Agent Audit Trail

An append-only, hash-chained audit log for AI agents. Every significant action, decision, tool call, and external write is recorded with a sha256 chain linking entries together — making tampering detectable and providing an authoritative compliance record.

Overview

This skill provides:

• - Append-only NDJSON log at INLINECODE0
• Hash-chained entries — each entry includes the sha256 of the previous entry
• Monotonic ordering — ord field ensures strict sequence
• Structured fields — consistent schema across all event types
• EU AI Act Article 12 compliance implementation

Log Location

CODEBLOCK0

The file is append-only. Never truncate, overwrite, or reorder entries.

Log Entry Schema

Each line is a valid JSON object:

CODEBLOCK1

Field Reference

Field	Type	Description
INLINECODE2	ISO-8601	Timestamp with timezone offset (Europe/London)
INLINECODE3

string | Event type (see below) | | actor | string | Agent or component that triggered the event | | domain | string | Domain partition (agirails, client-lab, personal) | | plane | string | Four-plane label (ingress, interpretation, decision, action) | | gate | string | Truth gate applied (see SOUL.md) | | ord | integer | Monotonically increasing sequence number | | provenance | string | Source session or external identity | | target | string | File, URL, or resource affected | | summary | string | Human-readable description of the event | | prev_hash | string | sha256 of the previous log entry (hex, prefixed sha256:) | | hash | string | sha256 of this entry excluding the hash field itself |

Event Kinds

Kind	Plane	Description
INLINECODE23	action	Any tool invocation
INLINECODE24

action | Write to external system (file, API, DB) | | credential-access | action | Secret or key accessed | | install-extend | action | Package install or skill activation | | decision | decision | Agent decision with reasoning | | override | decision | Safety override applied | | ingress | ingress | External input received | | session-start | ingress | Agent session initialised | | session-end | ingress | Agent session terminated | | state-transition | decision | Behaviour surface change | | payment | action | ACTP/x402 payment event (amount, counterparty, txhash) |

Setup

1. Create the audit directory

CODEBLOCK2

2. Wire into TOOLS.md

Add to your workspace TOOLS.md:

CODEBLOCK3

3. Wire into SOUL.md

Add to your workspace SOUL.md invariants:

CODEBLOCK4

And to Truth Gates:

CODEBLOCK5

4. Helper script (optional)

CODEBLOCK6

Verification

To check chain integrity:

CODEBLOCK7

Usage Patterns

Log every external write

CODEBLOCK8

Log credential access

CODEBLOCK9

Log payment events

CODEBLOCK10

---

EU AI Act Compliance

Article 12 — Automatic Event Recording

EU AI Act Article 12 mandates that providers of high-risk AI systems must ensure their systems can automatically record events ("logging") throughout their operational lifetime. Requirements include:

• - Automatic recording of the period of each use (date, time)
• Reference database(s) searched or verified against
• Input data that led to the system output
• Identity of the natural/legal persons involved in verification

August 2026 deadline — High-risk AI systems must be compliant by the enforcement date under the EU AI Act transition schedule.

How This Skill Implements Article 12

Article 12 Requirement	This Skill's Implementation
Automatic event recording	INLINECODE36 — every tool call, decision, ingress
Period of use (timestamps)

ts field — ISO-8601 with timezone offset | | Input data traceability | provenance + ingress kind entries | | Decision traceability | decision kind entries with reasoning summary | | Identity of actors | actor + provenance fields | | Tamper detection | sha256 hash chain — prev_hash + hash fields | | Ordering guarantees | Monotonic ord field |

Classification Guidance

Assess whether your agent deployment qualifies as high-risk under Annex III of the EU AI Act. If operating in:

• - Critical infrastructure
• Employment/HR decisions
• Access to essential services
• Law enforcement adjacent systems
• Migration/asylum decisions

…then Article 12 logging is mandatory, not optional. Run the Agent Compliance & Security Assessment skill first to determine your risk classification.

---

Companion Skills

agent-self-assessment (v2.2.1)

Run the assessment first, then set up logging for ongoing compliance.

The self-assessment skill provides a 14-check compliance and security framework with RED/AMBER/GREEN ratings. Use it to determine your EU AI Act risk classification before configuring this audit trail.

Install:
CODEBLOCK11

Or if already available in your workspace:
CODEBLOCK12

Workflow:

1. 1. Run agent-self-assessment → identify gaps + risk tier
2. Install agent-audit-trail → implement logging for ongoing compliance
3. Schedule periodic re-assessments (monthly/quarterly)

---

agirails (v3.0.0)

Enable payment tracking in your audit trail.

AGIRAILS provides ACTP escrow and x402 instant payment primitives for AI agents. All payments should be logged using the payment kind in this audit trail.

Install:
CODEBLOCK13

Or if already available in your workspace:
CODEBLOCK14

Payment logging integration:

• - Every ACTP escrow creation → external-write entry
• Every x402 settlement → payment entry with txhash
• Every wallet balance change → state-transition entry
• Wallet address and amount included in INLINECODE54

See TOOLS.md → Audit Log and SOUL.md invariant #4 for the full integration.

---

Roadmap (v2.1+)

The following features are planned for upcoming releases:

export command

Generate a structured compliance report from the NDJSON log:

• - Filter by date range, domain, kind, actor
• Output: Markdown, PDF, or JSON summary
• EU AI Act Article 12 report template included
• Example: INLINECODE58

stats command

Event counts, domain breakdown, and time-range queries:

• - Total events per kind
• Events per domain over configurable time window
• Busiest hours / session lengths
• Example: INLINECODE60

JSON Schema for log validation

A formal JSON Schema (audit/log-schema.json) to validate entries:

• - Validate all required fields are present and correctly typed
• CI-friendly: run on every log append or as a pre-push hook
• Schema versioned alongside SKILL.md

Optional remote log shipping (append-only S3/GCS)

Ship log entries to an append-only remote bucket for disaster recovery:

• - AWS S3 (object lock / WORM policy)
• Google Cloud Storage (object retention policy)
• Configurable flush interval (real-time or batched)
• No reads from remote — write-only pipeline

Compliance report template (EU AI Act Article 12)

A structured report template covering:

• - System description and risk classification
• Logging configuration and retention policy
• Chain integrity verification results
• Event summary by category
• Named actors and provenance registry
• Attestation block for human signatory

---

This skill is part of the Atlas workspace compliance stack. See also: SOUL.md (invariants), TOOLS.md (audit log config), agent-self-assessment (risk classification).