The EventStore

Tamper-Proof by Architecture

Every agent action is recorded in an append-only EventStore secured by an HMAC-SHA256 chain. Each record is cryptographically signed at write time and linked to the previous. A single tampered entry breaks the chain — and that break is immediate, detectable, and irrefutable.

Intent
TOOL_CALL_INTENDED
hmac: 7f3a…c2d1
Execution
Tool Call Result
hmac: a1b8…9e4f
Decision
Action Taken
hmac: d4c2…6b8a
Sealed
Record Committed
hmac: 2e7f…1a3d

Completeness

TOOL_CALL_INTENDED written before every execution. Intent is recorded even if the action never completes.

Authenticity

HMAC-SHA256 signatures computed at write time. Independently verifiable without application access.

Non-repudiation

Every record carries agent identity, operator identity, and timestamp. Multi-party accountability is structural.

Integrity

Append-only at database level. No update. No delete. Chain break = immediate violation detection.