What is audited
| Event type | What’s captured |
|---|---|
| Authoring | Each contract change: who changed what, when, from what prior version to what new version |
| Workflow runs | Every run: trigger payload (PHI-processed), step-by-step execution, AI inference calls (model, prompt, response, tokens), integration calls (payload, response), data-change events emitted |
| Release lifecycle | Release request created, changeset snapshot, approval events (who approved, when), publish event |
| Entity mutations | Every write to an entity record: actor, actor type, field-level before/after values, timestamp |
| Agent invocations | AgentCaller identity, delegation chain, granted scopes, consent record ID |
| PHI handling | PHI detection events, anonymization events, re-identification events |
| Settings changes | Who changed which setting, old and new value |
Audit chain integrity
The audit chain is tamper-resistant. Each event is cryptographically linked to the prior event in the chain. Attempting to alter or delete a past audit record breaks the chain and is detectable. This architecture satisfies:- HIPAA — Audit controls (§164.312(b)) and access controls (§164.312(a)(1))
- HITRUST — Audit logging and monitoring controls
- SOC 2 Type II — Change management, logical access, and monitoring criteria
The project activity log
The project overview shows recent activity by default — a user-facing projection of contract-change audit events, with author attribution and links to the affected resource or run trace. This is the day-to-day view for the team building and operating the project. For deeper forensic review: open the Activity Log from the project overview to see the full history of every contract change and release for this project.Workflow run traces as audit artifacts
Every workflow run trace is a durable audit artifact. It shows:- The trigger payload (PHI-processed version)
- Every step, input, output, and side effect
- AI inference calls with model, token counts, and response metadata
- Data mutations with field-level before/after values
Release changelog
Every release generates an immutable changelog entry:- The plain-language summary of what the release does (auto-generated by the system, editable by the author before confirmation)
- The per-resource diff
- The approval record (who approved, when)
- The changeset snapshot
PHI in audit records
AI Studio applies PHI policy at the point of ingestion. Raw PHI is never written to audit records. The sequence:- Trigger payload received (or form submission, or integration event)
- PHI detection scans the payload
- PHI is anonymized before the workflow executes and before the trace record is written
- The workflow operates on the anonymized payload
- Re-identification (if needed for output) happens under controlled conditions with its own audit event
- The trace records the anonymized payload and the re-identification event (if any), never the raw PHI
BAA requirement
AI Studio is available to all paid tiers. Running workflows that process PHI requires:- A signed Business Associate Agreement (BAA) with HASP. Sign in Settings → Compliance.
- PHI policy configured for the project (default for healthcare orgs with a BAA: strict).
Exporting audit data
From Settings → Compliance → Audit Export:- Export the full project audit log for a date range in structured JSON
- Export individual run traces
- Export the release changelog