Audit

rensei audit exposes the cryptographic audit trail for agent sessions. The attestation show command is fully shipped and lets you retrieve the Ed25519 VCS attestation for any completed session. The audit chain subcommands (Merkle-chain verification, export) are implemented in the CLI client but depend on a backend component that is not yet deployed; they are hidden from --help and documented here for reference.

Partial availability. rensei audit attestation show is available today. rensei audit chain * commands are hidden pending the audit-chain backend deployment. They will be unhidden and promoted to GA in a future release.

`audit attestation show`

Retrieve the VCS attestation for a completed agent session. An attestation proves that the code changes produced by an agent were committed under a verifiable identity and links the session to a specific commit SHA.

rensei audit attestation show <session-id> [--json]

Argument	Description
`<session-id>`	Session ID from `rensei agent list` or the session detail UI

Flag	Description
`--json`	Emit attestation as a JSON object

rensei audit attestation show ses_abc123
rensei audit attestation show ses_abc123 --json

Example output (pretty):

Session:     ses_abc123
Project:     my-fintech-app
Completed:   2026-06-02T14:02:18Z

VCS Attestation
  Repository:  https://github.com/acme/backend-api
  Commit:      a1b2c3d4e5f6...  (main)
  Author:      rensei-agent <agent@rensei.ai>
  Signed-by:   Ed25519 key  fp:SHA256:AbCdEfGh...
  Method:      commit-trailer

  Verified: ✓  signature matches platform public key

Example JSON output:

{
  "sessionId": "ses_abc123",
  "projectId": "proj_xyz",
  "completedAt": "2026-06-02T14:02:18Z",
  "attestation": {
    "repository": "https://github.com/acme/backend-api",
    "commitSha": "a1b2c3d4e5f6a1b2c3d4e5f6a1b2c3d4e5f6a1b2",
    "branch": "main",
    "authorEmail": "agent@rensei.ai",
    "signedBy": "ed25519:AbCdEfGhIjKlMnOpQrStUvWxYz...",
    "method": "commit-trailer",
    "verified": true
  }
}

Attestation methods

Method	Description
`ed25519`	Detached Ed25519 signature over the commit SHA. Verifiable offline against `/.well-known/audit-keys.json`.
`commit-trailer`	Platform identity embedded as a `Signed-off-by` commit trailer. Used when the VCS provider does not support signed commits.

`audit chain` (coming soon)

The audit chain commands operate on the Rensei Merkle log - a tamper-evident, hash-linked record of all platform events for your tenant. They will be available once the audit-chain backend is deployed.

`audit chain show`

Show the audit chain for a project over a time range.

# Hidden - pending audit-chain backend deployment
rensei audit chain show \
  [--project <slug>] \
  [--since <RFC3339>] \
  [--until <RFC3339>] \
  [--json]

Returns a paginated list of chain entries, each containing an event hash, the previous-entry hash, and a timestamp anchor. Used for compliance audits and incident retrospectives.

`audit chain verify`

Verify the integrity of the audit chain. Each entry's hash is recomputed and compared against the stored value; any modification to a historical entry breaks the chain at that point.

# Hidden - pending audit-chain backend deployment
rensei audit chain verify [--offline] [--json]

Flag	Description
`--offline`	Verify using only stdlib `ed25519` and the public keys from `/.well-known/audit-keys.json`. No platform API call required.

`audit chain export`

Export audit chain entries in bulk for SIEM ingestion or offline archival.

# Hidden - pending audit-chain backend deployment
rensei audit chain export \
  [--format json|jsonl] \
  [--project <slug>] \
  [--since <RFC3339>] \
  [--until <RFC3339>]

Flag	Default	Description
`--format`	`jsonl`	Output format: `json` (array) or `jsonl` (newline-delimited)

Audit architecture

The Rensei audit system has three layers:

Session attestation - at session completion, the daemon signs the resulting commit SHA with an Ed25519 key. The signature is stored per-session and retrievable via attestation show.

Merkle log - all platform events (session start/stop, policy changes, credential rotations) are appended to a tamper-evident Merkle chain anchored by a trusted timestamping authority (TSA). This is the audit chain surface.

Crypto-shredding - when a project or session is deleted, the encryption key for that tenant's data is discarded, making historical event payloads unrecoverable. The chain entries themselves (hashes only) are retained for chain integrity verification.

Public keys used for verification are published at:

https://app.rensei.ai/.well-known/audit-keys.json

This endpoint returns a JWKS-format document. See Audit keys JWKS for the schema.

For a conceptual overview of the full audit trail design, see Security - audit trail.

Security - audit trail - hash-chain design, TSA anchoring, crypto-shredding
Audit keys JWKS - /.well-known/audit-keys.json schema
Observability - events - Layer 6 daemon hook events (separate from the audit chain)
BFSI compliance overview - SR 11-7, approval gates, audit requirements

On this page