Audit plugin

What it does #

The audit plugin emits a RegulusEvent for every state transition the agent makes. Each event carries the SHA-256 hash of the previous event within an emitter scope. The chain is offline-verifiable with one CLI call.

Event shape #

{
  "ts": "2026-06-01T22:14:03Z",
  "agent": "credit-decision",
  "session": "sess-...",
  "tool": "ledger.book_transfer",
  "decision": "DENY",
  "clause": "fca-sysc-4.1.7: ...",
  "framework_citations": [
    "nist-ai-rmf:MANAGE-2.1",
    "eu-ai-act:Article-9.4"
  ],
  "jurisdiction": "uk",
  "region": "europe-west2",
  "principal": "sub:dipankar · tenant:42 · purpose:CREDIT_DECISION",
  "model_tier": 2,
  "prev_hash": "c4f3a91b...",
  "hash": "e9d4f72a..."
}

Twelve fields. Ten of which an auditor will ask for in any walkthrough.

Where the bytes go #

Three places, all on by default:

1. Cloud Logging. Every event written via the standard structured log API. Cloud Audit Logs round-trip naturally.
2. The hash chain. Append-only file or object-storage stream. RetentionEventCompactor handles aging and compaction by the strictest active retention policy.
3. Your GRC tool. Via the configured RegulusGovernanceEvidencePlugin adapter (ServiceNow IRM, OneTrust, MetricStream, generic webhook).

Offline verification #

$ regulus audit verify chain-2026-06-01.jsonl
✓ 4,128 events
✓ chain intact (root → 7a82e9d4...)
✓ 1 DENY decisions (fca-sysc-4.1.7 × 1)
✓ 0 broken links

Verification is intentionally simple: walk the chain, recompute each hash from prev_hash || serialized_event, compare against the stored hash. Tampering breaks the chain deterministically. Per-event Ed25519 signatures are on the v0.3 roadmap — today’s hash chain detects tampering, but doesn’t identify the tamperer.

Performance #

Hash computation is microseconds. The write to local SSD is under 0.5 ms per event. GRC adapter dispatch happens on a separate thread pool; back-pressure surfaces as a configurable circuit breaker rather than blocking the agent.