Audit JSONL + VerifyChain

Generate hash-chained audit entries (SHA-256, prevHash linking), export as JSONL, then paste or upload to verify chain integrity. Every entry includes seq, ts, ft, prevHash, and hash.

1. Generate Entries

No entries yet. Click "Add entry" to generate a hash-chained audit log.

2. Verify Chain

How VerifyChain works

Hash each entry

Set hash="" then SHA-256 the canonical JSON (sorted keys recursively). The digest becomes the entry's "hash" field.

Link entries

Each entry's "prevHash" must equal the "hash" of the previous entry. Entry 0 uses 64 zeroes.

Verify the chain

Re-compute every hash and check every prevHash link. A single mismatch fails the entire chain.

audit-entry.schema.ts

interface AuditEntry {
  seq: number;         // monotonic sequence index
  ts: string;          // ISO 8601 timestamp
  ft: number;          // OFS Flow-Time pulse
  actor: string;       // e.g. "user:alice", "agent:bot-7"
  action: string;      // e.g. "session.start", "file.upload"
  prevHash: string;    // SHA-256 of previous entry (genesis = "000...0")
  hash: string;        // SHA-256 of canonicalJSON({ ...entry, hash: "" })
}

// Canonical JSON: keys sorted recursively, deterministic output
function canonicalJSON(obj) {
  if (obj === null || typeof obj !== "object") return JSON.stringify(obj);
  if (Array.isArray(obj)) return "[" + obj.map(canonicalJSON).join(",") + "]";
  const sorted = Object.keys(obj).sort();
  return "{" + sorted.map(k => JSON.stringify(k) + ":" + canonicalJSON(obj[k])).join(",") + "}";
}

This demo uses client-side SHA-256 via Web Crypto API for illustration. Production audit systems should use server-side signing, hardware security modules (HSMs), and append-only storage with independent witnesses.