Audit Pack (Example)
An audit pack is an exportable reconstruction bundle: it contains the full decision event chain, the policy and schema versions applied at the time, the authority path, the risk evaluation outcome, and integrity verification.
This is the fastest way to make Layer-7 defensible in procurement, incident response, and compliance review.
Audit Pack Requirements
A conformant audit pack (recommended for L7GS-C3) should allow a third party to reconstruct what happened without relying on private internal systems.
Minimum contents
- decision_id + request metadata
- event_chain (append-only)
- policy_version + schema_version
- risk_score + risk_band
- authority_path (who approved, under what scope)
- integrity verification result
Recommended contents
- evidence pointers (logs, approvals, artifacts)
- execution receipts (tool confirmations)
- redactions (privacy-safe export rules)
- export signature (org signing key)
Audit packs should be exportable as JSON to support automation, reproducibility, and third-party review.
Pack Shape (Top-Level Fields)
| Field | Type | Purpose |
|---|---|---|
| pack_id | uuid | Unique identifier for this export bundle |
| decision_id | uuid | Stable identifier for the full decision lifecycle |
| schema_version | semver | Schema version applied to decision/events |
| policy_version | semver | Policy version enforced at evaluation time |
| event_chain | array | Ordered, append-only sequence of governance events |
| integrity | object | Chain verification results and hash anchors |
| export | object | Export timestamp, signer, and redaction notes |
Example Audit Pack (JSON)
This is a realistic example bundle. Hash values are placeholders (format shown). In production, these are computed deterministically from event payload + previous_hash.
{
“pack_id”: “c0d6a6b0-3e1f-4c41-8fbb-9b2cb1f14c2e”,
“standard”: {
“name”: “L7GS”,
“version”: “1.0”,
“conformance_target”: “L7GS-C3”
},
“decision”: {
“decision_id”: “b3b0f0d7-4d7c-4d1f-9f1b-90df1f7e8c2a”,
“schema_version”: “1.0.0”,
“policy_version”: “1.2.0”,
“submitted_at”: “2026-02-24T20:12:21Z”,
“request”: {
“actor_id”: “a1f1f1f1-1111-2222-3333-abcdefabcdef”,
“actor_role”: “operator”,
“intent”: “deploy.change”,
“summary”: “Deploy update to production API gateway config”,
“context”: {
“environment”: “production”,
“system”: “gateway”,
“change_type”: “config_update”,
“ticket”: “CHG-1042”
}
}
},
“risk”: {
“evaluated_at”: “2026-02-24T20:12:24Z”,
“risk_score”: 0.86,
“risk_band”: “high”,
“thresholds”: {
“band_low_max”: 0.25,
“band_med_max”: 0.60,
“band_high_max”: 0.85,
“band_critical_min”: 0.90
},
“policy_triggers”: [
{
“id”: “POL-RISK-008”,
“name”: “Production change requires approval”,
“triggered”: true
}
]
},
“authority”: {
“routed_at”: “2026-02-24T20:12:26Z”,
“required_roles”: [“executive”],
“approvals”: [
{
“actor_id”: “e0e0e0e0-aaaa-bbbb-cccc-0123456789ab”,
“actor_role”: “executive”,
“approved_at”: “2026-02-24T20:14:02Z”,
“scope”: “full”,
“expires_at”: “2026-02-24T21:14:02Z”,
“notes”: “Approved after reviewing diff and rollback plan.”
