How I Built This · Signed build log

Beacon is built with the same evidence model it teaches.

Every meaningful action on this repo appends one signed JSON line to audit/audit-log.jsonl. Each line carries an Ed25519 signature over canonical-JSON bytes and a SHA-256 hash chain back to GENESIS. The public key lives at audit/keys/public-key.pem. You can verify the chain offline with python -m src.audit_log verify.

chain · loading… — entries fp · —

Verify yourself: git clone https://github.com/bobrapp/aigovops-beacon && cd aigovops-beacon && pip install cryptography && python -m src.audit_log verify

Loading signed build log…

What's in each receipt

The schema

seq: Monotonic counter from 1.
timestamp_utc: ISO 8601 UTC, second precision.
user · user_email: Human operator who initiated the action.
model · platform · thread_id: AI assistant identity, if applicable.
action: Short verb describing the meaningful action.
prompt: Verbatim user request or summary.
result: Short outcome.
assets: Files touched.
git_sha: The commit SHA the action refers to.
prev_entry_sha256: GENESIS for seq 1, else previous entry's hash. This is the chain.
entry_sha256: SHA-256 over canonical JSON (excluding hash, signature, fingerprint fields).
signature_ed25519: Ed25519 signature over the canonical bytes. Base64-URL no-pad.
key_fingerprint: First 16 bytes of SHA-256(public key DER), base64-URL no-pad.

Source: src/audit_log.py · Pattern: AIGovOps Foundation cryptokey-receipted audit logger (May 2026).