Molecule AI Triage Operator
5f26313921
PR #724 (workspace hibernation) claimed migration number 029. Renaming to 030 to resolve the sequence collision before merging #651. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
30 lines
1.7 KiB
SQL
30 lines
1.7 KiB
SQL
-- 029_audit_events.up.sql
|
|
-- Append-only HMAC-chained agent event log for EU AI Act Annex III compliance.
|
|
-- Art. 12 record-keeping + Art. 13 transparency.
|
|
--
|
|
-- Each row is signed with HMAC-SHA256 and chained to the preceding row for
|
|
-- the same agent_id via prev_hmac, making the log tamper-evident.
|
|
-- See: molecule_audit/ledger.py and platform/internal/handlers/audit.go
|
|
|
|
CREATE TABLE IF NOT EXISTS audit_events (
|
|
id TEXT NOT NULL,
|
|
timestamp TIMESTAMPTZ NOT NULL,
|
|
agent_id TEXT NOT NULL,
|
|
session_id TEXT NOT NULL,
|
|
operation TEXT NOT NULL, -- task_start|llm_call|tool_call|task_end
|
|
input_hash TEXT, -- SHA-256 of input (privacy-preserving)
|
|
output_hash TEXT, -- SHA-256 of output
|
|
model_used TEXT, -- gen_ai.request.model or tool name
|
|
human_oversight_flag BOOLEAN NOT NULL DEFAULT false,
|
|
risk_flag BOOLEAN NOT NULL DEFAULT false,
|
|
prev_hmac TEXT, -- HMAC of prior row for this agent_id
|
|
hmac TEXT NOT NULL, -- HMAC of this row's canonical JSON
|
|
workspace_id UUID NOT NULL REFERENCES workspaces(id) ON DELETE CASCADE,
|
|
CONSTRAINT audit_events_pkey PRIMARY KEY (id)
|
|
);
|
|
|
|
CREATE INDEX IF NOT EXISTS idx_audit_events_agent_id ON audit_events (agent_id);
|
|
CREATE INDEX IF NOT EXISTS idx_audit_events_session_id ON audit_events (session_id);
|
|
CREATE INDEX IF NOT EXISTS idx_audit_events_workspace ON audit_events (workspace_id);
|
|
CREATE INDEX IF NOT EXISTS idx_audit_events_timestamp ON audit_events (timestamp DESC);
|