Audit Trail
The Audit Trail is the immutable, hash-chained log of every governance decision made by TheWARDN. It provides a tamper-evident, complete record of all governed actions.
Overview
Every action that passes through the governance pipeline -- whether cleared, held, or blocked -- is recorded in the audit trail. Each record is linked to the previous record via a cryptographic hash chain, making it impossible to alter or remove entries without detection.
Browsing the Audit Log
The audit trail displays a chronological list of all governed actions. Each entry shows:
- Timestamp
- Agent name
- Action type
- Verdict (CLEARED / HELD / BLOCKED)
- Tier assignment
Filtering
Use the filter controls to narrow the audit trail:
| Filter | Options |
|---|---|
| Date Range | Start and end date/time |
| Agent | Select a specific registered agent |
| Verdict | CLEARED, HELD, or BLOCKED |
| Tier | A (autonomous), B (supervised), C (controlled), X (prohibited) |
Full Record Detail
Click any audit entry to view the complete governance record:
| Field | Description |
|---|---|
seq | Sequence number -- monotonically increasing identifier |
hash | SHA-256 hash of the current record |
prev_hash | SHA-256 hash of the preceding record (forms the hash chain) |
verdict | The governance decision: CLEARED, HELD, or BLOCKED |
tier | The governance tier assigned to the action |
action_type | What the agent attempted to do |
target_service | The downstream service the action targets |
confidence | The confidence score submitted with the action |
policies_fired | List of CHAM policies that evaluated and triggered |
reasoning | Human-readable explanation of the governance decision |
Hash Chain Verification
The audit trail uses a SHA-256 hash chain to guarantee integrity. Each record's hash is computed from the record's contents combined with the prev_hash of the preceding record. This creates an unbroken chain from the first record to the most recent.
How Verification Works
- Start from any record in the chain
- Recompute the hash from the record's contents and its
prev_hash - Compare the computed hash against the stored
hash - If they match, the record has not been tampered with
- Repeat for each record in the chain
The console provides a Verify Chain button that runs this verification automatically and reports any integrity violations.
TIP
Run hash chain verification periodically, especially before compliance audits. A passing verification confirms that no audit records have been altered since creation.
WARNING
The hash chain is append-only. Records cannot be edited or deleted. This is by design -- an immutable audit trail is a requirement for regulatory compliance frameworks including SOC 2, HIPAA, and the EU AI Act.
Exporting
Export the audit trail in two formats:
- PDF -- Formatted report suitable for compliance submissions and executive review
- CSV -- Raw data export for analysis in spreadsheets or data tools
Exports respect active filters, so you can generate targeted reports (e.g., all BLOCKED actions for a specific agent in the last 30 days).
Related Features
- Live Monitor -- Real-time view of governance events as they happen
- Violation Log -- Violations reference audit trail records
- Reports -- Generate formatted reports from audit data
- Governance Replay -- Replay historical decisions against current policies