ReadonlysessionId
sessionId: string
Readonlyphase
phase: string
Readonlyevent
event: string
Readonlytimestamp
timestamp: string
Readonlyactor
actor: string
Optional ReadonlyactorInfo
actorInfo?: Readonly<
{
id: string;
email: string
| null;
displayName?: string | null;
source: "unknown" | "env" | "git" | "claim" | "oidc";
assurance: "best_effort" | "claim_validated" | "idp_verified";
verificationMeta?: Readonly<
{
issuer: string;
audience: string[];
keyId: string;
algorithm: string;
verifiedAt: string;
},
>;
},
>
Readonlydetail
detail: Readonly<Record<string, unknown>>
ReadonlyprevHash
prevHash: string
ReadonlychainHash
chainHash: string
Optional ReadonlycanonicalEventDigest
canonicalEventDigest?: string
Optional ReadonlytimestampEvidence
timestampEvidence?: {
status:
| "local"
| "ntp_checked"
| "tsa_stamped"
| "tsa_verified"
| "tsa_failed";
source: "local_clock"
| "ntp"
| "tsa";
ntp?: { offsetMs: number; server: string; driftWarned: boolean };
tsa?: {
tokenDerBase64: string;
receivedAt: string;
messageImprint?: string;
digestAlgorithm?: string;
policyOid?: string;
serialNumber?: string;
tsaTimestamp?: string;
signerSubject?: string;
verificationStatus: "unchecked" | "valid" | "invalid";
verificationReason?: string;
};
warning?: string;
resolvedAt: string;
}
Optional ReadonlyenforcementLevel
enforcementLevel?: "advisory" | "synchronous" | "hook_gated"
Extended audit event with hash chain fields. These fields are added by the factory functions and stored in the JSONL trail.
Hash chain integrity:
prevHash: hash of the previous event (or "genesis" for the first event)chainHash: SHA-256(prevHash + JSON(this event without chainHash))Actor identity (P27):
actor: Classification label — "human", "machine", or "system" (backward-compat string)actorInfo: Optional structured identity (id, email, source). Present on human-influenced events (lifecycle, tool_call, decision). Absent on machine-only events (transition, error). When absent, JSON.stringify omits the field — chain hash stays identical for pre-P27 events.