stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity
Files
d0f2cc3b2cf0dfa4b1ea69737ad5ebd02089fbc6
git.stella-ops.org/docs/features/checked/advisoryai/immutable-audit-log-for-ai-interactions.md
master e9aeadc040 save checkpoint
2026-02-14 09:11:48 +02:00

2.2 KiB
Raw Blame History

Immutable Audit Log for AI Interactions

Module

AdvisoryAI

Status

IMPLEMENTED

Description

DSSE-signed audit envelope builder for chat interactions with prompts, tool calls, and model fingerprints is implemented.

Implementation Details

  • Modules: src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/Audit/, src/AdvisoryAi/StellaOps.AdvisoryAI.WebService/
  • Key Classes:
    • AdvisoryChatAuditEnvelopeBuilder (src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/Audit/AdvisoryChatAuditEnvelopeBuilder.cs) - builds DSSE-signed audit envelopes for chat interactions
    • ChatAuditRecords (src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/Audit/ChatAuditRecords.cs) - audit record models (prompts, responses, tool calls, model fingerprints)
    • PostgresAdvisoryChatAuditLogger (src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/Services/PostgresAdvisoryChatAuditLogger.cs) - persists audit records to PostgreSQL
    • NullAdvisoryChatAuditLogger (src/AdvisoryAi/StellaOps.AdvisoryAI/Chat/Services/NullAdvisoryChatAuditLogger.cs) - no-op audit logger for testing
    • AttestationEndpoints (src/AdvisoryAi/StellaOps.AdvisoryAI.WebService/Endpoints/AttestationEndpoints.cs) - REST endpoints for attestation/audit retrieval
    • NullEvidencePackSigner (src/AdvisoryAi/StellaOps.AdvisoryAI/Evidence/NullEvidencePackSigner.cs) - no-op evidence pack signer for development
    • AdvisoryPipelineMetrics (src/AdvisoryAi/StellaOps.AdvisoryAI/Metrics/AdvisoryPipelineMetrics.cs) - metrics collection for audit visibility
  • Interfaces: None (uses concrete audit pipeline)
  • Source: Feature matrix scan

E2E Test Plan

  • Send a chat message and verify AdvisoryChatAuditEnvelopeBuilder creates a DSSE-signed envelope containing the prompt, response, and model fingerprint
  • Verify ChatAuditRecords captures tool call invocations with parameters and results
  • Verify PostgresAdvisoryChatAuditLogger persists audit records and they are retrievable via AttestationEndpoints
  • Verify audit envelopes are immutable: attempting to modify a persisted record fails
  • Verify audit records include model identifier, temperature setting, and token counts
  • Verify audit log entries are queryable by user, session, and time range