Concepts

The audit trail

Every guardrail decision — accept, reject, even agent-only validates — is persisted with the rule, the payload, and the IPS version at the time.

What gets logged

Every call to validate_trade and propose_trade, regardless of outcome.
The full payload (action, asset, amount), the decision (allowed / blocked), the violations if any, the IPS version at the moment of the call, and a portfolio snapshot.
The agentId when the request came from an agent key (the key id, not the plaintext). Lets you attribute decisions to a specific key.
The checkedAt timestamp.

Querying

From an agent: GET /api/agent/v1/audit?limit=25. Returns the most recent decisions across every actor — human or agent — on the user.

bash

curl -H "Authorization: Bearer ac_live_…" \
  https://api.advisorscrypto.com/api/agent/v1/audit?limit=10

Example response

One audit row

{
  "id": 9281,
  "checkedAt": "2026-06-15T05:48:11Z",
  "agentId": "ac_live_xX12…",
  "payload": {
    "action": "buy",
    "assetSymbol": "ETH",
    "assetType": "crypto",
    "amountUsd": 25000
  },
  "allowed": false,
  "violations": [
    {
      "rule": "crypto_max_allocation",
      "message": "Would push crypto sleeve to 36.4% — cap is 35%.",
      "limit": 0.35,
      "actual": 0.364
    }
  ],
  "ipsVersion": 7
}

How to use the audit log

Self-correcting agents. Before retrying a previously-blocked proposal, fetch the audit and inspect the violation. Shape your retry to fit.
Attribution. The agentId tags every row so you can identify which key submitted which decision — useful when running multiple agents on the same account.
Compliance. Same audit substrate the SEC registration relies on. Agent calls don’t bypass it; they just join the feed.

Last updated 2026-06-15

Suggest an edit·Changelog