Fix audit log surviving killswitch activation

The audit.jsonl file (containing usernames, actions, timestamps) was not included in the PurgeScope.ALL destruction steps. An adversary with filesystem access after a failed or partial purge could recover operational evidence. Added destroy_audit_log step after temp files, before config deletion. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-01 19:45:14 -04:00 · 2026-04-01 19:45:14 -04:00 · 792254699c
commit 792254699c
parent 0d8c94bf82
1 changed files with 1 additions and 0 deletions
--- a/src/soosef/fieldkit/killswitch.py
+++ b/src/soosef/fieldkit/killswitch.py
@ -98,6 +98,7 @@ def execute_purge(scope: PurgeScope = PurgeScope.ALL, reason: str = "manual") ->
                ("destroy_attestation_log", lambda: _secure_delete_dir(paths.ATTESTATIONS_DIR)),
                ("destroy_chain_data", lambda: _secure_delete_dir(paths.CHAIN_DIR)),
                ("destroy_temp_files", lambda: _secure_delete_dir(paths.TEMP_DIR)),
+                ("destroy_audit_log", lambda: _secure_delete_file(paths.AUDIT_LOG)),
                ("destroy_config", lambda: _secure_delete_file(paths.CONFIG_FILE)),
                ("clear_journald", _clear_system_logs),
            ]