Audit Trail
Query and verify the hash-chained audit trail.
GET /audit
Section titled “GET /audit”Query audit events with filters.
curl "http://localhost:9620/audit?agent_id=my-agent&limit=10" \ -H "Authorization: Bearer tp_admin_..."Filters
Section titled “Filters”| Parameter | Description |
|---|---|
agent_id | Filter by agent |
event_type | llm_call, llm_call_blocked, tool_executed, etc. |
limit | Max events (default: 100) |
since | ISO 8601 timestamp |
GET /audit/verify
Section titled “GET /audit/verify”Verify hash chain integrity. Recomputes SHA-256 hashes from genesis and reports any broken links.
{"verified": true, "events_checked": 1247, "chain_intact": true}Event types
Section titled “Event types”| Type | Trigger |
|---|---|
llm_call | Every governed LLM call |
llm_call_blocked | Pipeline blocks a request |
tool_executed | Agent executes a tool |
agent_registered | Agent registration |
pipeline_created | Pipeline config change |
policy_changed | OPA policy update |
SIEM export
Section titled “SIEM export”Real-time export via webhooks: CEF (Splunk/QRadar), OCSF (Amazon Security Lake), JSON (generic, HMAC-signed).