AnchorLog

Nobody trusts logs during disputes - you control them. Anchor gives you immutable observability: log normally, critical events get proof automatically. Neutral evidence that can't be disputed.

Comment

Inspiration

During a critical production incident at 3 AM, we discovered something terrifying: someone had deleted the logs. The evidence of what went wrong was gone, and we had no way to prove what happened or who was responsible.

Traditional observability tools are powerful, but they share a fatal flaw: logs can be tampered with, deleted, or altered. When your monitoring system itself becomes a liability, where do you turn?

We built AnchorLog to solve this problem by combining cutting-edge AI analysis with blockchain's immutability. Every critical event gets analyzed by Claude AI and anchored to the Sui blockchain, creating an immutable audit trail that can't be erased, even by your own admins.

## What it does

AnchorLog is an AI-powered observability platform with blockchain-verified proof. Here's how it works:

  1. Real-time Event Logging - Capture HTTP requests, errors, and critical events from your applications
  2. Claude AI Analysis - Every incident is automatically analyzed by Anthropic's Claude, providing instant insights and root cause analysis
  3. Blockchain Anchoring - Critical events are batched, merkle-hashed, and permanently anchored to Sui blockchain
  4. Tamper-Proof Verification - Anyone can verify any event actually occurred using cryptographic proofs
  5. Session Analytics - Track user sessions with geographic data and behavior patterns
  6. Resource Monitoring - Monitor system health (CPU, memory, disk, PM2 processes)

The result? An observability platform where truth is mathematically provable, not just administratively controlled.

## How we built it

Frontend Stack:

  • Next.js 15 with App Router and React Server Components
  • TypeScript for type safety across 10,000+ lines of code
  • TailwindCSS for rapid UI development
  • Lucide Icons for consistent design language

Backend Stack:

  • Express.js with session-based authentication
  • PostgreSQL for high-performance event storage (handles 10k+ events/day)
  • Anthropic Claude API for AI-powered incident analysis
  • Sui Move smart contracts for blockchain anchoring

DevOps & Testing:

  • PM2 for production process management
  • Playwright E2E test suite with visual regression testing
  • GitHub Actions ready for CI/CD

The Architecture:

  1. Applications send events to our Express API
  2. Events are stored in PostgreSQL with geographic enrichment
  3. Claude AI analyzes batches of events (cost-optimized at ~$2-3/day)
  4. Critical events are merkle-hashed and anchored to Sui testnet
  5. Next.js dashboard provides real-time monitoring and AI insights

Key Innovation: We batch events into Merkle trees before anchoring, reducing blockchain costs by 1000x while maintaining cryptographic proof for every individual event.

## Challenges we ran into

1. Blockchain Transaction Costs

  • Problem: Anchoring every event individually would cost $100+/day on mainnet
  • Solution: Implemented Merkle tree batching - anchor one root for thousands of events
  • Result: Reduced costs to ~$0.10/day while maintaining individual event proofs

2. AI API Budget Management

  • Problem: Claude API could easily exceed $50/day with naive usage
  • Solution: Strategic batching, caching, and daily spend limits
  • Result: Intelligent analysis at $2-3/day, analyzing 144 batches daily

3. PostgreSQL Bigint Type Coercion

  • Problem: JavaScript received timestamps as strings, causing NaN in React
  • Solution: Database utility layer with automatic type conversion (SCHEMAS pattern)
  • Result: Clean type safety across the stack

4. Time Constraints

  • Challenge: Built entire platform in 36 hours during CalHacks
  • Solution: Parallel development with Claude Code, strategic feature prioritization
  • Result: Fully functional production deployment with E2E tests

5. Session Deduplication

  • Problem: Initial analytics showed every request as separate session (flooding UI)
  • Solution: Server-side grouping by IP + 24hr window, <10ms queries
  • Result: Clean session-based analytics with expandable event details

## Accomplishments that we're proud of

๐Ÿ† Production-Ready Deployment - Not just a demo! Running on real infrastructure with PM2, PostgreSQL, and monitoring

๐Ÿง  Real AI Integration - Claude actually analyzes incidents and provides actionable insights (not fake/mocked)

โ›“๏ธ Live Blockchain Anchoring - Events are genuinely anchored to Sui testnet with verifiable proofs

๐Ÿ“Š Session Analytics - Built sophisticated session grouping with geographic tracking (IP โ†’ country/region/city)

๐ŸŽจ Polished UI - Clean, responsive dashboard with 6 tabs (Overview, Analytics, Events, Threats, Resources, Security)

๐Ÿงช Full Test Coverage - Playwright E2E suite with visual regression testing, smoke tests, and critical path validation

๐Ÿ“ฆ Type-Safe Codebase - 100% TypeScript frontend with comprehensive type definitions

โšก Performance - Handles 10k+ events/day, sub-10ms database queries, instant UI updates

## What we learned

Blockchain Integration at Scale:

  • Merkle trees are incredibly powerful for cost optimization
  • Sui's Move language has excellent tooling and documentation
  • PTB (Programmable Transaction Blocks) enable complex on-chain logic

AI API Optimization:

  • Batching is essential for cost control (analyze 50 events at once, not 1 at a time)
  • Strategic caching prevents redundant API calls
  • Daily budget limits protect against runaway costs

Next.js 15 App Router:

  • React Server Components eliminate tons of client-side JavaScript
  • Server Actions simplify data mutations
  • File-based routing scales beautifully

Production PostgreSQL:

  • Proper indexing is everything (added indexes on app_name, timestamp, ip)
  • Bigint type coercion needs careful handling in JavaScript
  • Connection pooling prevents database overload

DevOps & Monitoring:

  • PM2 ecosystem files make multi-service deployment trivial
  • Visual regression testing catches UI bugs before production
  • SSH tunneling for secure database access during development

## What's next for AnchorLog

Short-term (Post-Hackathon):

  • ๐Ÿ” Auth Upgrade - Replace env-based auth with database + bcrypt
  • ๐Ÿ“ฑ Mobile App - React Native companion for on-the-go incident response
  • ๐Ÿ”” Alert System - Slack/Discord/PagerDuty integrations for critical events
  • ๐Ÿ“ˆ Advanced Analytics - Anomaly detection, trend analysis, predictive alerts

Medium-term:

  • ๐ŸŒ Multi-tenant SaaS - Support multiple organizations with isolated data
  • ๐Ÿค– Enhanced AI - Custom incident playbooks, automated remediation suggestions
  • โ›“๏ธ Mainnet Deployment - Move from Sui testnet to mainnet for production anchoring
  • ๐Ÿ” Blockchain Explorer - Public verification portal for anyone to verify events

Long-term Vision:

  • ๐Ÿข Enterprise Features - SSO, RBAC, compliance reporting (SOC2, HIPAA)
  • ๐Ÿ”— Cross-chain Support - Anchor to multiple blockchains (Ethereum, Solana, etc.)
  • ๐Ÿ“Š Advanced ML Models - Train custom models on historical incident data
  • ๐ŸŒ Open Source Community - Make AnchorLog a standard for verifiable observability

The Big Picture: We envision AnchorLog becoming the industry standard for trustworthy observability. In a world where data breaches and insider threats are common, organizations need monitoring they can prove is accurate. AnchorLog provides that proof through cryptography, not policy.

Built With

Share this project:

Updates