When an AI/MCP agent renews or replaces certificates on a schedule, "it ran" is not an audit trail. This release records what changed, when, and on whose authority, in a form a third party can verify.
Added
Attribution. Every certificate-lifecycle action — create, renew, reissue, deploy, auto-renew toggle, and unattended scheduled renewals — is now recorded with a structured actor (human vs API token vs AI agent, down to the API key id) and trigger (manual, API, agent, or the scheduler job). The previously-silent success paths and scheduled renewals were emitting no audit record at all; they do now. actor.kind is derived only from the authenticated identity — the client-supplied X-CertMate-Agent-Session header is an informational claim and can never promote a caller to agent.
AI agent keys. Settings -> API Keys gains an "AI agent key" toggle (is_agent, also on POST /api/keys). Point the MCP server at a dedicated agent key and its actions are attributed as actor.kind="agent".
Tamper-evidence. Entries are written into an append-only SHA-256 hash chain (data/audit/certificate_audit.chain.jsonl): any interior modification, deletion, or reorder by anyone who cannot recompute the chain is detectable and localizable. No new dependencies. Disable with CERTMATE_AUDIT_CHAIN=0.
Verification. GET /api/audit/verify (admin) returns the verifier result (200 intact / 409 broken). A standalone, standard-library-only verifier (python -m modules.core.audit_verify) lets an auditor check the chain without running or trusting CertMate.
Docs. New docs/compliance.md maps the trail honestly to NIS2 (strongest fit), EU AI Act Art. 50 (transparency spirit), and ISO 42001 (records), with explicit non-claims; docs/api.md and docs/mcp.md updated.
Honest limits (documented)
The hash chain attests authenticity and ordering of the recorded entries. It does not detect tail truncation without an external head anchor, and does not bind the operator (who holds the file). Off-box anchoring of signed checkpoints is a planned follow-up, not in this release.
Full changelog: v2.15.0...v2.16.0