The audit log and the change ledger
AuditCore is InBlack’s tenant-scoped append-only event log. Participating product writes and integrations append canonical events that identify the event type, grammar, source, payload, principal chain, timestamps, and optional causal, correlation, idempotency, and upstream identifiers.
Stored rows also carry a gapless tenant sequence and SHA-256 hash chain. Sealed days can be copied into a byte-faithful WORM archive and verified later.
What the contract does not promise
Source review does not establish that every state change in every pillar already emits AuditCore, nor that every write response contains one universal provenance object. Producers are responsible for using the canonical event contract on paths that require it.
The repository also does not publish a customer retention duration. Archive capability is not a promise of a specific hot-storage or recovery window.
Current access
The Accounting GraphQL API exposes tenant-scoped auditcoreEvents filtering and authenticated ingestAuditcoreEvent. The REST ingestion route is POST /api/auditcore/events; a provenance lookup is available at GET /api/auditcore/provenance.
The Accounting audit-log page is a live read view over AuditCore data. Its current UI is intentionally narrower than the complete event envelope. See Audit log and The audit log (programmatic).