Summary
Add immutable, structured audit records for every agent decision, tool call, and approval event — formatted for compliance officers (SOC 2, FedRAMP, HIPAA). This is distinct from distributed tracing (debugging) and metrics (operations). Audit logs must be append-only, tamper-evident, and support configurable PII redaction.
Requirements
AuditStore ABC with null/sqlite/postgres backends- Append-only enforcement — no UPDATE/DELETE on audit records
- HMAC chain linking each record to the previous (tamper detection)
- Configurable PII redaction patterns applied before write (regex-based, extensible)
- Retention policies with scheduled purge after configurable period
- Audit records capture: who (user/tenant), what (action type, tool name, arguments), when (timestamp), outcome (success/failure/approval status), model used
AuditConfig in ServerConfigGET /v1/audit endpoint with time range and filter queries (admin-only)
FIPS Considerations
HMAC must use SHA-256 (FIPS-approved), not SHA-1. PII redaction is a compliance concern, not a FIPS concern.
Implementation Notes
Extends existing TraceStore infrastructure with compliance-specific storage semantics. Same observer pattern — AuditCollector wraps astep_stream() and emits audit records for each significant event. The HMAC chain provides tamper evidence: each record's HMAC covers the previous record's HMAC plus the current record payload. Redaction patterns should be configurable per-deployment (different jurisdictions have different PII definitions).
Companion Issues
Companion issues will be filed on fips-agents/gateway-template, fips-agents/fips-agents-cli, and fips-agents/examples.
Size
M
Summary
Add immutable, structured audit records for every agent decision, tool call, and approval event — formatted for compliance officers (SOC 2, FedRAMP, HIPAA). This is distinct from distributed tracing (debugging) and metrics (operations). Audit logs must be append-only, tamper-evident, and support configurable PII redaction.
Requirements
AuditStoreABC with null/sqlite/postgres backendsAuditConfiginServerConfigGET /v1/auditendpoint with time range and filter queries (admin-only)FIPS Considerations
HMAC must use SHA-256 (FIPS-approved), not SHA-1. PII redaction is a compliance concern, not a FIPS concern.
Implementation Notes
Extends existing
TraceStoreinfrastructure with compliance-specific storage semantics. Same observer pattern —AuditCollectorwrapsastep_stream()and emits audit records for each significant event. The HMAC chain provides tamper evidence: each record's HMAC covers the previous record's HMAC plus the current record payload. Redaction patterns should be configurable per-deployment (different jurisdictions have different PII definitions).Companion Issues
Companion issues will be filed on fips-agents/gateway-template, fips-agents/fips-agents-cli, and fips-agents/examples.
Size
M