Docs / Security / Audit Trail

Immutable audit trail.

Every decision generates a tamper-evident record with policy basis and evidence hash.

Control Map Evidence Model

How to use

1. Review control

Understand the control definition.

2. Verify implementation

Confirm evidence output exists.

3. Export proof

Generate evidence for auditors.

4. Monitor drift

Track changes to control posture.

Audit record structure

{
  "audit_id": "aud_9f2e4c1a8b7d6f3e",
  "decision": "DENY",
  "policy_basis": ["PB-042"],
  "reasoning": "VIOLATION - retention policy",
  "evidence_hash": "sha256:7f3e9a2c1d8b...",
  "timestamp": "2026-02-12T18:12:11Z"
}

Guarantees

Immutable hashes for every decision

Decision replay produces identical outcome

Exports include verification receipts

Key API endpoints

GET /evidence/ledger — decision ledger

GET /evidence/packet — export packet

Evidence outputs

Immutable audit ledger

Evidence packet receipts