Signed Audit Trails for Agent Actions
A preprint scope for tamper-evident AI-agent action logs using a Rust trust kernel.
Cathedral is the R&D substrate for agent memory, trust, audit, inference, and MCP bridges. This preprint narrows the public claim to signed audit trails.

Abstract
This preprint frames Cathedral as a research system, not a public agent runtime. The current public-safe claim is that agent actions should be represented as signed, append-only evidence records before they are used for business automation. The implementation path centers a Rust trust/audit kernel and a read-only public viewer; mutation endpoints remain private until production guardrails exist.
Claims
- Agent work should produce verifiable evidence before it produces irreversible business effects.
- Audit records belong below the UI layer, close to the trust kernel.
- Public demos should expose read-only evidence, not unauthenticated agent execution.
Methods
- Subsystem maturity review: Rust kernel, BEAM agent mesh, inference services, MCP bridge, UI.
- Threat modeling around mutation endpoints, replay, and audit-log tampering.
- Read-only viewer design before any public agent execution demo.
Reproduce This
- Review generated action records for actor, action, resource, timestamp, and signature fields.
- Verify that public Cathedral subdomain access does not expose mutation APIs.
- Compare UI-displayed audit records against the underlying signed event payloads.
Limitations
- The public read-only viewer is scoped, not yet released.
- The preprint currently documents architecture intent and hardening requirements more than public experimental results.