Audit log
Gamut records state-changing actions in an audit log. It gives every workspace an accountable record of what happened, who did it and when, which is essential for a platform whose whole purpose is defensible governance.
Written before the action returns
Section titled “Written before the action returns”Auditing is not an afterthought in Gamut. Every state-changing API handler writes its audit entry before it returns, so a successful change and its audit record are inseparable. The log captures the actions that change governance state, creating or updating AI systems, running assessments, managing evidence and findings, changing users and roles, agentic governance decisions, rather than routine read-only activity.
Actions that mandate an audit record
Section titled “Actions that mandate an audit record”A defined set of high-sensitivity permissions require an audit entry. These are the actions where after-the-fact accountability matters most:
- Access control: granting or revoking roles.
- Risk decisions: formal risk acceptance, and risk-register export.
- Findings: deleting or exporting findings.
- Exports: report, workpaper, evidence and audit-log exports.
- Gateway: altering enforcement decisions, and deleting simulations.
- Policy: generating, publishing or deleting policy documents.
- Agents: deleting an agent, and ATF promotion or approval-gate sign-off.
- Platform and billing: tenant provisioning and lifecycle, billing changes, SSO configuration, and platform user or role management.
Marking these as audit-required in the permission model means the obligation travels with the permission, it cannot be forgotten when a new endpoint is added.
Why it matters
Section titled “Why it matters”The audit log is part of what makes Gamut governance trustworthy:
- Accountability. Every entry is attributable to a user and a time.
- Reviewability. Internal audit and reviewers can see how the governance record came to be what it is.
- Integrity. A consistent record of changes supports investigation and assurance.
It complements the evidence and findings model: evidence proves the state of controls, while the audit log proves the history of actions. Exporting the audit log is itself an audited action.
Runtime evidence for agents
Section titled “Runtime evidence for agents”For agentic AI, the equivalent record is the runtime evidence captured as every agent action passes through Gateway and flows back to Agentic CISO, alongside the tamper-evident, hash-chained journal that Claw keeps per task. Together, the audit log and runtime evidence give a complete account of both human and agent activity.
- Users & roles: who can take audited actions.
- Evidence & findings: the proof behind governance claims.
- Security & data handling: how Gamut protects this data.