Every decision recorded. Every record sealed. Independently verifiable.
Spire maintains two records. The Activity Stream shows what the agents did. The Audit Ledger proves what the system decided. Both live in your AWS account. Both are independently verifiable by your auditor with no Spire access required.
Consequential events only.
The Audit Ledger does not record every prompt or reasoning step — that is the Activity Stream. The Ledger records the events a SOC 2 / HIPAA / ISO 27001 reviewer actually needs. Five categories. No noise.
Approvals and rejections
Every gate approval and rejection, with the approver's identity, timestamp, and verdict reason. Sealed before the execution proceeds.
Gate verdicts
Architecture, security, and verification gate verdicts sealed at the moment they are issued. Reasoning in the Activity Stream; the verdict is the evidence.
Policy violations and secret detection
Every policy hit and secret pattern match is sealed. Pattern ID and a one-way hash of the file path are recorded. The secret itself is never logged.
Terminal transitions
When an execution finishes — completed, failed, cancelled, timed out — the terminal transition is sealed. One record per execution at termination.
Escalations and human overrides
Every escalation and forced state transition sealed with the originating actor and reason. Human-in-the-loop is first-class evidence.
Five integrity properties. Your KMS key. Your S3 bucket.
HMAC-SHA256 hash chain
Every entry sealed with HMAC-SHA256 over a deterministic canonical form. Chain links each entry to the BLAKE3 hash of the prior entry.
KMS-derived signatures
Signing via AWS KMS GenerateMac on a customer-owned CMK. Spire never holds the key. Agent IAM roles explicitly denied access to the audit key.
S3 Object Lock anchoring
Every entry mirrored to a customer-owned S3 bucket in Object Lock COMPLIANCE mode (default 7-year retention). Bucket policy denies deletes to every principal.
Hourly Merkle root checkpoints
Merkle tree built hourly over entries, root signed and written to the Object Lock bucket. Cross-referenced from verifier output.
Offline verification CLI
Reviewer-runnable CLI verifies the entire ledger with no Spire backend access. Only S3 read and KMS VerifyMac required.
One screen. One signed receipt. One verdict.
A CISO lands on the Audit Ledger surface, clicks Verify Chain, and gets a downloadable receipt — JSON for machine verification, PDF for the board. Both KMS-signed by the same key that sealed the entries. The receipt itself is verifiable with the offline CLI.
Sample receipt envelope (JSON)
{
"from_sequence": 0,
"to_sequence": 142381,
"verified": true,
"verified_count": 142382,
"kms_key_alias": "alias/spire-audit-ledger-prod",
"s3_object_lock_anchor": "s3://spire-audit-ledger-prod/anchors/",
"signed_at": "2026-04-07T14:23:11Z",
"project_name": "core-banking",
"receipt_signature": "<HMAC-SHA256 hex via KMS>"
}Your auditor verifies independently.
The offline CLI runs against your S3 Object Lock bucket with no Spire backend access. Rebuilds the chain locally, verifies every HMAC against your KMS key, walks the Merkle anchors, and emits a structured report.
Reviewer command
python -m scripts.verify_audit_ledger \
--bucket spire-audit-ledger-prod \
--kms-alias alias/spire-audit-ledger-prod \
--region us-east-1 \
--start-sequence 0 \
--end-sequence 1000000 \
--jsonEvery claim backed by code in your AWS account.
The Activity Stream and the Audit Ledger are not add-ons. They are the architecture. Schedule a walkthrough with your security team.