Audit Trail
Every operation is persisted. Who asked, what was planned, who approved, what executed, what was verified. Supports audit and replay. Exportable for compliance.
What Is Stored
| Data | Description |
|---|---|
| Conversation | Full message timeline. User prompts and agent responses. |
| Tool calls | Each tool call with parameters and results. |
| Approvals | Who approved or denied, when, and for which operation. |
| Execution results | Success or failure. Error messages if failed. |
| Verification | Post-action verification outcome. Match or mismatch. |
| Token usage | TTFT (time to first token), TTR (time to result). Per-request metrics. |
Tool Call Storage
Each tool call is stored with:
- Tool name and parameters (inputs).
- Result (output or error).
- Timestamp.
- Approval status (pending, approved, denied).
- Executing user (for approved operations).
You can trace any cluster change back to the conversation and approval that triggered it.
Conversation History
The full conversation is retained. This enables:
- Replay: understand what the agent was asked and how it responded.
- Debugging: trace why a particular action was taken.
- Training: review past incidents and improve prompts.
Token Usage
TTFT and TTR metrics are tracked per request. Useful for:
- Performance monitoring.
- Cost attribution (when using paid LLM APIs).
- Identifying slow model or tool responses.
Export
Audit data is exportable. Formats and scope depend on deployment configuration. Typical use cases:
- Compliance: export for SOC2, ISO 27001, or internal audit.
- Incident review: export a conversation and tool calls for post-mortem.
- Retention: archive old audit records to cold storage.
Replay
Given a stored conversation and tool call sequence, you can replay the workflow to understand exactly what happened. No guesswork. Deterministic control loop means the same inputs produce the same plan; approval and execution are recorded.