Audit segregation

What gets logged

The same audit substrate the SEC registration relies on. Every guardrail decision — accept, reject, blocked by per-key policy, blocked by IPS — is persisted with:

• The user the call was for.
• The agent key id if applicable (attribution).
• The organization id if the call came through an org-scoped key or org member action.
• The payload (action, asset, amount), the decision, the violations if any, and the IPS version at the time.
• The timestamp and a snapshot of the portfolio state.

Who sees what

• Individual user — their own audit log across every key and every actor (UI + agent + admin). They don’t see org-scoped audit if their account is part of a tenant.
• Org compliance / admin / owner — every row tagged with their org id, across every member. Can export.
• Org adviser — only rows where the target user is in their client book.
• AC operations — the union, gated by internal admin role. Used for SEC examinations and incident response.

Querying as compliance

# All org-scoped guardrail decisions in the last 24h:
curl -H "Authorization: Bearer ac_live_..." \
  "https://api.advisorscrypto.com/api/agent/v1/audit?scope=org&since=24h"

Export

Compliance and owner roles can export an audit slice as CSV or JSONL. We don’t support streaming export for the wire — small enough orgs grab the file directly, large orgs we onboard with an Athena-style query proxy.

Retention

Audit rows are retained for the lifetime of the organization plus the regulatory minimum (7 years for SEC books-and-records purposes). Deactivating a member doesn’t delete their historical audit; deleting the org cascades the rows.

Schema details

The guard_rail_audit_logs table doesn’t currently carry an organization_id column. Org attribution is derived at query time by joining through the agent_api_keys table on agentId. A dedicated column is on the roadmap and will land alongside the org-scoped CSV export.