Seal AuditAudit-first

Docs/Audit Trail

Audit trail

Every workflow execution produces a structured audit trail designed for compliance review and export.

What is recorded?

SealAudit records data at each workflow stage to provide a complete picture of what happened, when it happened, and who was involved.

Event timeline

Every scan and action is recorded as an ordered event from trigger through completion.

Actor and timestamp

Each event captures who performed it and when, with identity tied to the authenticated user.

Verification outcomes

Pass, fail, bypass, or error outcomes are recorded for each verification rule configured in the workflow version.

Version references

Each record references the exact workflow version and document versions in force at the time of execution.

Evidence payloads

Action outputs such as acknowledgements, form submissions, and check-in confirmations are stored as evidence.

Tamper-evident records

The audit trail is built on append-only principles. Each new event references the event that came before it, making unauthorized changes detectable.

  • Records are stored in an append-only structure -- existing entries cannot be modified or deleted.
  • Each event carries a hash reference to the previous event in the sequence, forming a chain.
  • Tampering with an earlier record breaks the chain and is detectable during audit review.
  • SealAudit does not claim legal-signature equivalence or guaranteed fraud prevention in MVP.

Proof boundaries

Understanding what the audit trail can and cannot prove helps compliance teams set appropriate expectations for reviewers.

What SealAudit can prove

  • A specific workflow version was deployed and active at the time of execution.
  • A known user triggered the workflow and which verification outcomes were recorded.
  • What actions were taken, when, and what evidence was captured.
  • Whether any verification step failed or was bypassed.
  • The exact workflow and document versions referenced in each execution.

What SealAudit does not claim

  • Legal-signature equivalence -- acknowledgements are not binding digital signatures in MVP.
  • Guaranteed prevention of misconduct -- policy compliance depends on configuration and supervision.
  • Broad third-party integration or offline execution support in MVP.

Review the audit model

See how the audit trail fits into the full compliance picture.