Span-tree drill-down
Each session renders as a tree of agent → sub-agent → tool calls, with input, output, decisions, classification, latency and cost inspectable on every node.
Agent Audit is three things in one: a permissive open-source SDK, a hardened managed ingestion API, and a catalogue of jurisdictional export packs that regulators, insurers, and auditors actually accept.
Wrap OpenAI Agents SDK, Claude Agent SDK, MCP, LangChain, CrewAI, or any bespoke agent in one line. Every tool call, model call, sub-agent spawn, decision, and external action becomes a tamper-evident receipt.
# pip install agentaudit
import agentaudit
agentaudit.init(
api_key="aa_live_...",
agent_id="claims_triage_v3",
)
# Your agent runs as normal —
# Agent Audit captures every action.
agent.run(customer_query)
# When the regulator asks, you have
# 1 click to an evidence pack.{
"event_id": "evt_8f2a4b...",
"agent_id": "claims_triage_v3",
"ts": "2026-06-07T14:23Z",
"action": {
"type": "tool_call",
"name": "lookup_customer",
"params_hash": "sha256:a1b2..."
},
"resource": {
"classification": ["PII", "financial"]
},
"redacted_input": "lookup [REDACTED]",
"redacted_output": "{age: 34, ...}",
"prev_hash": "sha256:c4d2...",
"signature": "30450221..."
}Each receipt is a small, signed JSON object containing only what an auditor needs to understand the action. Sensitive payloads are fingerprinted, not stored — the hash proves the data existed; redaction proves you didn't keep it.
"Show me every action this agent took on this customer between these dates" is the primary query — and the one your existing logs can't answer.
Each session renders as a tree of agent → sub-agent → tool calls, with input, output, decisions, classification, latency and cost inspectable on every node.
Agent, session, customer ID, data class, decision outcome, error, time range. All composable, all sub-second.
One click runs the full hash-chain verification across any range of receipts. Pass / fail is shown alongside the first break index for forensic precision.
Decision drift, unauthorised tool calls, data-class escalations and spend spikes are surfaced automatically and pushed to Slack or Microsoft Teams.
Webhook events into Splunk, Datadog, Microsoft Sentinel and Elastic — receipts live in your existing security telemetry pipeline.
Default storage is London. Bring-your-own S3 and full self-hosted options available for the enterprise tier — your data stays where your DPO says it should.
We maintain the export pack catalogue jurisdiction by jurisdiction. As regulations evolve, the packs evolve with them — no spreadsheet rewrites, no Excel macros, no consultant rebuilds.
High-risk system record-keeping evidence pack covering every operational obligation under Article 12.
Every action involving a named data subject + lawful basis. Article 22 ADM disclosures included.
Evidence demonstrating AI-driven service resilience for FCA-regulated UK firms.
Govern / Map / Measure / Manage evidence for US enterprise diligence.
Cyber and E&O policy claim evidence — incident timeline + affected receipts.
Quarterly governance summary, anomaly review, material decisions logged.
A 30-minute demo: we point the SDK at a sample of your agent code, generate the receipts, and walk you through the EU AI Act Article 12 pack as if your auditor were in the room.
Start free