Neural Inverse is Open Source →
DocsAudit Trail

Audit Trail

The audit trail records every AI action in Neural Inverse Enterprise as a structured, immutable event. Events cannot be edited or deleted after creation. The audit trail is suitable for regulatory evidence, internal compliance review, and incident investigation.

What Is Logged

Every event in the audit trail includes:

FieldDescription
eventIdUnique event identifier
timestampUTC timestamp of the event
userIdDeveloper identity
orgIdOrganisation
projectIdProject at time of event
eventTypeType of AI action (see below)
modelModel used
inputTokensInput token count
outputTokensOutput token count
policySnapshotActive IAM policy at time of event
checksStateActive compliance frameworks and violation count
enclaveResultWhether the Enclave blocked, redacted, or passed the context
approvalRecordIf agent action required approval, who approved and when

Event Types

Event TypeTriggered By
chat.messageDeveloper sends a chat message
completion.inlineAI inline completion generated
agent.toolCallAgent executes a tool (file write, terminal, git, etc.)
agent.taskStartPower Mode or workflow agent session starts
agent.taskCompleteAgent session completes
checks.violationChecks Manager detects a violation
checks.suppressDeveloper or admin suppresses a violation
enclave.blockEnclave blocks a request
enclave.redactEnclave redacts context before sending
policy.changeIAM policy changed
model.blockedDeveloper attempts to use a blocked model
approval.requestDeveloper requests access to a restricted capability
approval.grantAdmin grants a request
approval.denyAdmin denies a request

Secure History

Secure History creates point-in-time compliance snapshots of a codebase. Each checkpoint records:

  • Violation count by domain and severity
  • Active frameworks and their versions
  • Files scanned and hash of each file
  • Timestamp and approving user identity

Checkpoints can be created manually or on a schedule. They are retained indefinitely and cannot be deleted.

Use Secure History to demonstrate compliance posture at a specific point in time to an auditor or regulator.

Viewing the Audit Trail

The audit trail is in the Console under Audit > Event Log.

Filter by: user, project, event type, model, date range, enclave result.

Clicking any event shows the full structured record including the policy snapshot and checks state that applied at the time.

Exporting Audit Evidence

Export events as a structured JSON bundle for external systems, regulators, or auditors.

From the Console: Audit > Export > Select date range > Export JSON

Exported bundles include a chain integrity hash (FNV-1a) that lets recipients verify the export has not been tampered with.

# Verify bundle integrity
ni-cli audit verify --bundle export-2026-06-01.json

The verification checks that each event's hash chain is unbroken from the first event to the last.

Storage

By default, audit events are stored in Neural Inverse-managed encrypted storage.

For data sovereignty requirements, configure your own storage backend in the Console under Manage > Audit > Storage:

  • AWS S3 bucket (any region)
  • Azure Blob Storage
  • Google Cloud Storage
  • Any S3-compatible object store

When customer-owned storage is configured, Neural Inverse writes audit events directly to your bucket. Neural Inverse does not retain a copy.

Retention

Audit events are retained indefinitely by default. Configure retention policies per event type in the Console under Manage > Audit > Retention.

Minimum retention is 90 days. Setting a retention policy to less than 90 days requires an override from Neural Inverse support.

On-Premises

On an on-premises Enterprise instance, the audit trail runs entirely inside your infrastructure. No event data leaves your network. The same export and verification tools work against your local audit service.


Was this page helpful?

Last edited