Audit Trail
The audit trail records every AI action in Neural Inverse Enterprise as a structured, immutable event. Events cannot be edited or deleted after creation. The audit trail is suitable for regulatory evidence, internal compliance review, and incident investigation.
What Is Logged
Every event in the audit trail includes:
| Field | Description |
|---|---|
eventId | Unique event identifier |
timestamp | UTC timestamp of the event |
userId | Developer identity |
orgId | Organisation |
projectId | Project at time of event |
eventType | Type of AI action (see below) |
model | Model used |
inputTokens | Input token count |
outputTokens | Output token count |
policySnapshot | Active IAM policy at time of event |
checksState | Active compliance frameworks and violation count |
enclaveResult | Whether the Enclave blocked, redacted, or passed the context |
approvalRecord | If agent action required approval, who approved and when |
Event Types
| Event Type | Triggered By |
|---|---|
chat.message | Developer sends a chat message |
completion.inline | AI inline completion generated |
agent.toolCall | Agent executes a tool (file write, terminal, git, etc.) |
agent.taskStart | Power Mode or workflow agent session starts |
agent.taskComplete | Agent session completes |
checks.violation | Checks Manager detects a violation |
checks.suppress | Developer or admin suppresses a violation |
enclave.block | Enclave blocks a request |
enclave.redact | Enclave redacts context before sending |
policy.change | IAM policy changed |
model.blocked | Developer attempts to use a blocked model |
approval.request | Developer requests access to a restricted capability |
approval.grant | Admin grants a request |
approval.deny | Admin denies a request |
Secure History
Secure History creates point-in-time compliance snapshots of a codebase. Each checkpoint records:
- Violation count by domain and severity
- Active frameworks and their versions
- Files scanned and hash of each file
- Timestamp and approving user identity
Checkpoints can be created manually or on a schedule. They are retained indefinitely and cannot be deleted.
Use Secure History to demonstrate compliance posture at a specific point in time to an auditor or regulator.
Viewing the Audit Trail
The audit trail is in the Console under Audit > Event Log.
Filter by: user, project, event type, model, date range, enclave result.
Clicking any event shows the full structured record including the policy snapshot and checks state that applied at the time.
Exporting Audit Evidence
Export events as a structured JSON bundle for external systems, regulators, or auditors.
From the Console: Audit > Export > Select date range > Export JSON
Exported bundles include a chain integrity hash (FNV-1a) that lets recipients verify the export has not been tampered with.
# Verify bundle integrity
ni-cli audit verify --bundle export-2026-06-01.jsonThe verification checks that each event's hash chain is unbroken from the first event to the last.
Storage
By default, audit events are stored in Neural Inverse-managed encrypted storage.
For data sovereignty requirements, configure your own storage backend in the Console under Manage > Audit > Storage:
- AWS S3 bucket (any region)
- Azure Blob Storage
- Google Cloud Storage
- Any S3-compatible object store
When customer-owned storage is configured, Neural Inverse writes audit events directly to your bucket. Neural Inverse does not retain a copy.
Retention
Audit events are retained indefinitely by default. Configure retention policies per event type in the Console under Manage > Audit > Retention.
Minimum retention is 90 days. Setting a retention policy to less than 90 days requires an override from Neural Inverse support.
On-Premises
On an on-premises Enterprise instance, the audit trail runs entirely inside your infrastructure. No event data leaves your network. The same export and verification tools work against your local audit service.
Last edited