Audit trail
Every signed action in Oris lands in the audit trail. Append-only by row-level security and on-chain anchor. Retention is seven years from created_at.
What gets logged
| Class | Examples |
|---|---|
| Transactions | payment.completed, payment.blocked, payment.escalated |
| Policy events | policy.evaluated, policy.denied, policy.escalated |
| Key mutations | key.registered, key.rotated, key.deleted |
| Agent state | kya.promoted, kya.demoted, agent.suspended |
| Compliance | sanctions.matched, revocation.added, sar.flagged |
Hash chain
Every row carries:
hash_chain_prev = previous_row.hash_chain_currhash_chain_curr = sha256(hash_chain_prev || row_canonical_bytes)Tampering with any row breaks the next row’s link. The verify endpoint walks the chain and confirms against the on-chain anchor.
On-chain anchor
Every hour Oris computes a Merkle root over the new entries and writes it to OrisAuditLogRegistry on Base Sepolia (0xAde6DC06178904194FaE72CC83C6d2ec65Ed34c8). The contract is pausable, append-only, and emits an event on every commit.
The combination of hash chain + on-chain anchor means that even an operator with full database access cannot rewrite history. The next anchor commit would expose the tampering.
SAR auto-flag
Rows automatically receive sar_flagged = true when:
risk_tier = HighorBlockedsanctions_clean = falseamount_usd_e6 >= 10_000_000_000(ten thousand US dollars under the BSA threshold)- Tier 1 revocation event affecting the agent within the last twenty-four hours
Flagged rows roll up into the regulator review queue. The portal serves them filtered, sorted, and ready for SAR draft.
Retention
Seven years from created_at (BSA + AMLD horizon). A daily sweeper deletes expired rows and their sealed envelopes. The on-chain anchor remains because a Merkle root contains no PII.
Disclosure flow
The audit row is the pointer. The sealed envelope is the content. Disclosure requires:
- Regulator JWT scoped to
audit.readorenvelope.unseal. - For envelope unseal, a quorum signature (threshold AGE).
See regulator portal for the full disclosure walkthrough.
Where to go next
- L7 Audit for the cryptographic ground truth.
- Activity log feature for the operator view.
- Sealed envelope for the encryption model.