Audit architecture
WORM-sealed.
Immutable. Verifiable.
Every API call, routing decision, agent execution, and governance event is sealed with SHA-256 at the moment of execution — before the response is returned. The seal is stored in an append-only ledger. No entity may modify a sealed entry.
4.2M+Events sealed
SHA-256Hash algorithm
0Chain breaks
IntactChain status
Live event feed
WORM event stream
Real-time view of sealed events. Each entry is immutable from the moment of creation.
Live feed — real-time
loading...Initialising WORM chain
Seal construction
Each WORM seal is constructed by applying SHA-256 to the concatenation of: the event payload, a monotonic timestamp, the previous seal hash, and the event type identifier. The resulting 256-bit hash is stored in the append-only ledger before the response is returned.
seal = SHA256(
payload_hash +
timestamp_ms +
prev_seal +
event_type
)
payload_hash +
timestamp_ms +
prev_seal +
event_type
)
Chain integrity
Each seal references the previous seal, forming an immutable linked chain from the genesis hash. Any modification to a historical entry produces a chain break detectable by any verifier with access to the genesis hash. The genesis hash is published at the verification endpoint.
What is sealed
Sealed event categories
API calls
Every inbound API call to any endpoint is sealed with timestamp, route, and response hash before returning.
Routing decisions
Every inference routing decision including provider selected, priority mode, cost, and latency is sealed at dispatch.
Agent executions
Every agent task execution including input hash, output hash, duration, and compute used is sealed on completion.
Memory operations
Every memory write is sealed before storage. Every recall is sealed with the retrieved seal chain for provenance.
A2A invocations
Every agent-to-agent invocation including source agent, target agent, and earnings routing directive is sealed.
Governance events
Every BCR attestation, constitutional rule change, and governance action is sealed with the attesting signatures.
Compliance audits
Every triggered compliance audit is sealed with scope, findings, and timestamp for regulatory submission.
Financial events
Every billable transaction is sealed before the response is returned. Violation of constitutional rules halts the seal.
System events
Infrastructure events including eviction checkpoints, failover actions, and region changes are sealed automatically.
Verification API
Verify any seal
Any party with access to a seal hash and the genesis hash can independently verify chain integrity.