feat: add VERUM-aligned audit trail with hash-chained score records#53
Conversation
Append-only, SHA-256 hash-chained JSONL audit trail for every Arbiter score. Aligns with HUMMBL's VERUM sovereignty primitive: - Invariant 1: append-only (no delete, no update) - Invariant 3: minimal operators (append + read_all + verify) - Invariant 4: external analysis only Chain verification detects tampering — if any record is modified, verify_chain() returns False. CLI: arbiter audit-trail score/list/verify Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: ad35d93e32
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
|
|
||
| elif args.action == "score": | ||
| # Score a repo and append to audit trail | ||
| repo_path = Path(args.repo).resolve() |
There was a problem hiding this comment.
The audit-trail score path unconditionally does Path(args.repo).resolve(), but --repo is optional in the parser, so invoking arbiter audit-trail score without --repo raises a TypeError traceback instead of a normal CLI validation error. This is a user-facing crash on a validly parsed command; add explicit validation for args.repo in the score branch (or make it required for that action).
Useful? React with 👍 / 👎.
| line = line.strip() | ||
| if not line: | ||
| continue | ||
| data = json.loads(line) |
There was a problem hiding this comment.
read_all() directly calls json.loads(line) without error handling, so a malformed or partially written line causes audit-trail verify to crash with JSONDecodeError before verify_chain can report tampering. In practice this means corrupted audit files produce an exception instead of a clean failed verification result, which breaks the integrity-check workflow.
Useful? React with 👍 / 👎.
1 participant
Summary
Append-only, SHA-256 hash-chained audit trail aligned with HUMMBL's VERUM primitive:
arbiter audit-trail score|list|verifyUsage
Test plan
🤖 Generated with Claude Code