BBonis Systems
KQL · Knox Query Language

SQL for evidence.

Query the Knox event log with a familiar grammar. Every result row is a hash-chained, eventually Bitcoin-anchored fact. KQL parses to a typed AST and translates to a parameterized read-only query — never raw SQL.

Grammar
SELECT <fields | *>
  FROM <aggregateType>
  [WHERE <predicate> [AND|OR <predicate> ...]]
  [SINCE "<iso-timestamp>" | LAST <n> minutes|hours|days]
  [ORDER BY <field> [ASC|DESC]]
  [LIMIT <n>]

count(*) supported. Field paths into payload JSON via "payload.<key>".
Operators: =  !=  <  <=  >  >=