{
  "id": "audit_trail",
  "label": "Audit Trail Canonical",
  "phase": "phase-07",
  "category": "observability_audit",
  "status": "ACTIVE_DH_MIRROR",
  "purpose": "Define how DEVON-DEV turns actions, decisions, approvals, evidence, gates and outcomes into audit-grade accountability records.",
  "function": "Preserve responsibility for critical operations by binding operator identity, requested action, environment, gate, approval, evidence, result, timestamp, ledger event and log reference into a record that can survive incident review, release review and compliance review.",
  "audit_contract": {
    "requires_operator_identity": true,
    "requires_requested_action": true,
    "requires_environment": true,
    "requires_gate": true,
    "requires_fsm_decision": true,
    "requires_approval_reference_when_required": true,
    "requires_evidence_reference": true,
    "requires_result": true,
    "requires_timestamp": true,
    "requires_ledger_event_id": true,
    "requires_log_reference": true,
    "requires_artifact_reference_when_applicable": true,
    "records_approved_actions": true,
    "records_blocked_actions": true,
    "records_rejected_actions": true,
    "records_revoked_approvals": true,
    "blocks_audit_record_without_ledger_link": true,
    "blocks_approval_without_operator_identity": true,
    "decision_authority": "NONE_FSM_DECIDES"
  },
  "audit_subjects": [
    "production_deploy",
    "rollback",
    "delete",
    "migration",
    "server_config_change",
    "service_restart",
    "package_install",
    "secret_access",
    "policy_change",
    "fsm_rule_change",
    "external_source_acceptance",
    "critical_risk_override"
  ],
  "technology_requirements": [
    {
      "technology": "Audit Trail Store",
      "required_for": "Persist audit-grade records for actions, decisions, approvals, evidence, gates, results, ledger references and log references.",
      "required_by_phase": "phase-07",
      "required_by_category": "audit_trail",
      "required_by_buckets": [
        "Prerequisites",
        "Installation",
        "Configuration",
        "Validation",
        "Observable Evidence",
        "Failure Modes & Recovery",
        "Completion & Promotion"
      ],
      "expected_version": "MISSING until audit schema, durable store and audit event identity exist",
      "validation_command": "MISSING until audit records can prove operator, action, environment, gate, evidence, result, ledger_event_id and timestamp",
      "evidence_path": "/home/yeff/public_html/devon/canon/execution/state/dh_sources/audit_trail_canonical.json",
      "status_source": "Documentation Hub + future Audit Trail Store + Execution Ledger Store + Human Approval Service",
      "blocking_if_missing": true,
      "failure_impact": "Without Audit Trail Store, DEVON-DEV can execute critical actions without durable accountability for who authorized, requested or reviewed them."
    },
    {
      "technology": "Operator Identity Link",
      "required_for": "Bind audit records to the authenticated operator or system actor responsible for the request, approval, rejection or override.",
      "required_by_phase": "phase-07",
      "required_by_category": "audit_trail",
      "required_by_buckets": [
        "Configuration",
        "Validation",
        "Observable Evidence",
        "Failure Modes & Recovery",
        "Completion & Promotion"
      ],
      "expected_version": "MISSING until auth/RBAC exposes stable operator identifiers",
      "validation_command": "MISSING until audit record can prove operator_id, role, permission context and action relationship",
      "evidence_path": "/home/yeff/public_html/devon/canon/execution/state/dh_sources/audit_trail_canonical.json",
      "status_source": "Documentation Hub + future Auth Service + RBAC / Permissions + Audit Trail Store",
      "blocking_if_missing": true,
      "failure_impact": "Without Operator Identity Link, audit records can show that something happened but not who carried responsibility for it."
    },
    {
      "technology": "Approval Record Link",
      "required_for": "Attach audit entries to approval_id, approval_status, approval_reason, expiration and revocation state when a human gate is required.",
      "required_by_phase": "phase-07",
      "required_by_category": "audit_trail",
      "required_by_buckets": [
        "Configuration",
        "Validation",
        "Observable Evidence",
        "Failure Modes & Recovery",
        "Completion & Promotion"
      ],
      "expected_version": "MISSING until Human Approval Service exposes stable approval records",
      "validation_command": "MISSING until audit record can prove approval_id, operator_id, risk_level, evidence_snapshot, status, expiration and revocation_status",
      "evidence_path": "/home/yeff/public_html/devon/canon/execution/state/dh_sources/audit_trail_canonical.json",
      "status_source": "Documentation Hub + future Human Approval Service + FSM Decision Core + Audit Trail Store",
      "blocking_if_missing": true,
      "failure_impact": "Without Approval Record Link, critical actions can appear approved through UI state or logs without audit-grade proof of approval."
    },
    {
      "technology": "Append-only Audit Ledger",
      "required_for": "Protect audit records from silent rewrite, deletion or post-failure narrative correction.",
      "required_by_phase": "phase-07",
      "required_by_category": "audit_trail",
      "required_by_buckets": [
        "Installation",
        "Configuration",
        "Validation",
        "Observable Evidence",
        "Failure Modes & Recovery",
        "Completion & Promotion"
      ],
      "expected_version": "MISSING until append-only semantics, hash chain or immutable audit policy exists",
      "validation_command": "MISSING until audit ledger can prove record append, record identity, prior hash/reference and tamper detection state",
      "evidence_path": "/home/yeff/public_html/devon/canon/execution/state/dh_sources/audit_trail_canonical.json",
      "status_source": "Documentation Hub + future Audit Trail Store + Compliance / Legal Guardrails",
      "blocking_if_missing": false,
      "failure_impact": "Without append-only audit behavior, audit records can be corrected after the fact and lose evidentiary value."
    }
  ],
  "depends_on": [
    "oac",
    "execution_ledger",
    "execution_logs",
    "fsm_absolute_decision",
    "decision_rule_registry",
    "human_approval_service",
    "artifact_registry",
    "evidence_store",
    "environment_registry",
    "production_deployment_gate",
    "backup_rollback",
    "security_risk_engine",
    "rbac_permissions",
    "architecture_source_registry"
  ],
  "used_by": [
    "observability_core",
    "incident_management",
    "release_governance",
    "compliance_legal_guardrails",
    "self_monitoring",
    "governed_feedback_loop",
    "future_execution_monitoring_panel"
  ]
}
