Description
Currently the Ed25519 audit trail appends signed entries, but there is no automatic verification on startup. We should verify all existing signatures when the agent starts to detect any tampering.
Proposed fix
Add a verifyAll() call during nebula start initialization. If any signature fails, warn the user and log the invalid entry line numbers.
Priority
High — this is a security feature and the project is marketed as zero-trust.
Description
Currently the Ed25519 audit trail appends signed entries, but there is no automatic verification on startup. We should verify all existing signatures when the agent starts to detect any tampering.
Proposed fix
Add a
verifyAll()call duringnebula startinitialization. If any signature fails, warn the user and log the invalid entry line numbers.Priority
High — this is a security feature and the project is marketed as zero-trust.