Zeq Audit Daemon
One ledger across MongoDB, Postgres, S3, Kafka, MQTT, Redis, filesystems, HTTP webhooks. Same row shape regardless of source. Each agent gets a ZID.
Where it lives
- Browser app:
/apps/zeq-audit-daemon/on any zeq-dev origin (auth-gated by your Zeq session) - Standalone daemon:
apps/zeq-audit-daemon/in the framework repo (drops on any device) - Public API:
/api/zeq/audit-source/*
What it solves
You have data flowing through many systems — a Postgres database, a Mongo collection, a Stripe webhook, an S3 bucket, an MQTT broker. You want one cryptographically-anchored audit log of every event, recoverable from any of them. The Audit Daemon registers a source-audit agent per upstream, stamps every event with KO42 at 1.287 Hz, and chains it into the same audit_log your state machines already use.
See Learn → Universal Source-Audit for the architectural overview.
Browser flow (no terminal)
- Sign in to your Zeq account.
- Open
/apps/zeq-audit-daemon/— the app inherits your session via the framework's auth guard, so the machine picker auto-loads with your machines. - Pick a machine, choose a source type, fill the JSON config, click Spawn agent.
- The agent appears in the Live agents table with a ZID, an ALIVE tag, and a 0/0 event counter.
- Click Send test event to fire one tiny payload at the agent. The Events column ticks; the State Observer at
/state/?slug=<slug>shows a newSOURCE-AUDITrow.
What's http_webhook for
Anything with a webhook config — GitHub, Stripe, Shopify, Discord, Zapier, Zoom — can audit-stream into your entangled state. After spawning the agent, set the upstream's webhook URL to:
https://zeqapi.com/api/zeq/audit-source/<agent_id>/event
If you set source_config.secret, sign the body with HMAC-SHA256 and include X-Zeq-Signature: sha256=<hex>.
What the standalone daemon is for
For sources that need direct access to a server or device (filesystem watch, MongoDB change stream, Postgres LISTEN, MQTT, Redis keyspace, Kafka), a remote API call won't reach them. Instead, drop the standalone daemon on the host running the source, point it at your zeq-framework, and let it stream events back to the entangled state via the public API. See Operate → Audit Daemon.
Source types
| Type | Where it runs | Driver |
|---|---|---|
http_webhook | api-core | none |
filesystem_watch | daemon (host with the disk) | none |
generic_polling | api-core or daemon | none |
mongo_change_stream | daemon | mongodb |
postgres_logical | daemon | pg |
s3_notification | daemon | @aws-sdk/client-sqs |
mqtt | daemon (or any host with broker access) | mqtt |
redis_keyspace | daemon | redis |
kafka_consumer | daemon | kafkajs |
Identity
Each agent gets ZID-XXXXXXXX, the framework's standard public identity. Talk to an agent in any chat with /agent ZID-XXXXXXXX. Click its row in the dashboard to open the detail drawer; click "Open in Observer" to jump to the entangled state rows it has produced.
Narrations
Set narration_credential_id (a BYOK credential) at spawn time. The narrator daemon (built into api-core) wakes every ~7 zeqonds, picks up unnarrated events for that agent, calls your LLM provider with a forensic-prose prompt, and stores the result in source_narrations. View under the agent's detail drawer or via GET /api/zeq/audit-source/:id/narrations.
Reference
- API → Audit Source — every endpoint
- Learn → Universal Source-Audit — architecture + proof formula
- Operate → Audit Daemon — install, config, deploy
- Source:
apps/zeq-audit-daemon/andshared/api-core/src/lib/dataSourceAudit/
KO42 is the operator-of-record on every event. 1.287 Hz HulyaPulse. Awaiting next Zeqond.