Skip to main content
Jira progress: loading…

TG-AUDIT-LOG

TrustGate Audit Log Engine

0. Identity

Loading identity…

Depends on module:

Decision-grade verification and assurance domain that orchestrates verifier workflows, evidence handling, trust scoring, audit trails, and assurance packaging across CSRD/ESRS and other frameworks. Enables third-party sign-off, dispute handling, and assurance-ready disclosure outputs with replayable provenance.
Domain:
assurance-verification
Category:
trust-assurance
Classification:
module
Lifecycle status:
active
Semver:
1.0.0
Introduced in:
v0.3
Governance
AI risk level:
high
Trust threshold:
0.97
Human review required:
true
Verifier involved:
true
Audit required:
true
Ownership
Primary owner:
Platform
Architecture board:
true
White-label allowed:
true
Entrypoints
Docs:
/verification-assurance
UI:
/app/assurance
API:
/api/assurance
Dependencies
Modules
  • sis
  • input-hub
  • reports-insights-hub
  • zara
  • zaam
Unresolved tokens
  • ALTD
  • DAL
  • EvidenceVault
  • StripeConnect
  • TruliooKYB
  • TrustGate
  • VTE
  • VerifierWorkflowEngine
Engines (declared)
  • VerifierWorkflowEngine
  • DaVE
  • VTE
  • DICE
  • EvidenceVault
  • ALTD
  • DAL
  • TrustGate
  • StripeConnect
  • TruliooKYB
  • AISIM
Micro-engines (from registry)
None
Micro-engines (declared)
None
Signals
USO
  • ASSURANCE.VERIFICATION
  • ASSURANCE.EVIDENCE
  • ASSURANCE.SIGNOFF
  • AUDIT.LINEAGE
  • GOVERNANCE.TRUST
  • IDENTITY.VERIFIER
  • PAYMENT.ESCROW
CSI
  • CSI_VERIFICATION_ASSURANCE
SSSR tags
  • assurance
  • verification
  • verifiers
  • evidence
  • signoff
  • trust-score
  • audit
  • tamper-detection
  • blockchain
  • rfp
  • disputes
  • escrow
  • stripe-connect
Workflows & Outputs
Workflows
  • VerifierOnboardingAndQualification
  • AssuranceRFPAndProposalFlow
  • EvidenceRequestAndCollection
  • EvidenceValidationAndScoring
  • TrustScoreComputationAndPropagation
  • VerifierReviewAndCommenting
  • IssueFlaggingAndDisputeResolution
  • VerifierSignOffAndStamping
  • AssurancePackagingForReports
  • PaymentEscrowAndPayoutOrchestration
Outputs
  • verifier_profiles
  • assurance_requests
  • evidence_packages
  • validation_findings
  • trust_score_updates
  • signoff_stamps
  • assurance_ready_disclosure_packages
  • payment_events
Audit
Ledger:
ALTD
Replay supported:
true
PII policy:
controlled_pii_outside_omr
Tags

1. Purpose

The TrustGate Audit Log Engine records immutable audit events across the TrustGate runtime.

It captures the operational evidence needed to reconstruct who did what, which engine executed, which policy applied, which data artifact was affected, which decision was issued, which reviewer action occurred, and which downstream assurance systems received the resulting event.

The engine is the operational memory of TrustGate.

It ensures that every material TrustGate action becomes part of an auditable, replay-aware, DAL-anchorable evidence trail that supports OARM, AAE, VIZZ, AII, FAGF governance, regulator inspection, and third-party assurance.

The Audit Log Engine does not decide trust, compute scores, validate data, or anchor ledgers directly. It records the evidence required to prove that those actions happened correctly.


2. Position within TrustGate Runtime

All TrustGate Engines


──────────────────────────────────────────
Audit Log Engine
──────────────────────────────────────────

├── Runtime Audit Event
├── Reviewer Action Record
├── Policy Action Record
├── Evidence Chain Record
├── Security Event Record
├── DAL Anchor Candidate
└── AII / DSAIL Telemetry

The Audit Log Engine receives events from the entire TrustGate runtime, including:

  • Signal Parser;
  • Structure Validation Engine;
  • Signal Normalizer;
  • Context Enrichment Engine;
  • Rule Evaluation Engine;
  • Policy Resolution Engine;
  • Trust Scoring Engine;
  • Decision Engine;
  • Quarantine Manager;
  • Replay Engine;
  • Attestation Engine;
  • DAL Anchor Engine;
  • Federation Exchange Engine;
  • AI Feedback Engine.

