Audit Log
Signed, append-only event history
Audit log viewer coming soon
The full audit log viewer (filter, search, signed-payload inspection) is on the V1 roadmap. Audit events are recorded today for every evaluation, verification, simulation, publish, OAuth install, and webhook intake.
What is recorded
Every audit event is HMAC-SHA256 signed synchronously before write. RLS scopes retrieval to the calling merchant. No PII is ever persisted — only hashed DOB and structured event payloads.
Event types
evaluation, block, require_verification, verification, publish, simulation_run, oauth_install, webhook_received, pii_rejected, pii_carveout_used, and rate_limit_exceeded.