Hash-chained audit log
Every write to the vault — create, edit, delete, install, publish — appends an event to a hash chain. Tampering anywhere breaks the chain everywhere downstream.
Event shape
this_hash = sha256(prev_hash || canonical(event)). A single mutation ripples forward; you can't silently rewrite history.
Verify
Run on demand or as a pre-commit hook. CI integrations can pin the head hash to detect concurrent edits.
Why hash-chained, not git
Git tracks file content; MDDock tracks events. Reading a doc, installing a skill, running a dream cycle — none of these move bytes, but all of them are auditable signals about how the vault is being used. The chain captures behavior, not just state.
Storage
Append-only file at .mddock/audit.log. Compaction ships old segments to audit.log.archive/ but keeps the rolling head hash so verification stays cheap.