3. Canonical Identity

PropertyValue
MEIDMEID_TRUST_MONITOR_AUDIT
CMIvera.TG-AUDIT.ENGINE.LOGGER.1_0_0
KINDENGINE
Owner ModuleVerification & Assurance
Runtime TierTier-0 Assurance Runtime
Engine CategoryMONITOR
Engine Domaintrust
ZAR RegistrationRequired
Replay SupportNative
DAL AnchoringPolicy-based / Critical Events Required
Federation AwareYes

The MEID identifies the stable logical audit logging engine.

The CMI identifies this specific versioned executable artifact.


4. Runtime Responsibilities

ResponsibilityDescription
Runtime Audit LoggingRecord all material TrustGate runtime actions.
Evidence Chain ConstructionConnect audit events into a coherent evidence chain.
Reviewer Action LoggingRecord manual review, override, release, rejection, and escalation actions.
Policy Action LoggingRecord which policy bundles and thresholds influenced runtime outcomes.
Security Event LoggingRecord authentication, authorization, signature, and identity events.
Replay Context LoggingRecord replay creation, replay result, and replay drift evidence.
DAL Candidate CreationEmit anchor candidates for audit records requiring tamper-evident integrity.
Federation Audit LoggingRecord cross-ECO imports, exports, verifications, and conflicts.
AII TelemetryProvide audit coverage and evidence completeness metrics.
Governance ReportingSupport FAGF audits, OARM replay, and VIZZ audit dashboards.

The engine must preserve audit event immutability.


5. Audit Event Classes

TrustGate audit events are grouped into canonical classes.

Audit ClassDescription
RUNTIME_EVENTEngine execution, state transition, or pipeline action.
VALIDATION_EVENTValidation result, validation failure, or rule outcome.
SCORING_EVENTTrust score calculation and confidence output.
DECISION_EVENTAccept, route, review, quarantine, reject, or abort decision.
REVIEWER_ACTIONHuman review, approval, rejection, override, or escalation.
POLICY_ACTIONPolicy resolution, threshold application, or policy override.
REPLAY_EVENTReplay manifest creation, result, or drift.
DAL_EVENTAnchor submission, verification, failure, or proof retrieval.
FEDERATION_EVENTCross-ECO import, export, verification, or conflict.
SECURITY_EVENTAuthentication, authorization, DID, signature, or access-control event.
AI_EVENTAI recommendation, feedback, calibration, or suppression event.
GOVERNANCE_EVENTFAGF-controlled action, approval, or compliance checkpoint.

6. Audit Severity Levels

SeverityMeaning
infoRoutine operational audit event.
noticeImportant but expected system action.
warningNon-blocking issue requiring visibility.
errorFailed operation requiring follow-up.
criticalHigh-impact assurance, security, replay, or governance issue.
blockingEvent prevents safe continuation of processing.

Severity should align with the platform-wide Validation Rule Registry and FAGF policy profiles.


7. Runtime Processing Pipeline

Receive Runtime Event


Classify Audit Event


Validate Audit Schema


Attach Identity and Engine Context


Attach Policy and Lineage Context


Assign Severity and Retention Class


Create Immutable Audit Record


Emit Evidence Chain Link


Queue DAL Anchor Candidate if Required


Publish Telemetry

The Audit Log Engine must be non-destructive and append-only.


8. Processing Algorithm

function audit(event):

audit_class = classify_event(event)

validate_schema(event, audit_class)

context = resolve_context(
event.signal_id,
event.eco_number,
event.engine_cmi,
event.policy_bundle
)

severity = resolve_severity(event, audit_class, context.policy)

retention = resolve_retention(event, severity, context.policy)

audit_record = create_audit_record(
event,
audit_class,
context,
severity,
retention
)

evidence_link = link_to_evidence_chain(audit_record)

if requires_dal_anchor(audit_record):
queue_dal_anchor_candidate(audit_record)

publish_audit_telemetry(audit_record)

return audit_record

Audit record generation must be deterministic for identical event input and policy context.


9. Evidence Chain Model

The Audit Log Engine links audit events into evidence chains.

