Audit Architecture — Last Line of Defense

Version: 1.0 Status: Live Last Updated: 2026-02-08

Purpose: Define end‑to‑end audit integrity. If audit fails, the system fails. We fail closed (zero‑tolerance) on audit pipeline integrity breaches.

Pillars

Authenticity: Capture raw inputs verbatim; hash and bind (Tier‑2).
Traceability: Link inputs → decisions → outputs → attestations.
Visibility: Structured reasoning summaries (not raw chain‑of‑thought).
Integrity: Continuous checksums, anomaly detection, and fail‑closed gating.
Human Context: Capture intent, constraints, time sensitivity, and decision owner.
AI Use Boundary: Audit outputs are for repository governance, not training data.

Input capture (raw + normalized + diff) → Audit/templates/INPUT-COC-TEMPLATE.md
Reasoning summaries & actions → Audit/templates/REASONING-LOG-TEMPLATE.md
Outputs & attestations → commit IDs, file hashes, approvers
Model provenance capture → Audit/templates/MODEL-PROVENANCE-TEMPLATE.md
Traceability matrix updates → IaT/TRACEABILITY-MATRIX-TEMPLATE.md
Recall events → bind “Eureka” to prior tasks (AAK BIND recall:), update SR and matrix
Integrity checks → periodic verification of bindings and hashes
Auto-doc control → generated reports live under Audit/output and are excluded from audit inputs

Store generated audit reports under Audit/output/ and logs under Audit/logs/.
Exclude generated artifacts from future audit inputs to prevent recursion and false positives.
Stamp each generated report with date, scope, and tool provenance.

If input→output binding breaks or hash mismatch occurs:
- Stop Red actions; enter Caution Mode (see SECURITY‑PROTOCOL.md)
- Require human review and re‑binding before resuming
- Log incident in audit and escalate if policy requires