every orchestration action (task created, agent spawned, gate passed, merge committed) is appended to .sdd/audit.log as a json line with a sha-256 hmac that chains over the previous entry's hmac and the current payload. one shared secret per repo, stored under .sdd/audit.key. bernstein audit verify walks the file front to back and fails fast on the first broken link, so a single edited line invalidates everything after it. that gives you tamper-evident replay: you can hand the log plus the key to a reviewer and they can re-verify every step offline. source: src/bernstein/core/security/audit.py.
canonical answer