An evidence chain represents the ordered assurance history of a signal, assessment, replay, attestation, or federation package.

Signal Received


Parsed


Validated


Normalized


Enriched


Scored


Decisioned


Replay Manifest Created


Attested


DAL Anchored


Federated

Each audit event includes:

  • previous audit event hash;
  • current audit event hash;
  • signal identifier;
  • engine CMI;
  • MEID;
  • policy context;
  • timestamp;
  • actor or service identity.

This creates an internal hash-linked operational audit trail.


10. Audit Hashing Model

Audit event hashes are computed over canonical audit records.

Haudit=SHA256(CanonicalSerialize(AuditRecord))H_{audit} = SHA256(CanonicalSerialize(AuditRecord))

Evidence chain links may be calculated as:

Hchain=SHA256(HpreviousHaudit)H_{chain} = SHA256(H_{previous} || H_{audit})

Where:

  • $H_{audit}$ is the current audit record hash;
  • $H_{previous}$ is the previous chain hash;
  • $H_{chain}$ is the resulting evidence chain hash.

Critical audit events should be anchored in DAL.


11. CSI Contracts

11.1. Input CSIs

CSIRequiredPurpose
comp.TG.INPUT.RUNTIME-EVENT.v1_0YesGeneric TrustGate runtime event.
comp.TG.INPUT.TRUST-DECISION.v1_0ConditionalDecision event to audit.
comp.TG.INPUT.REVIEWER-ACTION.v1_0ConditionalHuman action to audit.
comp.TG.INPUT.REPLAY-RESULT.v1_0ConditionalReplay event to audit.
comp.DAL.INPUT.VERIFICATION-EVENT.v1_0ConditionalDAL verification event.
comp.AFLE.INPUT.FEDERATION-EVENT.v1_0ConditionalFederation event.
comp.FAGF.INPUT.POLICY-CONTEXT.v1_0YesActive audit and retention policy.

11.2. Output CSIs

CSIPurpose
comp.TG.OUTPUT.AUDIT-RECORD.v1_0Canonical TrustGate audit record.
comp.TG.OUTPUT.EVIDENCE-CHAIN-LINK.v1_0Evidence chain link.
comp.TG.EVENT.AUDIT-RECORDED.v1_0Audit record creation event.
comp.DAL.INPUT.ANCHOR-CANDIDATE.v1_0DAL anchor candidate for critical audit records.
comp.AII.INPUT.AUDIT-TELEMETRY.v1_0AII audit coverage telemetry.
comp.DSAIL.INPUT.AUDIT-FEEDBACK.v1_0AI learning feedback for audit anomalies.

12. Canonical Audit Input

{
"runtime_event_id": "TGEVT-2026-00001472",
"event_type": "trustgate.decision.issued",
"audit_class": "DECISION_EVENT",
"signal_id": "SIG-2026-00001472",
"eco_number": "ECO-A123",
"engine_cmi": "vera.TG-DECISION.ENGINE.ROUTER.1_0_0",
"meid": "MEID_TRUST_ROUTE_DECISION",
"policy_bundle": "FAGF-2026.2",
"payload_ref": "s3://zayaz-artifacts/trustgate/TGD-2026-00001472.json",
"created_at": "2026-06-25T14:05:10Z"
}

13. Canonical Audit Record

{
"audit_id": "TGAUD-2026-00001472",
"event_type": "trustgate.decision.issued",
"audit_class": "DECISION_EVENT",
"severity": "notice",
"signal_id": "SIG-2026-00001472",
"eco_number": "ECO-A123",
"actor": {
"type": "service",
"id": "trustgate-decision-engine"
},
"engine": {
"meid": "MEID_TRUST_ROUTE_DECISION",
"cmi": "vera.TG-DECISION.ENGINE.ROUTER.1_0_0"
},
"policy": {
"policy_bundle": "FAGF-2026.2",
"retention_class": "assurance-critical"
},
"hashes": {
"payload_hash": "sha256:2f93ad...",
"audit_hash": "sha256:aa71d0...",
"previous_chain_hash": "sha256:04cc91...",
"evidence_chain_hash": "sha256:11dc88..."
},
"dal_anchor_required": true,
"created_at": "2026-06-25T14:05:10Z"
}

