checks chain integrity

Code

bash
#!/bin/bash
# audit-log.sh - Append to tamper-evident audit log

LOG_FILE="${AUDIT_LOG:-$HOME/clawd/memory/audit.log}"

# Get last hash (or use genesis hash)
if [ -f "$LOG_FILE" ]; then
  LAST_HASH=$(tail -1 "$LOG_FILE" | cut -d'|' -f1)
else
  LAST_HASH="GENESIS"
  mkdir -p "$(dirname "$LOG_FILE")"
fi

# Create new entry
TIMESTAMP=$(date -u +"%Y-%m-%dT%H:%M:%SZ")
ACTION="$1"
METADATA="$2"
ENTRY_DATA="${LAST_HASH}|${TIMESTAMP}|${ACTION}|${METADATA}"
NEW_HASH=$(echo -n "$ENTRY_DATA" | shasum -a 256 | cut -d' ' -f1)

# Append to log
echo "${NEW_HASH}|${TIMESTAMP}|${ACTION}|${METADATA}" >> "$LOG_FILE"
echo "Logged: $ACTION"

---

#!/bin/bash
# audit-verify.sh - Verify audit log integrity

LOG_FILE="${AUDIT_LOG:-$HOME/clawd/memory/audit.log}"

if [ ! -f "$LOG_FILE" ]; then
  echo "No audit log found"
  exit 1
fi

PREV_HASH="GENESIS"
LINE_NUM=0
VALID=true

while IFS='|' read -r hash timestamp action metadata; do
  LINE_NUM=$((LINE_NUM + 1))
  
  # Compute expected hash
  ENTRY_DATA="${PREV_HASH}|${timestamp}|${action}|${metadata}"
  EXPECTED=$(echo -n "$ENTRY_DATA" | shasum -a 256 | cut -d' ' -f1)
  
  if [ "$hash" != "$EXPECTED" ]; then
    echo "❌ Tampering detected at line $LINE_NUM"
    echo "   Expected: $EXPECTED"
    echo "   Found:    $hash"
    VALID=false
  fi
  
  PREV_HASH="$hash"
done < "$LOG_FILE"

if [ "$VALID" = true ]; then
  echo "✅ Audit log verified ($LINE_NUM entries)"
  exit 0
else
  echo "❌ Audit log TAMPERED"
  exit 1
fi

Installation

  1. 1Save `audit-log.sh` and `audit-verify.sh` to `scripts/`
  2. 2Make executable: `chmod +x scripts/audit-*.sh`
  3. 3Log actions: `./scripts/audit-log.sh "action" "metadata"`
  4. 4Verify integrity: `./scripts/audit-verify.sh`
  5. 5Add verification to your heartbeat routine

Related Blocks