Guardian Audit
/install data-guardian-audit
Guardian Audit — Tamper-Evident Audit Logger
"Trust, but log."
A companion skill to Guardian (or any safety gatekeeper) that captures every decision, action, and escalation in an append-only, hash-chained audit trail.
Why this exists: Guardian stops bad things. Guardian Audit proves it stopped them — or proves the agent did them anyway.
What It Logs
Every entry includes:
| Field | Purpose |
|---|---|
timestamp |
ISO-8601 with millisecond precision |
sequence |
Monotonic integer, no gaps allowed |
previous_hash |
SHA-256 of previous entry (chain integrity) |
event_type |
GUARDIAN_CHECK, GUARDIAN_HALT, GUARDIAN_APPROVE, EXECUTED, ESCALATION_RESOLVED |
agent_id |
Anonymous identifier (no platform specifics) |
operation |
What the agent tried to do |
target |
File / path / database / endpoint |
category |
CRITICAL / HIGH / MEDIUM / NON-DESTRUCTIVE |
backup_verdict |
VERIFIED / UNVERIFIED / STALE / PARTIAL |
backup_checks |
JSON array of which indicators matched |
decision |
PROCEED / HALT / AWAITING_HUMAN / DENIED |
approver |
guardian-auto / human:anonymous / agent:rejected |
agent_reasoning |
The agent's stated justification (quoted) |
guardian_notes |
Why Guardian made this decision |
outcome |
SUCCESS / FAILURE / TIMEOUT / CANCELLED |
entry_hash |
SHA-256 of this entry's content |
The Hash Chain
Entry[N].previous_hash = SHA256(Entry[N-1].content)
Entry[N].entry_hash = SHA256(Entry[N].content)
If any entry is modified, every subsequent entry's previous_hash fails verification. The chain is self-validating.
Log Format
Append-only line-delimited JSON (NDJSON), one entry per line:
{"timestamp":"2026-05-18T14:02:31.847Z","sequence":42,"previous_hash":"a3f7...","event_type":"GUARDIAN_HALT","agent_id":"agent-7f3a","operation":"rm -rf /tmp/old-builds","target":"/tmp/old-builds","category":"HIGH","backup_verdict":"UNVERIFIED","backup_checks":[],"decision":"HALT","approver":"guardian-auto","agent_reasoning":"Cleaning up old build artifacts","guardian_notes":"Mass delete operation with no backup coverage","outcome":"AWAITING_HUMAN","entry_hash":"9e2b..."}
Where Logs Live
| Platform | Default Path |
|---|---|
| Windows | %LOCALAPPDATA%\guardian-audit\audit.log |
| macOS | ~/.local/share/guardian-audit/audit.log |
| Linux | ~/.local/share/guardian-audit/audit.log |
Immutable by convention: The log file has append-only permissions. The executing agent cannot delete or modify entries. Only a human with elevated privileges can rotate logs.
Verification Script
# Verify chain integrity
./scripts/verify-chain.py audit.log
# Output: "Chain valid: 1,247 entries, 0 breaks"
# Or: "CHAIN BROKEN at entry 843: hash mismatch"
Integration with Guardian
Guardian calls Guardian Audit automatically after every decision:
Guardian Decision → Guardian Audit LOG → Continue / Halt
No additional agent action required. Guardian Audit is a passive listener that records what happened.
Standalone Use
Guardian Audit also works independently. Any safety tool, human approval, or agent action can emit an entry:
# From any agent or tool
from guardian_audit import log_event
log_event(
event_type="MANUAL_APPROVE",
operation="deploy-production",
target="api.production.internal",
decision="PROCEED",
approver="human:anonymous",
agent_reasoning="Emergency fix for auth bug"
)
Why This Matters
Compliance frameworks requiring audit trails:
- EU AI Act (Article 52): High-risk AI systems must maintain logs
- SOC 2 Type II: Change management and access control evidence
- HIPAA §164.312(b): Mechanisms to record and examine activity
- GDPR Article 5(1)(d): Accuracy and accountability
Forensics: When something goes wrong, you need to know:
- What did the agent try to do?
- Did Guardian stop it?
- Did a human approve it anyway?
- What was the agent's reasoning at the time?
Mandatory Rules
- Append-Only: Entries are never deleted. Log rotation creates new files, never modifies existing ones.
- Hash Chain: Every entry references the previous. Tampering is detectable.
- No Agent Modification: The executing agent cannot modify its own audit trail. Ever.
- Minimal Overhead: Logging adds \x3C5ms per decision. No perceptible latency.
- Human Readable: NDJSON format means
tail -f audit.logis meaningful without tooling.
Scope
Vanilla: Not specific to Guardian. Works with any safety gatekeeper, human approval workflow, or agent runtime.
Passive: Does not block or delay operations. Logs after the fact.
Mandatory: Once enabled, all safety decisions are logged. No opt-out per-session.
References
references/LOG-SCHEMA.md— Complete field definitions and validation rulesreferences/COMPLIANCE-MAPPING.md— Framework requirements (EU AI Act, SOC 2, HIPAA, GDPR)references/REPLAY.md— How to replay, search, and analyze audit trailsscripts/log-event.py— Python event logger (cross-platform)scripts/verify-chain.py— Chain integrity verificationscripts/export-report.py— Generate compliance-ready reports
Based On
- IETF draft-sharif-agent-audit-trail-00 (Mar 2026): Standardized AI agent audit trail format
- AgentReceipt (2026): Immutable audit trails for AI agents
- OWASP Agentic AI Top 10: Logging and monitoring requirements
- GDPR Article 5 + EU AI Act Article 52: Regulatory audit trail mandates
License
MIT — Audit trails should be a public good.
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install data-guardian-audit - 安装完成后,直接呼叫该 Skill 的名称或使用
/data-guardian-audit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
Guardian Audit 是什么?
Tamper-evident audit logger that pairs with Guardian safety skill. Captures every destructive operation decision, agent reasoning, backup verification result... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 136 次。
如何安装 Guardian Audit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install data-guardian-audit」即可一键安装,无需额外配置。
Guardian Audit 是免费的吗?
是的,Guardian Audit 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Guardian Audit 支持哪些平台?
Guardian Audit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Guardian Audit?
由 Tooled-app(@tooled-app)开发并维护,当前版本 v1.0.0。