---
phase: 02-safety-sandboxing
plan: 03
type: execute
wave: 2
depends_on: [02-01, 02-02]
files_modified: [src/audit/__init__.py, src/audit/logger.py, src/audit/crypto_logger.py, config/audit.yaml]
autonomous: true

must_haves:
  truths:
    - "All security-sensitive operations are logged with tamper detection"
    - "Audit logs use SHA-256 hash chains for integrity"
    - "Logs contain timestamps, code diffs, security events, and resource usage"
    - "Log tampering is detectable through cryptographic verification"
  artifacts:
    - path: "src/audit/crypto_logger.py"
      provides: "Tamper-proof logging system"
      min_lines: 60
    - path: "src/audit/logger.py"
      provides: "Standard audit logging interface"
      min_lines: 30
    - path: "config/audit.yaml"
      provides: "Audit logging policies"
      contains: "retention_period, log_level, hash_chain"
  key_links:
    - from: "src/audit/crypto_logger.py"
      to: "cryptography library"
      via: "SHA-256 hashing"
      pattern: "hashlib.sha256"
    - from: "src/audit/crypto_logger.py"
      to: "previous hash chain"
      via: "hash linking"
      pattern: "prev_hash.*current_hash"
    - from: "config/audit.yaml"
      to: "log retention policy"
      via: "retention configuration"
      pattern: "retention.*days"
---

<objective>
Create tamper-proof audit logging system with cryptographic integrity protection.

Purpose: Implement comprehensive audit logging for all security-sensitive operations with SHA-256 hash chains to detect tampering, following CONTEXT.md requirements for timestamps, code diffs, security events, and resource usage logging.
Output: Working audit logger with tamper detection and configurable retention policies.
</objective>

<execution_context>
@~/.opencode/get-shit-done/workflows/execute-plan.md
@~/.opencode/get-shit-done/templates/summary.md
</execution_context>

<context>
@.planning/PROJECT.md
@.planning/ROADMAP.md
@.planning/STATE.md

# Research references
@.planning/phases/02-safety-sandboxing/02-RESEARCH.md
</context>

<tasks>

<task type="auto">
  <name>Task 1: Create tamper-proof audit logger</name>
  <files>src/audit/__init__.py, src/audit/crypto_logger.py</files>
  <action>Create TamperProofLogger class implementing SHA-256 hash chains for tamper detection. Each log entry contains: timestamp, event type, code diffs, security events, resource usage, current hash, previous hash, and cryptographic signature. Use cryptography library for SHA-256 hashing and digital signatures. Include methods: log_event(event), verify_chain(), get_logs(). Handle hash chain continuity and integrity verification.</action>
  <verify>python -c "from src.audit.crypto_logger import TamperProofLogger; print('TamperProofLogger imported successfully')"</verify>
  <done>TamperProofLogger creates hash chain entries, detects tampering, maintains integrity</done>
</task>

<task type="auto">
  <name>Task 2: Implement audit logging interface</name>
  <files>src/audit/logger.py</files>
  <action>Create AuditLogger class that provides high-level interface for logging security events. Integrate with TamperProofLogger for integrity protection. Include methods: log_code_execution(code, result), log_security_assessment(assessment), log_container_creation(config), log_resource_violation(violation). Format log entries per CONTEXT.md specifications with comprehensive event details.</action>
  <verify>python -c "from src.audit.logger import AuditLogger; print('AuditLogger imported successfully')"</verify>
  <done>AuditLogger provides convenient interface for all security-related logging</done>
</task>

<task type="auto">
  <name>Task 3: Configure audit policies</name>
  <files>config/audit.yaml</files>
  <action>Create config/audit.yaml with audit logging policies: retention_period (30 days default), log_level (comprehensive), hash_chain_enabled (true), storage_location, alert_thresholds, and log rotation settings. Include Claude's discretion items for configurable retention, storage format, and alerting mechanisms per CONTEXT.md.</action>
  <verify>python -c "import yaml; print('Audit config loads:', yaml.safe_load(open('config/audit.yaml'))')"</verify>
  <done>Audit configuration defines retention, storage, and alerting policies</done>
</task>

</tasks>

<verification>
- TamperProofLogger creates proper hash chain entries
- SHA-256 hashing works correctly
- Hash chain tampering is detectable
- AuditLogger integrates with crypto logger
- All security event types are logged
- Configuration file defines proper policies
- Log retention and rotation work correctly

</verification>

<success_criteria>
Tamper-proof audit logging system operational with cryptographic integrity protection, comprehensive event logging, and configurable retention policies.
</success_criteria>

<output>
After completion, create `.planning/phases/02-safety-sandboxing/02-03-SUMMARY.md`
</output>