AuditTrail
Tamper-evidenceAn append-only, tamper-evident audit log. Every record is hash-chained to its predecessor like a ledger — rewrite history and verification breaks at the exact row.
- Each row stores
sha256(prev_hash ‖ canonical content);/verifywalks the chain and pinpoints the first break. - Concurrent appends are serialized by a
pg_advisory_xact_lock— the chain cannot fork, while reads stay fully concurrent. - Append-only is enforced three ways: no mutate paths, revoked grants on a least-privilege role, and a trigger blocking
UPDATE / DELETE / TRUNCATE.