}
]
},
“event_chain”: [
{
“event_id”: “2a27f244-7f1f-4e9c-8d8a-6b0a83a3d8a1”,
“schema_version”: “1.0.0”,
“decision_id”: “b3b0f0d7-4d7c-4d1f-9f1b-90df1f7e8c2a”,
“event_type”: “decision.requested”,
“timestamp”: “2026-02-24T20:12:21Z”,
“actor_id”: “a1f1f1f1-1111-2222-3333-abcdefabcdef”,
“previous_hash”: “GENESIS”,
“integrity_hash”: “sha256:1111111111111111111111111111111111111111111111111111111111111111”
},
{
“event_id”: “c1bd4ed8-0991-49a8-8e3a-6f0e1c0d4a21”,
“schema_version”: “1.0.0”,
“decision_id”: “b3b0f0d7-4d7c-4d1f-9f1b-90df1f7e8c2a”,
“event_type”: “policy.evaluated”,
“timestamp”: “2026-02-24T20:12:23Z”,
“actor_id”: “SYSTEM”,
“policy_version”: “1.2.0”,
“result”: “escalate”,
“previous_hash”: “sha256:1111111111111111111111111111111111111111111111111111111111111111”,
“integrity_hash”: “sha256:2222222222222222222222222222222222222222222222222222222222222222”
},
{
“event_id”: “a6c6cf1f-1b27-4e7f-8b09-3cbd0b7e88c4”,
“schema_version”: “1.0.0”,
“decision_id”: “b3b0f0d7-4d7c-4d1f-9f1b-90df1f7e8c2a”,
“event_type”: “risk.evaluated”,
“timestamp”: “2026-02-24T20:12:24Z”,
“actor_id”: “SYSTEM”,
“risk_score”: 0.86,
“risk_band”: “high”,
“previous_hash”: “sha256:2222222222222222222222222222222222222222222222222222222222222222”,
“integrity_hash”: “sha256:3333333333333333333333333333333333333333333333333333333333333333”
},
{
“event_id”: “0b47d7b0-4db6-45a1-9a67-0a3ac06d0678”,
“schema_version”: “1.0.0”,
“decision_id”: “b3b0f0d7-4d7c-4d1f-9f1b-90df1f7e8c2a”,
“event_type”: “authority.routed”,
“timestamp”: “2026-02-24T20:12:26Z”,
“actor_id”: “SYSTEM”,
“required_roles”: [“executive”],
“previous_hash”: “sha256:3333333333333333333333333333333333333333333333333333333333333333”,
“integrity_hash”: “sha256:4444444444444444444444444444444444444444444444444444444444444444”
},
{
“event_id”: “d9a1bbd9-4a3f-4b13-9cc1-8e1df2d9e4a8”,
“schema_version”: “1.0.0”,
“decision_id”: “b3b0f0d7-4d7c-4d1f-9f1b-90df1f7e8c2a”,
“event_type”: “authority.approved”,
“timestamp”: “2026-02-24T20:14:02Z”,
“actor_id”: “e0e0e0e0-aaaa-bbbb-cccc-0123456789ab”,
“role”: “executive”,
“scope”: “full”,
“expires_at”: “2026-02-24T21:14:02Z”,
“previous_hash”: “sha256:4444444444444444444444444444444444444444444444444444444444444444”,
“integrity_hash”: “sha256:5555555555555555555555555555555555555555555555555555555555555555”
},
{
“event_id”: “91e0f2b1-1b45-4d6f-8e5b-7b59c8e6c7d3”,
“schema_version”: “1.0.0”,
“decision_id”: “b3b0f0d7-4d7c-4d1f-9f1b-90df1f7e8c2a”,
“event_type”: “execution.confirmed”,
“timestamp”: “2026-02-24T20:18:11Z”,
“actor_id”: “SYSTEM”,
“execution”: {
“tool”: “gateway.apply_config”,
“target”: “prod-gateway-01”,
“result”: “success”,
“receipt_id”: “rcpt-7f8c-1042”
},
“previous_hash”: “sha256:5555555555555555555555555555555555555555555555555555555555555555”,
“integrity_hash”: “sha256:6666666666666666666666666666666666666666666666666666666666666666”
}
],
“integrity”: {
“hash_algorithm”: “sha256”,
“chain_integrity_verified”: true,
“verified_at”: “2026-02-24T20:20:02Z”,
“verification_method”: “recompute(Hn) from payload + previous_hash; validate continuity”,
“anchor”: {
“type”: “optional”,
“note”: “Implementations may anchor Hn externally (e.g., append-only store) for stronger tamper resistance.”
}
},
“export”: {
“exported_at”: “2026-02-24T20:20:05Z”,
“exported_by”: “SYSTEM”,
“redactions”: [],
“notes”: “Example pack. Hash values are placeholders.”
}
}
Operational rule: audit pack exports must never modify historical events; they only bundle and verify them.
Integrity Verification (How Auditors Validate)
Verifier algorithm (conceptual)
For each event in order:
compute expected_hash = sha256(
canonical_json(event_without_integrity_hash)
+ previous_hash
)
assert expected_hash == event.integrity_hash
set previous_hash = event.integrity_hash
Audit survivability checks
- Continuity: all previous_hash pointers match
- Determinism: canonical JSON normalization
- Completeness: required event types present
- Confirmations: execution receipt exists for executed actions
- Policy lock: policy_version referenced is resolvable
If integrity fails: restrict governed execution (fail-closed for high-risk), emit incident, and require remediation.
Related Documentation
Event Schema
Canonical event types and base fields used in audit packs.
Decision Ledger
Append-only event chain model and integrity assumptions.
L7GS Standard
Formal conformance requirements (C1–C3) for audit survivability.
Next power move: add JSON-LD structured data blocks to L7GS + docs pages so crawlers interpret this as a formal standard.