14. Reviewer Action Record

{
"audit_id": "TGAUD-2026-00001501",
"event_type": "trustgate.reviewer.action",
"audit_class": "REVIEWER_ACTION",
"signal_id": "SIG-2026-00001472",
"quarantine_id": "TGQ-2026-00001472",
"actor": {
"type": "user",
"id": "assurance.reviewer@eco-a123.com",
"role": "assurance_reviewer"
},
"action": "release_from_quarantine",
"reason": "identity_revalidated_and_signature_verified",
"approval_required": true,
"approval_status": "approved",
"created_at": "2026-06-26T09:14:03Z"
}

Reviewer actions must be immutable and must preserve reviewer identity, role, approval basis, and policy context.


15. Security Audit Event

{
"audit_id": "TGAUD-2026-00001520",
"event_type": "trustgate.security.signature_failed",
"audit_class": "SECURITY_EVENT",
"severity": "critical",
"eco_number": "ECO-B456",
"signal_id": "SIG-2026-00001892",
"security_context": {
"failure_type": "signature_verification_failed",
"verification_method": "did:zayaz:ECO-B456#trustgate-key",
"source_ip_class": "federation-node",
"action": "rejected"
},
"dal_anchor_required": true,
"created_at": "2026-06-25T14:08:41Z"
}

Critical security events must be eligible for DAL anchoring and governance review.


16. Audit Recorded Event

{
"event_type": "trustgate.audit.recorded",
"audit_id": "TGAUD-2026-00001472",
"audit_class": "DECISION_EVENT",
"signal_id": "SIG-2026-00001472",
"eco_number": "ECO-A123",
"evidence_chain_hash": "sha256:11dc88...",
"engine_cmi": "vera.TG-AUDIT.ENGINE.LOGGER.1_0_0",
"timestamp": "2026-06-25T14:05:10Z"
}

17. DAL Integration

The Audit Log Engine produces DAL anchor candidates for audit records that are:

  • critical;
  • blocking;
  • security-relevant;
  • reviewer-action relevant;
  • federation-relevant;
  • replay-drift relevant;
  • policy-override relevant;
  • auditor-requested;
  • regulator-requested.

Example anchor candidate:

{
"artifact_type": "TrustAuditRecord",
"artifact_id": "TGAUD-2026-00001472",
"artifact_hash": "sha256:aa71d0...",
"engine_cmi": "vera.TG-AUDIT.ENGINE.LOGGER.1_0_0",
"meid": "MEID_TRUST_MONITOR_AUDIT",
"audit_class": "DECISION_EVENT",
"created_at": "2026-06-25T14:05:10Z"
}

Final anchoring is performed by the TrustGate DAL Anchor Engine.


18. Replay Behaviour

Audit record creation must be replay deterministic.

Replay inputs include:

  • source runtime event;
  • actor identity;
  • policy context;
  • retention profile;
  • previous evidence chain hash;
  • canonical serialization version;
  • engine CMI.

Replay verification succeeds when:

Hash(AuditRecordoriginal)=Hash(AuditRecordreplay)Hash(AuditRecord_{original}) = Hash(AuditRecord_{replay})

For evidence chains, replay also verifies:

EvidenceChainHashoriginal=EvidenceChainHashrecomputedEvidenceChainHash_{original} = EvidenceChainHash_{recomputed}

19. Federation Behaviour

Audit records are generally internal, but federation-relevant audit summaries may be shared when policy permits.

Federation-safe audit exports may include:

  • event type;
  • timestamp;
  • ECO Number;
  • trust decision reference;
  • DAL reference;
  • replay reference;
  • verification status;
  • redacted reason code.

Federation exports must not include:

  • internal reviewer notes;
  • internal IP addresses;
  • tenant-private policy details;
  • personal data unless explicitly permitted;
  • raw payloads unless authorized.

20. AI / DSAIL Integration

Audit events provide high-value AI governance signals.

DSAIL may consume:

  • repeated validation failures;
  • unusual reviewer override patterns;
  • replay drift clusters;
  • policy override frequency;
  • federation conflict frequency;
  • DAL verification anomalies;
  • quarantine aging issues.

AI may recommend:

  • increased sampling;
  • reviewer workload balancing;
  • trust model recalibration;
  • policy review;
  • anomaly investigation.

AI may not modify audit records, suppress audit records, or rewrite evidence chains.


