# JSONL Evidence Ledger Schema — Anti-Hallucination V2 # JSONL Evidence Ledger Schema — Anti-Hallucination V2 **Component:** JSONL append-only evidence ledger **Source spec:** Anti-Hallucination V2 §3.3, §3.5 **MC:** #99732 **Published:** 2026-05-22 ## Purpose The JSONL evidence ledger is the durable, append-only record of all verdicts and their supporting evidence. One JSONL line per verdict event. Never mutated — only appended. GCS object versioning enforces immutability. This ledger is the chain of custody for all GO-LIVE-READY decisions. ## Ledger Location - **GCS primary:** `gs://alai-audit-evidence/ledger/evidence-ledger.jsonl` - **Local cache (HiveMind import source):** `~/system/databases/evidence-ledger.jsonl` - **HiveMind table:** `~/system/databases/hivemind.db` — table: `evidence_ledger` ## Line Schema ``` { "schema_version": "2.0", "ledger_id": "", "mc_id": "", "verdict": "PASS | FAIL | PARTIAL | BLOCKED | REFUSED | GO-LIVE-READY", "agent": "", "timestamp": "", "expires_at": "", "ttl_seconds": 900, "fencing_token": "", "machine_check_count": 5, "machine_checks_executed": 5, "quorum_paths_confirmed": 2, "quorum_met": true, "evidence_files": [ { "gcs_uri": "gs://alai-audit-evidence///", "local_path": "", "type": "playwright-trace | curl-output | json-response | screenshot | log", "field": "", "value": "", "expected": "", "match": true, "sha256": "<64-char hex>", "captured_at": "" } ], "john_reproducer_output": { "command": "", "exit_code": 0, "stdout_excerpt": "<500 char max>", "matches_verdict": true, "executed_at": "" }, "mlx_verifier_output": { "model": "gemma-4-26b-mlx", "verdict": "CONFIRMED | REJECTED", "intent_proof_check": true, "sha256_match": true, "executed_at": "" }, "refused_reason": "", "wiggle_risk_acs": [], "session_id": "", "ceo_approved_token": null } ``` ## Field Constraints
FieldRequiredConstraint
schema\_versionalwaysmust equal "2.0" for V2 ledger lines
ledger\_idalwaysUUID v4, unique per line
expires\_atalwaysmust be in the future at time of write
machine\_checks\_executedalwaysmust equal machine\_check\_count
quorum\_paths\_confirmedalwaysmin 2 for GO-LIVE-READY
evidence\_filesalwaysnon-empty array; each entry has sha256
john\_reproducer\_outputGO-LIVE-READY onlymatches\_verdict must be true
refused\_reasonREFUSED onlynon-empty string, cites specific missing evidence
gcs\_urieach evidence\_filemust be written before orchestrator reads
## Append Protocol 1. Agent captures evidence files to /tmp 2. Agent copies to GCS: `gsutil cp /tmp/ gs://alai-audit-evidence///` 3. Agent constructs JSONL line with GCS URIs (not /tmp paths) 4. Agent appends line to GCS ledger 5. OCD-Delta hook reads from GCS URI, validates, passes to orchestrator 6. HiveMind import job (hourly): ingests new JSONL lines into hivemind.db ## HiveMind Table DDL ``` CREATE TABLE IF NOT EXISTS evidence_ledger ( id INTEGER PRIMARY KEY AUTOINCREMENT, ledger_id TEXT UNIQUE NOT NULL, mc_id TEXT NOT NULL, verdict TEXT NOT NULL, agent TEXT, timestamp TEXT NOT NULL, expires_at TEXT NOT NULL, fencing_token INTEGER, machine_check_count INTEGER, machine_checks_executed INTEGER, quorum_paths_confirmed INTEGER, quorum_met INTEGER, evidence_files_json TEXT, john_reproducer_json TEXT, mlx_verifier_json TEXT, refused_reason TEXT, session_id TEXT, ceo_approved_token TEXT, imported_at TEXT DEFAULT (datetime('now')), raw_jsonl TEXT NOT NULL ); ``` ## GCS Bucket Policy - Bucket: `gs://alai-audit-evidence/` - Object versioning: enabled - IAM: evidence-verifier SA = write-only (no delete) - IAM: orchestrator SA = read-only - Retention: TBD per CEO D4 decision (90/180/365 days — spec §8 D4) ## Audit Query ``` -- GO-LIVE-READY verdicts without quorum in last 30 days SELECT mc_id, verdict, quorum_paths_confirmed, timestamp FROM evidence_ledger WHERE verdict = 'GO-LIVE-READY' AND quorum_paths_confirmed < 2 AND timestamp > datetime('now', '-30 days') ORDER BY timestamp DESC; ``` *Source: Anti-Hallucination V2 §3.3, §3.5 | MC #99732 | Cross-ref: BookStack page 2995 (full spec), HiveMind: ~/system/databases/hivemind.db*