Audit Daemon

Pipe events from any server, device, website, or hardware into your Zeq audit_log chain. Each source becomes one agent with its own ZID, stamped with KO42 at 1.287 Hz.

9 source types KO42 stamped SHA-256 chain ZID identity 1.287 Hz

How it works

Step 1

Pick a machine

Choose which state machine should receive the events. Your machines auto-load from your account.

Step 2

Choose a source

HTTP webhook, filesystem, polling, MongoDB, Postgres, S3, MQTT, Redis, or Kafka. Same pipeline downstream.

Step 3

Spawn an agent

The framework mints a ZID-XXXXXXXX and starts the adapter. Boot-restore brings it back automatically after restarts.

Step 4

Send events

Webhook agents → POST to the URL we give you. Local sources → run the standalone daemon. Every event lands as an entangled state row.

Your agents

No source-audit agents yet for this machine. Use the form on the right to spawn one.

Spawn agent

Pick a machine, choose a source type, fill the JSON config, click Spawn. The agent gets a ZID and starts immediately.

State machine Source type Display name Source config (JSON)

Use it — worked examples

Once you've spawned an agent, here's how to point real systems at it. Click a tab.

For Stripe, GitHub, Shopify, Zapier, or anything that can POST JSON. Spawn an http_webhook agent above. Then point your upstream's webhook URL at:

POST /api/zeq/audit-source/<agent_id>/event
Content-Type: application/json
X-Delivery-Id: <optional unique id>

{"any":"json","payload":"you","want":true}

If you set source_config.secret, sign the body — see the snippet below.

Sign the body (when secret is configured):

// Node — sign and send
import crypto from "node:crypto";
const body = { event: "user.signed_up", user_id: 42, ts: Date.now() };
const sig = "sha256=" + crypto.createHmac("sha256", process.env.AUDIT_SECRET)
  .update(JSON.stringify(body)).digest("hex");

await fetch("/api/zeq/audit-source/<agent_id>/event", {
  method: "POST",
  headers: { "Content-Type": "application/json", "X-Zeq-Signature": sig },
  body: JSON.stringify(body),
});

Test it without writing code — click Send test event on the spawn card.

Filesystem watch needs to run on the host that has the disk. Drop the standalone daemon there, point it at your zeq-framework, list one or more directories.

git clone https://github.com/hulyasmath/zeq-framework
cd zeq-framework/apps/zeq-audit-daemon
npm install

# audit.config.yaml
api:
  base_url: https://your-zeq-deployment.example   # replace with your origin
  api_key: $ZEQ_API_KEY
  slug: <your-slug>
agents:
  - source_type: filesystem_watch
    display_name: Production logs
    config: { path: /var/log/myapp, recursive: true }

node bin/daemon.js --config audit.config.yaml

Polling agents work for any HTTP/JSON endpoint with no push. They run in api-core itself — no daemon needed. Spawn one with:

{
  "url": "https://api.example.com/status",
  "intervalZeqonds": 10,
  "emitOn": "change",
  "headers": { "Authorization": "Bearer ..." }
}

Every 10 zeqonds (~7.77 s) the adapter fetches the URL. If the SHA-256 of the body changed, it stamps a new chain row. emitOn: "every" stamps unconditionally.

MongoDB Change Streams need driver access. Run the standalone daemon on a host that can reach your Mongo cluster. npm install mongodb in the daemon directory, then:

api:
  base_url: https://your-zeq-deployment.example   # replace with your origin
  api_key: $ZEQ_API_KEY
  slug: <your-slug>
agents:
  - source_type: mongo_change_stream
    display_name: Orders database
    config:
      uri: mongodb://localhost:27017
      db: production
      collections: [orders, transactions]
      fullDocument: updateLookup

Sign in to use Audit Daemon

Audit Daemon

How it works

Pick a machine

Choose a source

Spawn an agent

Send events

Your agents

Agent detail

Spawn agent

Use it — worked examples