# `Pkcs11ex.Audit.Entry`
[🔗](https://github.com/utaladriz/pkcs11ex/blob/v0.1.0/lib/pkcs11ex/audit/entry.ex#L1)

A single entry in a hash-chained append-only audit log.

Fields:
  * `:seq` — monotonically increasing position. The first entry is `1`.
  * `:prev_hash` — `content_hash` of the previous entry. The genesis
    entry uses 32 zero bytes.
  * `:content_hash` — `SHA-256(prev_hash || canonical(seq, payload, inserted_at))`
    where `canonical/3` is `:erlang.term_to_binary(term, [:deterministic])`.
    Recomputable from `:prev_hash`, `:seq`, `:payload`, `:inserted_at` —
    `Pkcs11ex.Audit.verify/1` does exactly that walk.
  * `:payload` — application-defined. The library logs whatever you
    hand it. For signature audit, typically a map with the JWS string,
    signer subject_id from policy, key_ref, and any extra context.
  * `:inserted_at` — `DateTime.t()` in UTC, second-precision (the hash
    uses ISO-8601 string of this).

# `t`

```elixir
@type t() :: %Pkcs11ex.Audit.Entry{
  content_hash: <<_::256>>,
  inserted_at: DateTime.t(),
  payload: term(),
  prev_hash: <<_::256>>,
  seq: pos_integer()
}
```

---

*Consult [api-reference.md](api-reference.md) for complete listing*