Why it matters

Audit trails are compliance + accountability requirement. Understanding shapes production apps.

Advertisement

The architecture

Log per-turn: user ID, session ID, prompt hash, model called, tools invoked, response hash.

Structured format: JSON for queryable.

Audit logging stackPer-turn eventsstructuredPersistent storewith retentionQuery + reviewcompliance + debugRedact PII in audit; keep pointers not raw content when privacy matters
Audit flow.
Advertisement

How it works end to end

Retention: per regulatory requirements (7 years for financial, etc.).

Immutability: append-only; tamper detection.

Query: enable searching by user, session, event type.

PII: redact sensitive content while preserving traceability.