Skip to main content
The audit trail is the why behind every decision. Append-only, hash-chained, and shipped to an offsite mirror within minutes. Compliance reads from it; engineers can’t write to it after the fact.

What gets logged

The route, the actor, the status, and the elapsed time. PII fields are redacted to hashes; the full payload is referenced by hash for export.
Full execution history — which nodes ran, what they read, what they wrote, how long they took, what they returned.
The submission code, narrative hash, approver identity, regulator-returned reference number, and the destination jurisdiction. Globally framed so the same record format covers COAF in Brazil, FinCEN in the US, MAS in Singapore, and any future destination.

What is not in the log

  • Image binaries (selfies, document scans) — stored at the identity vendor with a separate, longer retention.
  • PII payloads beyond redacted hashes — to keep the log queryable without becoming a PII honeypot.
  • AI prompts and completions verbatim — only the structured outputFields are persisted with the decision. The prompts are versioned with the workflow definition.