Hook-Written Audit Log
An append-only record of agent actions written by lifecycle hooks the agent cannot edit. Agent-written memory records beliefs; this records events, which makes it the ground truth for governance and evaluation.
When to use
Audit requirements, postmortems on agent failures, and checking agent-reported outcomes against what actually happened.
Specification
| Memory type | episodic |
|---|---|
| Storage | append-only log written by lifecycle hooks (tool-call events, session events), outside the agent's own control |
| Retrieval | agent-initiated queries; primarily consumed by humans and evaluation tooling |
| Update method | hook-written only; the agent cannot edit its own history |
| Decay / staleness handling | Append-only by design; rotation/archival handled by ops policy, not by the agent. |
| Risk level / maturity | low / emerging |
Privacy and safety
Logs capture commands and file paths; treat the log itself as sensitive material with its own access control.
Failure modes
- Log grows unbounded without rotation
- Hooks fail silently and the record has gaps
- Log trusted as complete when hook coverage is partial
Assessment
The only memory pattern here the agent cannot corrupt, which is exactly its value: agent-written memory records what the agent believes; hook-written memory records what happened. Governance-grade systems need both.
Evaluation method: Coverage audit: sample real actions, confirm each appears in the log.