On this page
Audit and Evidence
AI execution should produce evidence that a reviewer can understand later. AIF audit contracts support this by recording request context, policy outcomes, provider selection, execution metadata, and review signals.
Audit Record Contents
Audit records should include:
- correlation ID
- workspace or tenant context
- requesting user or service identity
- provider and model
- prompt key and version
- policy decision
- timing, token, and cost metadata where available
- evaluation outcome
- review status
Privacy Boundary
Do not log sensitive user content unless your governance policy explicitly requires it and the storage path is permission checked. Prefer references, hashes, or redacted excerpts when full prompt and response content is not needed.