AUDIT VAULT

Every step signed. Every decision explainable.

Tamper-evident HMAC-SHA256 trace. Downloadable decision receipts. Offline verification with one CLI command — auditors never call home.

Book a demo Read the audit API →

Trace timeline

Eight step types. One request. One signed trace.

Step types

Every stage of a request is an explicit step.

REQUEST_RECEIVED

Input messages, target model, available tools

LLM_CALL

Prompt/completion/total tokens, finish reason, provider URL, latency, cost

TOOL_PROPOSED

Tool name, arguments preview, hash, connection

POLICY_DECISION

ALLOW/MODIFY/BLOCK, score, block reason, modifications, access config snapshot

TOOL_EXECUTED

Success, duration, result preview, data volume

SECURITY_SCAN_INPUT

Shield pre-LLM verdict with mode (enforce | log_only)

SECURITY_SCAN_OUTPUT

Shield post-LLM verdict

SECURITY_BLOCKED

Blocked verdicts surfaced as a dedicated step for faster triage

Decision receipt

Download a receipt. Verify offline.

receipt.json

{
  "trace_id": "trace_01HQ5V8K3P7Z2MJR9",
  "decision": "BLOCK",
  "key_id": "vsk_prod_04",
  "tool": "postgres.query",
  "score": 8,
  "triggered_checks": [
    {
      "id": "CHK-002",
      "detail": "DELETE not in allowed_operations [SELECT]"
    }
  ],
  "modifications_applied": [],
  "request_hash": "sha256:3b2d…91a",
  "signed_at": "2026-04-15T09:41:22Z",
  "signature": "hmac-sha256:a7b9c2…4f8e"
}

$verosek-verify-receipt receipt.json→VALID

verify

$ verosek-verify-receipt receipt.jsonreading receipt.json ...
signature:   hmac-sha256:a7b9c2...4f8e
signed at:   2026-04-15T09:41:22Z
request_hash match: ok
triggered_checks well-formed: ok
signature verifies: ok

VALID

HMAC design

For CISOs: how the signature actually works.

Each trace row is serialised canonically and signed with an HMAC-SHA256 key held in the gateway’s config secret. The signature covers the entire row content, the previous row’s signature, and a monotonic sequence number — producing a hash chain that detects insertion, deletion, and reordering.

Decision receipts ship the same signature plus a copy of the verification key’s public fingerprint. The verosek-verify-receipt CLI checks the chain offline — no network call to Verosek.

Keys rotate on a configurable schedule. Rotation writes a rollover row so historical traces remain verifiable under the retiring key.

Auditors verify offline. Operators sleep better.

FAIL_CLOSED by default. Every tool call scanned. Every decision signed.

Book a demo Read the audit API reference →