Context
Area
crates/koinon/src/tamper_log.rs ↔ production callers.
Severity
low — security-claimed feature unwired in production paths.
Evidence
crates/koinon/src/tamper_log.rs:1 — "Tamper-evident append-only log with BLAKE3 hash chaining."grep -rn "TamperLog\|tamper_log\|verify_chain" crates/akroasis/src/ crates/kerykeion/src/ crates/semaino/src/ crates/syntonia/src/ --include="*.rs" → 0 uses outside koinon's own tests.crates/koinon/src/lib.rs:13 — pub mod tamper_log;
Conflict
README lists "tamper-evident logging with hash chains" as a core capability, but no crate writes to it. The implementation is real and tested in isolation; no production caller uses it.
Why it matters
A security-critical feature exists but provides no value until wired into real event sources (vault, mesh, alerts). Claiming "tamper-evident logging" while emitting nothing to the log is false capability.
Done criteria
- Wire
TamperLog::append into at least one critical path (vault mutations, mesh packet reception, alert emission).
- Add integration tests that verify hash-chain integrity end-to-end.
- Document where the on-disk log lives and the schema for entries.
Source
Kimi L1+L2 audit pipeline 2026-04-25.
Provenance
Originally filed on the kanon forge as issue #14 on 2026-04-25T20:15:18.668098179-05:00[America/Chicago]. Recovered from 2026-05-09 pre-brick restic backup. Forge URL no longer reachable post firmware brick.
Severity
P1
Context
Area
crates/koinon/src/tamper_log.rs↔ production callers.Severity
low — security-claimed feature unwired in production paths.
Evidence
crates/koinon/src/tamper_log.rs:1— "Tamper-evident append-only log with BLAKE3 hash chaining."grep -rn "TamperLog\|tamper_log\|verify_chain" crates/akroasis/src/ crates/kerykeion/src/ crates/semaino/src/ crates/syntonia/src/ --include="*.rs"→ 0 uses outside koinon's own tests.crates/koinon/src/lib.rs:13—pub mod tamper_log;Conflict
README lists "tamper-evident logging with hash chains" as a core capability, but no crate writes to it. The implementation is real and tested in isolation; no production caller uses it.
Why it matters
A security-critical feature exists but provides no value until wired into real event sources (vault, mesh, alerts). Claiming "tamper-evident logging" while emitting nothing to the log is false capability.
Done criteria
TamperLog::appendinto at least one critical path (vault mutations, mesh packet reception, alert emission).Source
Kimi L1+L2 audit pipeline 2026-04-25.
Provenance
Originally filed on the kanon forge as issue #14 on 2026-04-25T20:15:18.668098179-05:00[America/Chicago]. Recovered from 2026-05-09 pre-brick restic backup. Forge URL no longer reachable post firmware brick.
Severity
P1