How to read the command ledger
TopicFrom the PointSav Documentation
The Command Ledger is the append-only audit record of everything a Totebox operator session has produced — commands executed, records verified, messages sent, and session boundaries. Reading the ledger is how you understand the history of a session, audit what changed during a window, and verify that a record was written in the sequence you expected.
For the Command Ledger's place in the session architecture, see console-os. For how the underlying storage layer works, see service-fs-architecture.
[edit]Prerequisites
- An active Totebox session (see open-first-totebox-session)
- F12 Input Machine available (see app-console-input)
[edit]Read the ledger in the Input Machine (F12)
The Input Machine at F12 surfaces ledger activity alongside the verification queue.
- Press F12 to open the Input Machine.
- Use the tab or arrow keys to navigate to the Ledger view (shown in the navigation strip as
LEDGER). - The ledger displays entries in chronological order, newest at the bottom. Each entry shows a timestamp, entry type, and a short summary.
- Use Page Up / Page Down to scroll; / to search entries by keyword.
[edit]Entry types
| Type | Meaning |
|---|---|
SESSION_OPEN |
A Totebox session was started with the listed identity |
SESSION_CLOSE |
The session was closed; duration recorded |
RECORD_VERIFIED |
A human operator confirmed a record through F12 |
RECORD_REJECTED |
A record was rejected; routed to quarantine |
MESSAGE_SENT |
An outbound message was dispatched |
CHECKPOINT |
A signed proof of ledger state was written (periodic) |
[edit]Verify a specific entry
To confirm that a record is genuinely in the ledger (and not altered after the fact):
- Note the entry's position (row index) and its displayed hash suffix.
- Export the corresponding tile using the
read_sinceoperation on the CLI or the service-fs API. - Compute the SHA-256 hash of the tile and compare it to the checkpoint hash for that position.
A mismatch indicates tampering — the WORM guarantee covers the chain from the first write, not just the visible summary.
For the verification procedure in detail, see verify-worm-ledger.
[edit]Export ledger entries
In the Input Machine's Ledger view, press e to export a date range as a local text file. The file format is plain-text C2SP tlog-tiles — readable without any PointSav tooling.
[edit]Key takeaways
- The Command Ledger is append-only; no entry can be modified or deleted
- The Input Machine (F12) surfaces ledger activity alongside the verification queue — they are two views of the same audit trail
- Checkpoint hashes enable third-party verification without a live service
- Exporting tiles produces standard C2SP tlog-tiles format; any SHA-256 implementation can verify the chain
[edit]See also
- console-os — the Command Ledger's role in the session architecture
- service-fs-architecture — the WORM storage layer that persists ledger entries
- worm-ledger-architecture — what the WORM guarantee covers and what it does not
- verify-worm-ledger — step-by-step ledger verification procedure
- app-console-input — the Input Machine and its ledger view