v0.1.1policy-scout2026-06-10

Tamper-evident HMAC chain on audit log

Every JSONL audit entry now carries a cryptographic chain so any deletion or alteration of past records is detectable before a security review.

v0.1.12026-06-10
  • ·chain_mac per entry = HMAC-SHA256(key, prev_mac || seq || entry_json) — verifier names the first broken link
  • ·SQLite store gains DELETE and UPDATE triggers that reject writes to existing rows
  • ·chain_verifier.py exits non-zero and reports exact sequence number of first tampered entry
  • ·256-bit install-unique key generated at first run, stored owner-read-only under ~/.local/share/policy-scout/