An AI agent audit trail is an append-only record of everything an agent does: each question it answered, the sources it used and their versions, the drafts it produced, the model calls it made, and every named-owner sign-off click, timestamped and queryable. Its job is simple to state and hard to retrofit: let a compliance team reconstruct any decision the agent touched, and prove the controls were in force.
What belongs in the record
A useful trail captures the full chain for each action, from trigger through to the action taken:
- The input or trigger that started the work.
- The sources retrieved, with the document, section, and version used.
- The output the agent drafted.
- Which AI model produced it.
- Who approved it, and when.
- What action followed approval β the email sent, the record written, the file filed.
Append-only matters: entries cannot be quietly edited after the fact, so the record an auditor reads is the record of what happened. Per-tenant export matters too, so you can hand over an evidence package scoped to one organization rather than a raw firehose.
Why it has to be on by default
The failure pattern is predictable. If logging is something each workflow opts into, coverage is whatever people remembered to enable, and the one workflow that skipped it is the one the auditor asks about. If logging is a platform default that runs on every action, coverage is complete by construction and nobody has to remember anything.
The same logic that makes a named-owner checkpoint an invariant rather than a toggle applies here. A control you can switch off is a control you cannot rely on. Build the audit trail into the substrate so it cannot be disabled per workflow, and a compliance officer can trust it without auditing every configuration.
What auditors actually ask for
In practice, three things. First, a replay of specific decisions: show me what the agent did on this date for this customer, and what sources it used. Second, evidence the controls held: prove that the named-owner checkpoint was in force for the outputs that required it. Third, an export they can keep, formatted so it stands on its own.
SOC 2, GDPR, FINMA, and HIPAA reviewers each want a different cut, but the underlying need is the same: prove what happened, and prove the controls were on. A trail designed around replay and export answers all four; a raw application log answers none of them without a project.
Where Clarm fits
On Clarm, the audit log writer runs on every action as part of the substrate, append-only and exportable per tenant. The deeper mechanics β which fields, which export formats, how the evidence packages are built for each regime β are covered in Audit Trail Patterns for AI Agents. For how it fits the rest of the agent design, see the Atlas page or book a pilot discussion.