Registry updated. Last 30 days: 14,280 decisions recorded across 6 active agents. Breakdown: 11,920 silent pass, 1,840 flag, 520 block.
AGENT · AUDIT RECORDER
Every automated runtime decision stays in the SQL-queryable registry.
Audit Recorder is the native agent of the Polyant runtime. It records every automated decision made by each agent in a registry on dedicated PostgreSQL tables. DPOs, compliance officers, and external auditors query the registry with any standard SQL client — even months after the decision was made.
Audit Recorder at work.
I need the export for the supervisory inspection: all block decisions by Compliance Scan over the past 12 months, document type corporate contract.
Query ready. Filter: agent=compliance-scan, type=block, category=corporate-contract, range=12 months. Result: 1,247 records with rule triggered, outcome, rationale, timestamp. CSV export available.
Why it exists.
Auditability of automated decisions is one of the most structural regulatory requirements for AI systems in regulated sectors. GDPR Art. 22 requires traceability of automated decisions affecting individuals. The AI Act mandates automatic logging for high-risk systems. EU sector regulators require audit log accessibility for inspection.
What it records for every decision.
Audit Recorder is the native Polyant runtime agent that records every decision made by each agent. Per decision: runtime identifier, agent identifier, conversation identifier, pipeline phase (input governance, output governance, tool call), gate type triggered, policy applied, outcome (allow, block, warn), confidence, structured rationale, evidence (JSONB), timestamp.
The decision stays with the team.
The registry lives in dedicated PostgreSQL tables inside the customer's own database. DPOs, compliance officers, and auditors query it with any standard SQL client (DBeaver, psql, DataGrip) — months after the fact, without going through a vendor-proprietary console.
Three control functions that find the evidence ready when they need it.
DPO
Has the inspectable trace for GDPR Art. 22 audits on automated decisions. For data subject requests (Art. 15 right of access, Art. 22 right not to be subject to automated decision-making), the response is built directly from the registry.
fnol.receive 09:14:22 ALLOW
triage.classify 09:14:25 ALLOW
idd.check 09:14:31 WARN
liquidation.propose 09:15:02 ALLOW
SELECT * FROM audit_log WHERE claim_id = '2024-0847'
Sector compliance officer
Banking, insurance, healthcare, utilities: has structured evidence for periodic audits or spot inspections. The export for the inspector is a standard SQL query.
Proposal no. 2024-081 In review
Missing disclosure
MiFID II art. · regulated financial instrument
Alt. 1 …in compliance with MiFID II and applicable supervisory provisions.
Alt. 2 …with full disclosure attached to the offer document.
Audit trace recorded · 14:31
External auditor
Audit firms and certifying bodies can run their own audit directly against the registry using their own tools, without depending on the vendor. The agent is the core audit pattern of the runtime, applicable across sectors.
10 active controls
policy.evaluate 14:02:11 ALLOW
pii-detector 14:01:58 BLOCK
tool.invoke 14:01:42 WARN
memory.write 14:01:09 BLOCK
An inspection that closes in hours, not weeks.
Tens of thousands of decisions per month, all in the registry.
A bank with six Polyant agents in production (Compliance Scan, RevOps Brief, KYC/AML, Wealth Copilot, Branch Customer Care, AI Act High-Risk Validator) has its audit registry handling tens of thousands of decisions per month. Every event from the six agents is already there, ready to be queried.
The compliance officer opens their SQL client and runs the query.
A banking supervisor asks the bank, during a routine audit, for evidence of the automated decisions made by Compliance Scan on corporate contracts over the past 12 months. The bank's compliance officer opens their standard SQL client, runs a query against the audit registry filtered by document type corporate contract and time range previous 12 months. The output is structured: document type, rules triggered, outcome (pass / flag / block), rationale, alternatives proposed, final decision by the relationship manager.
The inspector reviews, asks specific questions, receives answers grounded in records.
The export goes to the inspector as CSV or JSON following the bank's standard procedure. The inspector reviews the data, asks specific questions, receives answers grounded in records. The audit closes in a few hours rather than weeks.
Active by default in the runtime, retention configurable per sector.
The agent is native to the Polyant runtime and requires no separate editorial configuration. The audit registry tables are created automatically at runtime startup. Retention is configurable per instance according to the customer's regulatory constraints (e.g., 10 years for banking supervisors, 5 years under insurance regulations, sector-specific retention for electronic health records).
- Language
- TypeScript (Node.js)
- Underlying system
- PostgreSQL 16 (dedicated tables: governance_events, pipeline_traces, ai_logs)
- Audit schema
- public, documented at /docs/governance
- Retention
- configurable per instance, aligned with the customer's regulatory constraints
- Encryption at rest
- managed by the customer on the database (Polyant does not manage DB encryption directly)
- Query
- standard SQL client (DBeaver, psql, DataGrip)
- Exposure
- append-only, no API to modify or delete records
- Registry
- immutable, queryable with a standard SQL client
Frequently asked questions about the agent.
The registry is append-only on the PostgreSQL database. Polyant exposes no API to modify or delete records. The technical guarantee of immutability rests with the customer: anyone with administrative access to the database can technically alter data with direct SQL. For audits that require absolute protection, the configuration of database access policies is the responsibility of the customer's IT team.
The export is a standard SQL query configurable by the customer's compliance team. Typical patterns: filter by time range, by agent type, by decision type, by specific individual (for Art. 22 GDPR audits on a data subject). Output in CSV, JSON, or Excel depending on the tool used.
Audit Recorder is native to the Polyant runtime and has no separate cost. The PostgreSQL storage the customer's database consumes grows with decision volume, but it is managed by the customer in their own infrastructure (self-hosted) or in Exelab's managed infrastructure, depending on the chosen profile.
The agent is active by default. No explicit activation is required. Retention rules are decided during delivery or as part of the managed service.
From a 30-minute conversation to the squad in production.
A 30-45 minute conversation to understand how Audit Recorder would be configured for the customer's case. Retention policy, export schema for inspection, integration with the customer's audit processes.