FlowGuard API - v1.2.0-tp.1
    Preparing search index...

    Interface ChainedAuditEvent

    Extended audit event with hash chain fields. These fields are added by the factory functions and stored in the JSONL trail.

    Hash chain integrity:

    • prevHash: hash of the previous event (or "genesis" for the first event)
    • chainHash: SHA-256(prevHash + JSON(this event without chainHash))
    • To verify: recompute chainHash from prevHash + event data, compare

    Actor identity (P27):

    • actor: Classification label — "human", "machine", or "system" (backward-compat string)
    • actorInfo: Optional structured identity (id, email, source). Present on human-influenced events (lifecycle, tool_call, decision). Absent on machine-only events (transition, error). When absent, JSON.stringify omits the field — chain hash stays identical for pre-P27 events.
    interface ChainedAuditEvent {
        id: string;
        sessionId: string;
        phase: string;
        event: string;
        timestamp: string;
        actor: string;
        auditFormatVersion: AuditFormatVersion;
        actorInfo?: Readonly<
            {
                id: string;
                email: string
                | null;
                displayName?: string | null;
                source: "unknown" | "env" | "git" | "claim" | "oidc";
                assurance: "best_effort" | "claim_validated" | "idp_verified";
                verificationMeta?: Readonly<
                    {
                        issuer: string;
                        audience: string[];
                        keyId: string;
                        algorithm: string;
                        verifiedAt: string;
                    },
                >;
            },
        >;
        detail: Readonly<Record<string, unknown>>;
        prevHash: string;
        chainHash: string;
        canonicalEventDigest?: string;
        timestampEvidence?: {
            status:
                | "local"
                | "ntp_checked"
                | "tsa_stamped"
                | "tsa_verified"
                | "tsa_failed";
            source: "local_clock"
            | "ntp"
            | "tsa";
            ntp?: { offsetMs: number; server: string; driftWarned: boolean };
            tsa?: {
                tokenDerBase64: string;
                receivedAt: string;
                messageImprint?: string;
                digestAlgorithm?: string;
                policyOid?: string;
                serialNumber?: string;
                tsaTimestamp?: string;
                signerSubject?: string;
                verificationStatus: "unchecked" | "valid" | "invalid";
                verificationReason?: string;
            };
            warning?: string;
            resolvedAt: string;
        };
        enforcementLevel?: "advisory"
        | "synchronous"
        | "hook_gated";
    }
    Index

    Properties

    id: string
    sessionId: string
    phase: string
    event: string
    timestamp: string
    actor: string
    auditFormatVersion: AuditFormatVersion
    actorInfo?: Readonly<
        {
            id: string;
            email: string
            | null;
            displayName?: string | null;
            source: "unknown" | "env" | "git" | "claim" | "oidc";
            assurance: "best_effort" | "claim_validated" | "idp_verified";
            verificationMeta?: Readonly<
                {
                    issuer: string;
                    audience: string[];
                    keyId: string;
                    algorithm: string;
                    verifiedAt: string;
                },
            >;
        },
    >
    detail: Readonly<Record<string, unknown>>
    prevHash: string
    chainHash: string
    canonicalEventDigest?: string

    SHA-256 of event without timestampEvidence and chainHash. TSA anchoring.

    timestampEvidence?: {
        status:
            | "local"
            | "ntp_checked"
            | "tsa_stamped"
            | "tsa_verified"
            | "tsa_failed";
        source: "local_clock"
        | "ntp"
        | "tsa";
        ntp?: { offsetMs: number; server: string; driftWarned: boolean };
        tsa?: {
            tokenDerBase64: string;
            receivedAt: string;
            messageImprint?: string;
            digestAlgorithm?: string;
            policyOid?: string;
            serialNumber?: string;
            tsaTimestamp?: string;
            signerSubject?: string;
            verificationStatus: "unchecked" | "valid" | "invalid";
            verificationReason?: string;
        };
        warning?: string;
        resolvedAt: string;
    }

    Timestamp assurance evidence (NTP offset, TSA token, verification status).

    enforcementLevel?: "advisory" | "synchronous" | "hook_gated"

    Enforcement level active when this event was recorded. Optional for backward compatibility: pre-HAI events omit this field.

    v1.3.0 (HAI #242)