Compliance & Audit Trail

Overview

The EU AI Act requires tamper-evident logging by August 2026. Agentium provides hash-chained audit logging, data retention management, GDPR right-to-erasure, and compliance reporting — all built on any StorageDriver.

Quick Start

import { Agent, AuditLogger, openai } from "@agentium/core";
import { SqliteStorage } from "@agentium/core";

const storage = new SqliteStorage("audit.db");
const auditLogger = new AuditLogger(storage, {
  hashAlgorithm: "sha256",
});

const agent = new Agent({
  name: "compliant-agent",
  model: openai("gpt-4o"),
  compliance: {
    enabled: true,
    storage,
    retention: {
      defaultRetentionDays: 365,
      personalDataRetentionDays: 730,
    },
  },
});

Hash-Chained Audit Log

Every audit entry includes a SHA-256 hash of previousHash + content, creating a tamper-evident chain:

const entry = await auditLogger.log({
  traceId: "run-123",
  agentName: "support-agent",
  action: "llm.call",
  input: "How do I reset my password?",
  output: "To reset your password...",
  metadata: { model: "gpt-4o", tokens: 150 },
});

// entry.hash — SHA-256 of (previousHash + content)
// entry.previousHash — links to previous entry

Verify Chain Integrity

const result = await auditLogger.verify();
// { valid: true } or { valid: false, brokenAt: "entry-id" }

Audit Actions

Action	Description
`llm.call`	LLM API call with input/output
`tool.exec`	Tool execution with args/result
`handoff`	Agent-to-agent transfer
`decision`	Agent decision point
`memory.access`	Memory read/write
`output`	Final response to user

Querying the Audit Log

const entries = await auditLogger.query({
  agentName: "support-agent",
  userId: "user-123",
  fromDate: new Date("2025-01-01"),
  toDate: new Date("2025-12-31"),
  action: "llm.call",
});

PII Scrubbing

Integrate with Agentium PII Guard to automatically scrub PII before logging:

import { PiiGuard } from "@agentium/core";

const auditLogger = new AuditLogger(storage, {
  piiScrubber: new PiiGuard({ mode: "redact" }),
});

Events

Event	Payload
`compliance.audit.logged`	`{ entryId, action, agentName }`
`compliance.erasure`	`{ userId, storesErased, entriesAnonymized }`
`compliance.retention.purged`	`{ purgedCount }`

Conversational Testing Data Retention & Erasure

Getting Started

Agents

Memory

Skills

Handoff

Cost Tracking

Semantic Cache

Eval Framework

Compliance & Audit

Culture System

Webhooks

Capacity Planning

Observability

Voice Agents

Browser Agents

Models

Teams

Workflows

Storage

Knowledge & RAG

Toolkits

MCP (Model Context Protocol)

A2A (Agent-to-Agent)

Edge & IoT

Transport

Queue

Scheduling

Advanced Features

Compliance & Audit Trail

Overview

Quick Start

Hash-Chained Audit Log

Verify Chain Integrity

Audit Actions

Querying the Audit Log

PII Scrubbing

Events

Getting Started

Agents

Memory

Skills

Handoff

Cost Tracking

Semantic Cache

Eval Framework

Compliance & Audit

Culture System

Webhooks

Capacity Planning

Observability

Voice Agents

Browser Agents

Models

Teams

Workflows

Storage

Knowledge & RAG

Toolkits

MCP (Model Context Protocol)

A2A (Agent-to-Agent)

Edge & IoT

Transport

Queue

Scheduling

Advanced Features

Documentation Index

​Overview

​Quick Start

​Hash-Chained Audit Log

​Verify Chain Integrity

​Audit Actions

​Querying the Audit Log

​PII Scrubbing

​Events

Overview

Quick Start

Hash-Chained Audit Log

Verify Chain Integrity

Audit Actions

Querying the Audit Log

PII Scrubbing

Events