JSONL Evidence Ledger Schema — Anti-Hallucination V2

JSONL Evidence Ledger Schema — Anti-Hallucination V2

Component: JSONL append-only evidence ledger
Source spec: Anti-Hallucination V2 §3.3, §3.5
MC: #99732
Published: 2026-05-22

Purpose

The JSONL evidence ledger is the durable, append-only record of all verdicts and their supporting evidence. One JSONL line per verdict event. Never mutated — only appended. GCS object versioning enforces immutability. This ledger is the chain of custody for all GO-LIVE-READY decisions.

Ledger Location

• GCS primary: gs://alai-audit-evidence/ledger/evidence-ledger.jsonl
• Local cache (HiveMind import source): ~/system/databases/evidence-ledger.jsonl
• HiveMind table: ~/system/databases/hivemind.db — table: evidence_ledger

Line Schema

{
  "schema_version": "2.0",
  "ledger_id": "<uuid-v4>",
  "mc_id": "<task_id string>",
  "verdict": "PASS | FAIL | PARTIAL | BLOCKED | REFUSED | GO-LIVE-READY",
  "agent": "<agent_slug>",
  "timestamp": "<ISO8601 UTC>",
  "expires_at": "<ISO8601 UTC, timestamp + TTL>",
  "ttl_seconds": 900,
  "fencing_token": "<monotonic integer, ms since epoch at issuance>",
  "machine_check_count": 5,
  "machine_checks_executed": 5,
  "quorum_paths_confirmed": 2,
  "quorum_met": true,
  "evidence_files": [
    {
      "gcs_uri": "gs://alai-audit-evidence/<mc_id>/<timestamp>/<filename>",
      "local_path": "</tmp path at capture time>",
      "type": "playwright-trace | curl-output | json-response | screenshot | log",
      "field": "<specific field, e.g. finalUrl>",
      "value": "<actual observed value>",
      "expected": "<AC-required value>",
      "match": true,
      "sha256": "<64-char hex>",
      "captured_at": "<ISO8601 UTC>"
    }
  ],
  "john_reproducer_output": {
    "command": "<bash command>",
    "exit_code": 0,
    "stdout_excerpt": "<500 char max>",
    "matches_verdict": true,
    "executed_at": "<ISO8601 UTC>"
  },
  "mlx_verifier_output": {
    "model": "gemma-4-26b-mlx",
    "verdict": "CONFIRMED | REJECTED",
    "intent_proof_check": true,
    "sha256_match": true,
    "executed_at": "<ISO8601 UTC>"
  },
  "refused_reason": "<string, required if verdict=REFUSED>",
  "wiggle_risk_acs": [],
  "session_id": "<orchestrator session id>",
  "ceo_approved_token": null
}

Field Constraints

Append Protocol

1. Agent captures evidence files to /tmp
2. Agent copies to GCS: gsutil cp /tmp/<file> gs://alai-audit-evidence/<mc_id>/<timestamp>/
3. Agent constructs JSONL line with GCS URIs (not /tmp paths)
4. Agent appends line to GCS ledger
5. OCD-Delta hook reads from GCS URI, validates, passes to orchestrator
6. HiveMind import job (hourly): ingests new JSONL lines into hivemind.db

HiveMind Table DDL

CREATE TABLE IF NOT EXISTS evidence_ledger (
  id INTEGER PRIMARY KEY AUTOINCREMENT,
  ledger_id TEXT UNIQUE NOT NULL,
  mc_id TEXT NOT NULL,
  verdict TEXT NOT NULL,
  agent TEXT,
  timestamp TEXT NOT NULL,
  expires_at TEXT NOT NULL,
  fencing_token INTEGER,
  machine_check_count INTEGER,
  machine_checks_executed INTEGER,
  quorum_paths_confirmed INTEGER,
  quorum_met INTEGER,
  evidence_files_json TEXT,
  john_reproducer_json TEXT,
  mlx_verifier_json TEXT,
  refused_reason TEXT,
  session_id TEXT,
  ceo_approved_token TEXT,
  imported_at TEXT DEFAULT (datetime('now')),
  raw_jsonl TEXT NOT NULL
);

GCS Bucket Policy

• Bucket: gs://alai-audit-evidence/
• Object versioning: enabled
• IAM: evidence-verifier SA = write-only (no delete)
• IAM: orchestrator SA = read-only
• Retention: TBD per CEO D4 decision (90/180/365 days — spec §8 D4)

Audit Query

-- GO-LIVE-READY verdicts without quorum in last 30 days
SELECT mc_id, verdict, quorum_paths_confirmed, timestamp
FROM evidence_ledger
WHERE verdict = 'GO-LIVE-READY'
  AND quorum_paths_confirmed < 2
  AND timestamp > datetime('now', '-30 days')
ORDER BY timestamp DESC;

Source: Anti-Hallucination V2 §3.3, §3.5 | MC #99732 | Cross-ref: BookStack page 2995 (full spec), HiveMind: ~/system/databases/hivemind.db