Problem

The current hash-chain audit trail runs in-process. A compromised agent sharing the same process space could tamper with the audit chain before it is persisted.

Proposed Solution

• Write audit logs to an external append-only sink
• Support multiple backends: local file with O_APPEND semantics, Azure Monitor, write-once S3, Merkle-tree log (Trillian)
• Add cryptographic signatures per audit entry with an external key
• Provide verification tooling to validate chain integrity

Current State

Community edition uses basic append-only in-memory log with SHA-256 hashes. No tamper-evidence against in-process adversaries.