Auditable, PII-less Event Logging Engine with Cryptographic Chaining
for WordPress / WooCommerce

ARIVENT LOG is a selective event logging engine designed for privacy-first telemetry and forensic-friendly integrity checks.
Unlike generic analytics or tracking solutions, it follows a strict Privacy-by-Design, Data Minimization, and Tamper-Evident Logging philosophy.

The primary goal is to capture business-relevant events with high signal quality, while minimizing personal data exposure and operational complexity.

Most logging and analytics systems prioritize completeness and long-term correlation.
ARIVENT LOG intentionally does the opposite:

• Less data, higher quality
• No cookies, no persistent identifiers
• Short retention
• Integrity over attribution

This makes the system suitable for compliance-sensitive environments where auditability matters more than behavioral profiling.

Only explicitly allowed event types and payload keys are persisted.
This improves:

• Signal-to-Noise Ratio (SNR)
• Analyst usability
• Storage efficiency
• GDPR-compliant data minimization

• Full URLs are never stored.
• Query strings are removed entirely.
• URLs are reduced to their path component only.
• Additional regex-based sanitization removes common PII-like path patterns.

This prevents accidental storage of:

• email addresses
• order IDs
• user identifiers embedded in URLs

• No cookies
• No localStorage
• No client-side identifiers

This significantly simplifies compliance with ePrivacy and consent requirements.

Instead of persistent user identifiers, ARIVENT LOG derives a short-lived session hash from:

• truncated IP address (never stored in cleartext)
• User-Agent
• Accept-Language
• 15-minute rolling time window

Design trade-off:
Session collisions are intentionally accepted to reduce identifiability and prevent long-term profiling.

Each event stores:

• event_prev_hash
• event_hash

The hash of each event includes the hash of its predecessor, forming a session-local cryptographic chain.

Result:
Any retrospective modification of a database row breaks the chain and becomes detectable during verification.

This provides tamper-evidence, not cryptographic authentication or legal non-repudiation.

• A scheduled cleanup removes log entries older than 48 hours.
• This enforces storage limitation and reduces attack surface.
• Short retention intentionally limits the economic value of stored data.

ARIVENT LOG follows a Privacy-by-Design and Forensic-Integrity architecture.
All core decisions are intentional and aligned with data minimization, auditability, and secure-by-default principles.

• No clear IP storage
• No full URLs
• No names, emails, or persistent identifiers
• Short-lived, ephemeral session hashing
• No cookies or client-side storage

• Cryptographic event chaining using SHA-256
• Each log entry references its predecessor
• Retrospective database manipulation becomes detectable
• Integrity protection is evidentiary, not authentication-grade

• Strict whitelist for:
  • allowed event types
  • allowed payload keys per event
• Prevents log spam and alert fatigue
• Aligns with GDPR data minimization principles

• The logging engine is deliberately decoupled from the database layer
• The implementing insert method MUST use Prepared Statements
  • e.g. $wpdb->prepare() or PDO prepared statements
• No raw user input may ever reach SQL execution
• Frontend input is always treated as untrusted

ARIVENT LOG intentionally uses plain SHA-256 for event chaining.

• Auditability without secrets
  Any auditor with database access can verify the chain without secret key material.

• Integrity, not authentication
  The hash chain serves tamper detection, not identity verification or access control.

• Inherent dataset uniqueness
  Each hash already incorporates:

  • timestamp
  • session context
  • predecessor hash
    Rainbow-table style attacks are irrelevant in this context.

• Short retention window
  With a rolling ~48h storage window, the economic incentive for cryptanalytic attacks is negligible.

For stricter threat models, adopters may:

• replace SHA-256 with HMAC-SHA256
• export periodic root hashes to an external anchor

These options are deliberately not default to preserve simplicity and portability.

• Primary protection: accidental modification, partial DB tampering, low-effort manipulation
• Out of scope: fully compromised application logic or hostile DB administrators with full rewrite capability
• Design principle: low-value data + integrity evidence + minimal retention

1. Load all events for a given event_session_hash
2. Recompute each hash using stored data + event_prev_hash
3. Compare against stored event_hash
4. Any mismatch indicates integrity failure

MIT License

This project does not constitute legal advice.
Evaluate GDPR / ePrivacy requirements for your jurisdiction and use case independently.

ARIVENT LOG is intentionally designed as a decoupled module, not a standalone application or a turn-key plugin.

• Insert Handling: Prepared Statements should be implemented in db handler.
• Library Core: The core logic provides the hashing, sanitization, and chaining algorithms.
• Database Decoupling: To maintain flexibility and on-premise sovereignty, the database interaction layer is abstracted.
• Implementation Requirement: Adopters must provide their own database handler (e.g., via a wrapper class).
• Security Accountability: It is the implementer's responsibility to ensure that the final database insert method utilizes Prepared Statements to prevent SQL Injection.

This project is a voluntary community contribution designed to provide a secure-by-default logging framework for high-compliance environments.

• As-Is Basis: This software is provided "as is," without warranty of any kind, as defined in the MIT License.
• No Official Support: I do not provide professional support, installation services, or guaranteed maintenance for this repository.
• Educational Purpose: The codebase serves as a reference for Forensic Integrity and Privacy-by-Design principles within the CySA+ framework.
• Contributions: While I may review Pull Requests that align with the security goals of this project, I encourage users to fork and adapt the logic to their own specific on-premise infrastructure requirements.

Author: Murat Arici

Security & Integrity Verification Security & Integrity Verification In high-compliance and on-premise architectures, ensuring software integrity is a critical component of Supply Chain Security. Since ARIVENT LOG operates without cloud dependencies to maintain absolute Data Residency, the responsibility for verifying the "Known Good State" of the code lies with the local administrator.

The following SHA-256 checksum provides a cryptographic baseline to ensure the module has not been altered during transit or storage (Tamper-Evidence):

File Name: ARIVENT LOG.php

Algorithm: SHA-256

Expected Hash: 3C015B8208FA9CBA4B9EBA23A0DF68DC737FA927171C53C3C247AA414993ECAE