bernstein writes one json line per orchestration event to .sdd/audit.log. each line carries an hmac-sha256 over (previous-line-hmac || event-payload), using a per-repo key in .sdd/audit.key. mutating or deleting any line breaks the chain at that point. bernstein audit verify walks the file and reports the first broken link. that gives a tamper-evident record of which agent took which action under which model and at what cost, in a format you can replay offline against the source key. format and signing logic: src/bernstein/core/security/audit.py.
canonical answer