Hash-Chained Audit Trail

TruthVouch maintains an immutable, hash-chained audit trail of every request, decision, and action. Each entry is cryptographically signed and linked to the previous entry using SHA-256, making tampering detectable.

How It Works

Hash-Chaining (SHA-256)

Each audit entry includes a hash of the previous entry:

Entry 1: timestamp=10:00:00, action=request, hash_prev=000...
         SHA-256 → hash_current=abc...

Entry 2: timestamp=10:00:01, action=verified, hash_prev=abc...
         SHA-256 → hash_current=def...

Entry 3: timestamp=10:00:02, action=corrected, hash_prev=def...
         SHA-256 → hash_current=ghi...

If anyone modifies Entry 2, its hash changes, breaking the chain and making tampering obvious.

Tamper Detection

Verify chain integrity anytime:

# Verify entire audit trail
result = client.audit.verify_chain()

if result.valid:
    print("Audit trail verified - no tampering detected")
else:
    print(f"TAMPERING DETECTED at entry {result.broken_at}")
    print(f"Expected hash: {result.expected_hash}")
    print(f"Actual hash: {result.actual_hash}")

Audit Trail Contents

Each entry logs:

{
  "entry_id": 12847,
  "timestamp": "2024-01-15T10:30:45Z",
  "hash_previous": "sha256:abcdef...",
  "hash_current": "sha256:123456...",
  "event_type": "hallucination_detected",
  "user_id": "user-456",
  "request_id": "req-abc123",
  "details": {
    "provider": "openai",
    "model": "gpt-4",
    "claim": "Founded in 2024",
    "truth": "Founded in 2023",
    "nli_score": 0.12,
    "action": "alert + correction generated"
  },
  "signature": "ed25519:xyz...",
  "retention": "7_years"
}

Event Types

Common audit trail events:

hallucination_detected: Fact-check found inaccuracy
correction_generated: Auto-correction created
correction_deployed: Correction sent to external systems
policy_violation: Policy enforcement action
pii_detected: PII found and masked
injection_detected: Prompt injection blocked
user_action: Manual corrections, approvals, etc.
compliance_export: Audit log exported for compliance

Querying the Audit Trail

Search and filter audit logs:

# Get all hallucinations this week
logs = client.audit.query(
    event_type="hallucination_detected",
    since="7_days_ago",
    provider="openai"
)

for log in logs:
    print(f"{log.timestamp}: {log.details.claim}")

# Export for compliance
export = client.audit.export(
    format="csv",
    date_range="2024-01-01:2024-01-31",
    include_verified_signatures=True
)

Retention & Compliance

Retention Periods

Operational: 90 days (hot storage, fast queries)
Standard: 7 years (cold storage, legal requirement)
GDPR: 7 years (data subject identifiable info redacted)

Compliance Mapping

Audit trail supports compliance frameworks:

Framework	Requirement	How TruthVouch Meets It
GDPR Art. 5	Accountability	Hash-chained immutable logs
EU AI Act Art. 73	Incident Reporting	Event types pre-mapped to incident categories
SOC 2	System Monitoring	All actions logged and verified
ISO 42001	AI Governance	Complete audit trail of AI decisions
HIPAA	Audit Controls	7-year retention with encryption

Compliance Reporting

Export audit trails for regulatory audits:

# Generate SOC 2 audit trail export
export = client.audit.generate_soc2_report(
    period="2024-Q1",
    include_signatures=True,
    include_verification_proofs=True
)
# Returns PDF with audit trail + verification proof

# Generate GDPR breach notification template
breach_log = client.audit.query(
    event_type="data_breach",
    since="30_days_ago"
)
notification = client.audit.generate_breach_notification(breach_log)