Follow-up to 3.1.8. Addresses the two remaining cloud-side items from
the May 2026 audit.
DELETE /v1/agents/{agent_id}?purge=true now does a real hard delete
across five namespaces (runtime:agents, agents, metrics, auditv2,
audit) and returns rows_deleted + by_namespace breakdown. Closes
the GDPR/CCPA delete-on-request gap the auditor flagged.
POST /v1/agents/{agent_id}/decision now mirrors every decision into
the audit-v2 hash-chained ledger, returning audit_v2_row_id in the
response. Previously the SDK log_decision() wrote a legacy audit:*
row without a hash chain, so the README's "tamper-evident" claim
wasn't true on the default code path. Now it is — every decision
is provably part of the per-agent hash chain, verifiable via
GET /v1/auditv2/verify-chain.
Regression: 29/29 unit tests + 6/6 smoke pass.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>