Audit Trail

Immutable, hash-chained logging for compliance and security.

Log Format

json

{
  "event_id": "evt_abc123",
  "timestamp": "2024-01-15T10:30:00.000Z",
  "action": "document.accessed",
  "actor": {
    "type": "user",
    "id": "user_456",
    "email": "user@company.com"
  },
  "resource": {
    "type": "document",
    "id": "doc_789"
  },
  "details": {
    "classification": "confidential",
    "access_reason": "search_result"
  },
  "hash": "sha256:abc123def456...",
  "previous_hash": "sha256:xyz789ghi012..."
}

Hash Chain

Each event links to the previous, creating tamper-evident log:

Event 1: hash(content) = A
Event 2: hash(content + A) = B
Event 3: hash(content + B) = C

Tampering breaks the chain.

Event Types

Event	Description
`document.uploaded`	New document
`document.accessed`	Document read
`document.deleted`	Document removed
`search.executed`	Search query
`pii.detected`	PII found
`classification.changed`	Level changed

Querying Logs

bash

curl https://api.gateflow.ai/v1/compliance/audit-log \
  -H "Authorization: Bearer gw_prod_..." \
  -G -d "start=2024-01-01" -d "action=document.accessed"

Export

bash

curl https://api.gateflow.ai/v1/compliance/audit-log/export \
  -H "Authorization: Bearer gw_prod_..." \
  -G -d "format=json" -d "period=2024-Q1" \
  -o audit_log_q1.json

Retention

Plan	Retention
Pro	90 days
Enterprise	7 years (configurable)

Next Steps

Reports - Generate reports
Litigation Holds - Legal preservation

Audit Trail ​

Log Format ​

Hash Chain ​

Event Types ​

Querying Logs ​

Export ​

Retention ​

Next Steps ​

Audit Trail

Log Format

Hash Chain

Event Types

Querying Logs

Export

Retention

Next Steps