Governance
Append-only audit log
A database-backed event log where agent events are inserted but never updated or deleted.
An append-only audit log records every relevant agent event with stable identity, risk class, tool name, inputs or summaries, outcome, and timestamp. The important property is immutability: rows are added, not rewritten.
Why it matters
Governance claims fail if the evidence can be changed after the run. Append-only design makes the audit trail inspectable and defensible.
How HARNEXA uses it
HARNEXA stores agent run evidence in append-only tables with no-update and no-delete protections where applicable.
FAQ
Questions this definition answers.
Why not just log to files?
Files are useful for development, but buyer and risk review need durable, queryable, permissioned evidence.
What does the audit log prove?
It proves who acted, which tool was used, what risk class applied, what boundary held, and what outcome occurred.
Need these definitions mapped to a live commerce workflow, agent estate, or protocol-readiness path?
Book diagnostic sprint