@@ -15,7 +15,7 @@ func newAuditID() string {
1515
1616// buildChainEntry creates a Merkle-linked ChainEntry from an AuditEvent.
1717// Reads the last entry from store to get the previous hash.
18- func buildChainEntry (store AuditStore , event AuditEvent , callerID , hookdTraceID string ) (ChainEntry , error ) {
18+ func buildChainEntry (store AuditStore , event AuditEvent , callerID , hookdTraceID , sessionID string ) (ChainEntry , error ) {
1919 prev , err := lastHash (store )
2020 if err != nil {
2121 return ChainEntry {}, err
@@ -52,6 +52,7 @@ func buildChainEntry(store AuditStore, event AuditEvent, callerID, hookdTraceID
5252 ActionType : event .ActionType ,
5353 Actor : actor ,
5454 CallerID : event .CallerID ,
55+ SessionID : sessionID ,
5556 InputHash : event .InputHash ,
5657 OutputHash : event .OutputHash ,
5758 Result : result ,
@@ -75,6 +76,7 @@ func buildChainEntry(store AuditStore, event AuditEvent, callerID, hookdTraceID
7576 ActionType : internal .ActionType ,
7677 Actor : internal .Actor ,
7778 CallerID : internal .CallerID ,
79+ SessionID : internal .SessionID ,
7880 InputHash : internal .InputHash ,
7981 OutputHash : internal .OutputHash ,
8082 Result : internal .Result ,
@@ -107,6 +109,7 @@ func buildPostCallEntry(store AuditStore, preEntry ChainEntry, resp *anthropic.M
107109 PrevHash : prev ,
108110 EventType : eventType ,
109111 CallerID : cfg .CallerID ,
112+ SessionID : cfg .SessionID ,
110113 OutputHash : outputHash ,
111114 HookdTraceID : cfg .HookdTraceID ,
112115 Allowed : true ,
@@ -126,6 +129,7 @@ func buildPostCallEntry(store AuditStore, preEntry ChainEntry, resp *anthropic.M
126129 Hash : internal .Hash ,
127130 EventType : internal .EventType ,
128131 CallerID : internal .CallerID ,
132+ SessionID : internal .SessionID ,
129133 OutputHash : internal .OutputHash ,
130134 HookdTraceID : internal .HookdTraceID ,
131135 Allowed : internal .Allowed ,
@@ -152,6 +156,7 @@ func buildStreamCompleteEntry(store AuditStore, startEntry ChainEntry, streamErr
152156 PrevHash : prev ,
153157 EventType : eventType ,
154158 CallerID : cfg .CallerID ,
159+ SessionID : cfg .SessionID ,
155160 HookdTraceID : cfg .HookdTraceID ,
156161 Allowed : true ,
157162 Timestamp : ts .Format (time .RFC3339Nano ),
@@ -170,6 +175,7 @@ func buildStreamCompleteEntry(store AuditStore, startEntry ChainEntry, streamErr
170175 Hash : internal .Hash ,
171176 EventType : internal .EventType ,
172177 CallerID : internal .CallerID ,
178+ SessionID : internal .SessionID ,
173179 HookdTraceID : internal .HookdTraceID ,
174180 Allowed : internal .Allowed ,
175181 Timestamp : ts ,
@@ -222,6 +228,7 @@ func computeEntryHash(store AuditStore, entry ChainEntry) (ChainEntry, error) {
222228 ActionType : entry .ActionType ,
223229 Actor : entry .Actor ,
224230 CallerID : entry .CallerID ,
231+ SessionID : entry .SessionID ,
225232 InputHash : entry .InputHash ,
226233 OutputHash : entry .OutputHash ,
227234 Result : entry .Result ,
@@ -278,6 +285,7 @@ func findLastValidHash(entries []ChainEntry) string {
278285 ActionType : e .ActionType ,
279286 Actor : e .Actor ,
280287 CallerID : e .CallerID ,
288+ SessionID : e .SessionID ,
281289 InputHash : e .InputHash ,
282290 OutputHash : e .OutputHash ,
283291 Result : e .Result ,
@@ -330,6 +338,7 @@ func buildSegmentBoundaryEntry(lastValidHash, reason string) (ChainEntry, error)
330338 }, nil
331339}
332340
341+
333342// verifyChain is the internal entry point for Verify().
334343func verifyChain (entries []ChainEntry ) error {
335344 internalEntries := make ([]inaudit.Entry , len (entries ))
@@ -342,6 +351,7 @@ func verifyChain(entries []ChainEntry) error {
342351 ActionType : e .ActionType ,
343352 Actor : e .Actor ,
344353 CallerID : e .CallerID ,
354+ SessionID : e .SessionID ,
345355 InputHash : e .InputHash ,
346356 OutputHash : e .OutputHash ,
347357 Result : e .Result ,
0 commit comments