Hook-Written Audit Log

memory pattern · maturity: emerging · risk: low

An append-only record of agent actions written by lifecycle hooks the agent cannot edit. Agent-written memory records beliefs; this records events, which makes it the ground truth for governance and evaluation.

When to use

Audit requirements, postmortems on agent failures, and checking agent-reported outcomes against what actually happened.

Specification

Memory typeepisodic
Storageappend-only log written by lifecycle hooks (tool-call events, session events), outside the agent's own control
Retrievalagent-initiated queries; primarily consumed by humans and evaluation tooling
Update methodhook-written only; the agent cannot edit its own history
Decay / staleness handlingAppend-only by design; rotation/archival handled by ops policy, not by the agent.
Risk level / maturitylow / emerging

Privacy and safety

Logs capture commands and file paths; treat the log itself as sensitive material with its own access control.

Failure modes

  • Log grows unbounded without rotation
  • Hooks fail silently and the record has gaps
  • Log trusted as complete when hook coverage is partial

Assessment

The only memory pattern here the agent cannot corrupt, which is exactly its value: agent-written memory records what the agent believes; hook-written memory records what happened. Governance-grade systems need both.

Evaluation method: Coverage audit: sample real actions, confirm each appears in the log.

Go deeper