Skip to content

docs: add AUDIT_CHAIN.md wire spec#9

Merged
keirsalterego merged 1 commit into
mainfrom
docs/audit-chain-spec
May 23, 2026
Merged

docs: add AUDIT_CHAIN.md wire spec#9
keirsalterego merged 1 commit into
mainfrom
docs/audit-chain-spec

Conversation

@keirsalterego

@keirsalterego keirsalterego commented May 23, 2026

Copy link
Copy Markdown
Contributor

Summary

Adds AUDIT_CHAIN.md — the wire-level specification for the SHA-256 hash-chained JSONL audit log shared between the Rust proxy and the private Python worker.

Targets compliance reviewers and customers who want to verify their own audit files independently of the platform.

Contents

  • File layout (one daily JSONL, chain continues across files)
  • Entry shape for Rust action entries and Python wrapped entries
  • Hash computation rules including canonical-JSON and the | separator on the Rust side
  • Genesis sentinel value
  • ~30-line reference verifier in Python that handles both entry shapes and detects tamper/truncation
  • Chain continuity across restarts, tied to tests in both implementations
  • Durability properties (append-only, fsync after every entry)
  • Field-stability commitments

Why

A customer compliance team needs to be able to run an independent verifier against their SOC 2 evidence export. The format had no public spec until this PR.

Depends on / merges after

#8 — foundation rewrite. Cross-refs to ARCHITECTURE.md, THREAT_MODEL.md, API_REFERENCE.md resolve once that lands.

Test plan

  • Pull the branch, run the reference verifier against a real audit dir, confirm OK
  • Confirm Python ↔ Rust dispatch rule in the verifier matches both formats actually on disk
  • Cross-link check after foundation PR lands

@keirsalterego
docs: add AUDIT_CHAIN.md wire spec
f8bda02 
Standalone specification for the SHA-256 hash-chained audit log
shared between vyrox-proxy (Rust) and the private worker side
(Python). Targets compliance reviewers and customers who want to
verify their own audit files independently.

Contents:

- File layout (one daily JSONL, chain continues across files)
- Entry shape for both Rust action entries and Python wrapped entries
- Hash computation rules including the canonical-JSON requirement
  and the | separator on the Rust side
- Genesis sentinel value
- Reference verifier in about thirty lines of Python that handles
  both entry shapes and detects tamper / truncation
- Chain continuity across process restarts, tied to tests in both
  implementations
- Tamper-detection properties and the truncation mitigation
- Durability properties (append-only, fsync after every entry)
- Field-stability commitments

This unblocks a customer compliance team running an independent SOC 2
evidence verification pipeline against the JSONL export. Cross-refs
to ARCHITECTURE.md, THREAT_MODEL.md, and API_REFERENCE.md will resolve
once the foundation PR (#8) merges.
Copilot AI review requested due to automatic review settings May 23, 2026 17:34
@keirsalterego keirsalterego merged commit c4a6db2 into main May 23, 2026
1 check failed
This was referenced May 23, 2026
Merged
Merged
@keirsalterego keirsalterego review requested due to automatic review settings May 23, 2026 17:59
keirsalterego added a commit that referenced this pull request May 23, 2026
@keirsalterego
docs: replace ROADMAP with capability-focused public version
23dddf2 
The previous ROADMAP carried ARR targets, pilot counts, quarterly
revenue numbers, and an MSP channel percentage. That material moved
to vyrox-design-partners/docs/gtm/INTERNAL_ROADMAP_WITH_TARGETS.md
in PR #9 of that repo. This commit lands its replacement.

The new ROADMAP is organised by capability, not by quarter or by
revenue tier. Sections:

- Recently shipped: the sixteen blockers from the May 2026 audits
  (eight P0 + eight P0.5), each described as a public contract
  change with the file paths a reader can verify.
- In flight: items that touch a public contract, with the actual
  bottleneck called out (Postgres before tenant 25, retry runner
  not yet wired into worker entrypoint, etc).
- Planned, not started: public OpenAPI spec, customer-side audit
  verifier binary, EU data region, web operator interface trigger
  conditions.
- Adapter coverage: shipped vendors plus on-demand future adapters.
- Compliance and certification: where we are honest about what is
  in flight versus planned versus not started.
- Versioning and release cadence: semver intent for the public repos.
- "Intentionally not on the roadmap": SIEM, managed human SOC,
  web dashboard during alpha, free public ingestion endpoint.

Cross-refs to ARCHITECTURE.md, API_REFERENCE.md, AUDIT_CHAIN.md,
ADAPTERS.md, SECURITY.md resolve after the foundation and specialty
PRs (#8, #9, #10, #11) land.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@keirsalterego