Constant LEDGER_DDL

Source

pub const LEDGER_DDL: &str = "\
CREATE TABLE IF NOT EXISTS harness_audit_log (
    seq             INTEGER PRIMARY KEY AUTOINCREMENT,
    ts              TEXT NOT NULL,
    agent_did       TEXT,
    action          TEXT,
    target          TEXT,
    decision        TEXT NOT NULL,
    deciding_pack   TEXT,
    deciding_rule   TEXT,
    deciding_layer  TEXT,
    deny_reason     TEXT,
    decision_ms     INTEGER,
    payload_sha256  TEXT NOT NULL,
    receipt_id      TEXT,
    upstream_error  INTEGER NOT NULL DEFAULT 0
);
CREATE INDEX IF NOT EXISTS idx_audit_ts ON harness_audit_log(ts);
CREATE INDEX IF NOT EXISTS idx_audit_agent ON harness_audit_log(agent_did);
CREATE INDEX IF NOT EXISTS idx_audit_receipt ON harness_audit_log(receipt_id);

CREATE TRIGGER IF NOT EXISTS trg_audit_no_delete
BEFORE DELETE ON harness_audit_log
BEGIN
  SELECT RAISE(ABORT, 'harness_audit_log is append-only');
END;

CREATE TRIGGER IF NOT EXISTS trg_audit_no_update
BEFORE UPDATE ON harness_audit_log
BEGIN
  SELECT RAISE(ABORT, 'harness_audit_log is append-only');
END;
";

Expand description

SQLite-backed append-only audit ledger.

Direct port of LEDGER_DDL from harness.py: same table, same columns, same BEFORE DELETE and BEFORE UPDATE triggers that ABORT. Full DDL, kept as a single string for callers / tooling that want to inspect the canonical schema. Internally we split into two phases (see LEDGER_DDL_CREATE + LEDGER_DDL_POST_MIGRATE) so we can ALTER pre-v0.2 DBs in between.

LEDGER_DDL

Constant LEDGER_DDL Copy item path

Constant LEDGER_DDL