21. AII Integration

Audit telemetry contributes to AII integrity, transparency, and assurance resilience dimensions.

{
"eco_number": "ECO-A123",
"period": "2026-Q2",
"audit_events_total": 883440,
"critical_audit_events": 42,
"reviewer_actions": 118,
"policy_overrides": 7,
"audit_dal_anchor_rate": 0.998,
"evidence_chain_completeness": 0.999,
"avg_audit_latency_ms": 12
}

22. Retention and Classification

Audit records must be assigned retention classes.

Retention ClassDescription
operationalRoutine runtime audit events.
assurance-criticalEvents required for assurance and replay.
security-criticalSecurity, identity, signature, and access-control events.
federation-criticalCross-ECO exchange and verification events.
regulatoryEvents required for reporting and regulator inspection.
model-governanceAI-related governance and feedback events.

Retention periods are defined by FAGF and tenant policy.


23. Failure Handling

FailureSeverityAction
Missing runtime eventCriticalAbort
Invalid audit schemaCriticalAbort
Missing engine CMICriticalAbort
Missing ECO NumberWarningContinue only if system event
Missing policy contextCriticalUse safest retention policy or abort
Hash generation failureCriticalAbort
Evidence chain conflictCriticalEscalate
DAL unavailableWarningQueue anchor candidate
Storage unavailableCriticalBlock critical pipeline if audit required
DSAIL unavailableInfoContinue
AII unavailableWarningQueue telemetry

For critical audit classes, TrustGate must fail closed if audit recording is unavailable.


24. Observability Metrics

MetricDescription
tg_audit_recorded_totalTotal audit records created.
tg_audit_failed_totalFailed audit record attempts.
tg_audit_latency_msAudit creation latency.
tg_audit_by_class_totalAudit record count by class.
tg_audit_critical_totalCritical audit records.
tg_audit_dal_candidate_totalAudit records queued for DAL anchoring.
tg_audit_chain_conflict_totalEvidence chain conflicts.
tg_audit_reviewer_action_totalReviewer actions recorded.
tg_audit_policy_override_totalPolicy override events recorded.

25. Performance Targets

MetricTarget
Audit record creation latency< 20 ms
Evidence chain link latency< 10 ms
Hash generation latency< 5 ms
Throughput50,000 audit events/sec per worker pool
Critical audit durability100%
Availability99.99%
Replay determinism100%

26. Security Requirements

The engine must:

  • enforce append-only audit writes;
  • prevent audit record mutation;
  • preserve actor identity;
  • preserve service identity;
  • record MEID and CMI in every audit record;
  • hash every audit record;
  • protect audit storage with encryption;
  • support tenant isolation;
  • enforce retention and deletion policies;
  • prevent unauthorized audit reads;
  • redact audit exports;
  • anchor critical audit records in DAL.

27. Compliance Alignment

FrameworkAudit Log Engine Contribution
CSRDSupports auditability of sustainability data controls and disclosures.
ESRSSupports transparency, traceability, and data quality evidence.
ISSB / IFRS S1-S2Supports investor-grade control evidence.
ISO 14064-1Supports GHG verification and chain-of-custody evidence.
ISO 27001Supports logging, monitoring, access control, and evidence retention.
EU AI ActSupports AI decision traceability and human oversight records.

28. Developer Implementation Notes

Developers should implement the Audit Log Engine as an append-only event recording service.

Recommended design:

  • event classifier;
  • schema validator;
  • context resolver;
  • severity resolver;
  • retention resolver;
  • canonical serializer;
  • audit hash generator;
  • evidence chain linker;
  • immutable audit store;
  • DAL anchor candidate publisher;
  • AII telemetry publisher;
  • DSAIL anomaly feedback publisher;
  • VIZZ audit dashboard feed.

Audit writes for critical events should be synchronous where policy requires. Routine operational events may be asynchronous.


29. Summary

The TrustGate Audit Log Engine provides the immutable evidence trail required for TrustGate assurance, replay, governance, security, and federation operations.

It ensures every material runtime action is traceable, replay-aware, hash-linked, policy-contextualized, and eligible for DAL anchoring.

No TrustGate assurance decision should be considered audit-ready unless its material runtime events have been recorded by this engine or an equivalent FAGF-authorized audit mechanism.




GitHub RepoRequest for Change (RFC)