# Audit and Event Logging

Audit infrastructure is not required for the open protocol. It becomes important when you introduce restricted actions that may later have legal or commercial significance.

In this Hub, the primary restricted action is **NDA-gated downloads**. You stated that:

- the Hub must record evidential download events
- if VPN is used, restricted download is not available
- public downloads must remain frictionless

## Tamper-evident event chain

A practical audit log is an append-only chain where each event links to the previous event hash. This makes later tampering detectable.

Each event record includes:

- timestamp (UTC)
- event type (accepted NDA, served restricted file, denied request)
- file id
- hashed request identifiers (privacy-first; do not store raw IP unless you must)
- previous hash
- current hash

## Where this runs

Pages serves static content. The audit log is implemented using a Worker plus a Durable Object for the chain head and event storage.

This repository includes a full deployment plan in:

`DEPLOYMENT_WORKER_PLAN.md`

## Why this matters

When evidence matters, you cannot rely on “trust me.” You need verifiable records—especially when agreements are governed by England & Wales law and may be used in international arbitration contexts.