Lightbox is a flight recorder for AI agents that creates tamper-evident logs of tool executions. It provides:

1. Append-only logging: Events can only be added, never modified
2. Hash chain integrity: Each event includes the hash of the previous
3. Offline verification: No network required to verify a session
4. Content integrity: Any modification is detectable

1. Confidentiality: Event logs are stored in plaintext
2. Authentication: No proof of WHO created the log
3. Non-repudiation: Without signatures, origin cannot be proven
4. Secure storage: Files use standard filesystem permissions

lightbox verify <session>

1. Each event's hash matches its computed hash
2. Each event's prev_hash matches the previous event's hash
3. First event has prev_hash=null
4. No truncated/incomplete lines (except crash recovery)

1. Timestamps are accurate
2. Tool outputs are truthful
3. Events are complete (no dropped events before recording)
4. Log hasn't been entirely replaced

1. Per-session signatures: Sign the final hash to prove authorship
2. External anchoring: Publish session hashes to immutable stores
3. Timestamping: Third-party timestamp services for time proofs

v1 uses SHA-256. This provides:

• 256-bit collision resistance
• Widely supported and audited
• Sufficient for integrity verification

1. Protect the ~/.lightbox directory with appropriate permissions
2. Back up sessions to immutable storage for long-term evidence
3. Consider external anchoring for high-stakes applications

1. Verify sessions immediately upon receipt
2. Compare session hashes out-of-band when possible
3. Check for truncation warnings (may indicate interrupted writes)

1. Don't store secrets in tool inputs/outputs - use redaction
2. Consider size limits for large payloads
3. Use the content_hashes field when redacting for verifiability

For security issues, please email security@uselightbox.app rather than opening a public issue.