Location: audit.py:75
@dataclass(frozen=True)
class AuditEvent:
event_type: str # e.g. "run_started", "tool_call_completed"
run_id: str # UUID of the run
payload: dict[str, Any] # redacted event data
event_id: str # UUID hex (auto-generated)
created_at: str # ISO 8601 UTC timestampMethod: to_json(*, prev_hash, event_hash, chain_hmac) -> str — JSON-serialized with chain fields.
Location: audit.py:104
AuditLogger(
path: Optional[Path] = None,
*,
redaction_config: Optional[Any] = None,
audit_level: AuditLevel = 'L2',
)- Pre: If
pathis set, its parent directory must be creatable. - Post: Audit directory secured to
0o700._chain_key= 32 random bytes.
def record(self, event_type: str, run_id: str, **payload: Any) -> AuditEvent- Pre: none
- Post: Event appended to
self.events. Ifpathset and disk healthy: event appended to JSONL file, fsync'd, file secured. - Returns: The recorded
AuditEvent. - Side effects: Calls all registered sinks. Records
_disk_write_erroronOSError.
def add_sink(self, sink: Callable[[AuditEvent], None]) -> NoneRegisters a callable to receive every event after recording. Thread-safe (copy-on-read pattern).
def enable_opentelemetry(
self,
*,
endpoint: Optional[str] = None,
service_name: str = 'teaagent',
service_version: str = '1.0.0',
) -> NoneAdds an OTel OTLP sink. No-op if opentelemetry not installed.
def verify_chain_integrity(self) -> dict[str, Any]Returns {'valid': bool, 'total_events': int, 'errors': list[str]}.
Returns the most recent OSError if within 30-second cooldown, else None.
def get_chain_key(self) -> bytesReturns the 32-byte HMAC secret for external chain verification.
Recursively redacts arguments and result sub-dicts, then applies string patterns to remaining fields.
Applies all regex patterns to a string value.
Returns True if key (lowercased, -→_) contains any of: api_key, authorization, credential, password, secret, token.
path.chmod(0o700).
path.chmod(0o600).
Location: audit_chain.py:43
@dataclass(frozen=True)
class ChainVerificationResult:
valid: bool
event_count: int
error: Optional[str] = None # first failure descriptionReads JSONL file, verifies SHA-256 chain continuity and (if secret_key provided) HMAC per event. Legacy events without chain fields are skipped. Returns on first error.
SHA-256 of canonical JSON over 6 fields: event_id, event_type, run_id, created_at, payload, prev_hash.
HMAC-SHA256 of event_hash keyed with secret_key.
Returns the hash field of the last chained event, or "genesis". Tails 4096 bytes; falls back to full scan for large files.
AuditEvent persisted as JSONL:
{
"event_id": "hex UUID",
"event_type": "tool_call_started",
"run_id": "hex UUID",
"created_at": "2026-06-02T12:00:00.000000+00:00",
"payload": { ... redacted ... },
"prev_hash": "sha256hex | genesis",
"hash": "sha256hex",
"chain_hmac": "hmac-sha256-hex"
}
event_type |
Emitted by |
|---|---|
run_started |
runner._core |
iteration_started |
runner._core |
tool_call_started |
runner._core |
tool_call_completed |
runner._core |
tool_call_failed |
runner._core |
approval_required |
approval_manager |
approval_granted |
approval_manager |
approval_denied |
approval_manager |
run_completed |
runner._core |
run_failed |
runner._core |
_disk_write_error |
AuditLogger internal |