Hash-Chained Audit Ledger
An append-only event log where every entry references the SHA-256 hash of the previous entry. verifyChain() detects tampering.
Mission Control persists every state transition, policy decision, payment intent, settlement, vendor response, verification report, dispute, and refund as an AuditEvent. Each event records the SHA-256 hash of (previous_event_hash | event_type | timestamp | canonical_json(payload)). The chain anchors to a 32-byte zero genesis.
verifyChain(missionId) re-derives every hash and returns either { ok: true } or { ok: false, brokenAt: N }. Tampering with any payload, or replaying a previous_event_hash to a stale value, is detected immediately.
Read order is by SQLite rowid (insertion order) — same-millisecond timestamps don't break the chain.