altheia::audit. Each event carries the policy version at decision time, for incident replay. Allowed actions and lifecycle changes index straight from chain. Denials never land on-chain, so the agent records them itself.

On-chain events
| Event | Emitted when |
|---|---|
AllowedAction | An action passed policy. Carries agent_id, policy_version, amount, target_package, timestamp_ms. |
PolicyRevoked | The owner revoked the agent. |
PolicyUpdated | Caps, scope, actions, or pause state changed. Carries version before and after. |
WithdrawalAttested | A withdrawal closed its receipt. Carries amount_in, amount_out, recipient. |
readAuditLog(client, corePkg, limit), which queries the audit module’s events in descending order and returns the event type, transaction digest, timestamp, and parsed payload.
Denials are recorded off-chain
A denied action aborts insidecheck_and_consume and emits nothing, so no chain query can find it. To make denials visible, the agent dry-runs the transaction first; if the policy aborts, it posts a denied row with the decoded reason and skips submitting. This is what guardedSubmit does, and it is how a denial reaches the dashboard Chronicle even though it never lands on-chain.
How to read the trail
| Surface | What you see | Auth |
|---|---|---|
| Dashboard Chronicle | Every action, allowed or denied, with reason and digest. | Operator wallet. |
readAuditLog | The raw on-chain events from corePkg. | None. Public chain data. |
| A Sui explorer | The same events under the package, plus the transaction digests. | None. Public chain data. |
Provision an agent
From the dashboard form to a funded, signable agent key.