Audit Logging

Rivano maintains two complementary audit logs: a trace log for every proxied AI request, and a governance log for every control-plane mutation. Together they provide a complete, tamper-evident record of all AI activity and administrative changes in your tenant.

Trace log

Every request that passes through the Rivano gateway is recorded as a trace. The trace record contains:

FieldDescription
idUnique trace ID
agent_idThe agent that made the request
tenant_idTenant (enforced by RLS)
statussuccess or error
environmentAgent’s environment tag
session_idOptional session grouping
input_tokensTokens in the request
output_tokensTokens in the response
cost_usdCalculated cost
duration_msEnd-to-end latency
injection_scoreInjection risk score (0.0–1.0)
pii_detectedArray of detected entity types
policies_firedPolicies that matched and their actions
model_providerLLM provider used
model_nameModel name used
created_atUTC timestamp

Traces are immutable once written. The traces and trace_spans tables are append-only — no update or delete operations run against them during normal operation.

Span detail

Each trace contains one or more spans covering distinct pipeline stages:

  • queue — Time in queue before processing
  • policy_eval — Policy evaluation latency
  • provider — Time waiting for the LLM provider
  • pii_scan — PII detection latency
  • quality_score — Quality scoring latency

Span data lets you identify where latency is coming from — provider slowness vs. pipeline overhead.

Governance log

Every mutating operation on the control plane is recorded in the governance changelog:

EventLogged when
policy.createdA new policy is created
policy.updatedA policy is modified
policy.deletedA policy is deleted
agent.registeredAn agent is registered
agent.updatedAgent configuration is changed
key.createdAn API key is created
key.deletedAn API key is deleted
team.member_addedA user joins a team
team.member_removedA user is removed from a team
sso.configuredSSO settings are updated
retention.updatedRetention policy is changed

Each governance event records: actor (user ID + email), action type, resource type, resource ID, diff (before/after JSON), and timestamp.

Viewing the audit log

The Security → Audit Log page in the dashboard shows both trace events and governance events in a unified timeline. Filter by:

  • Actor — Which user performed the action
  • Action type — e.g. policy.created, agent.updated
  • Time range — Last 24h, 7d, 30d, or custom
  • Resource type — Policy, agent, key, team, etc.

Click any row to see the full event detail including the diff for governance events.

Retention

Trace and audit data is retained per your plan:

PlanRetention
Free7 days
Starter30 days
Pro90 days
Enterprise365 days (configurable)

You can configure a shorter retention period in Settings → Retention. Reducing retention takes effect immediately — data older than the new limit is deleted on the next cleanup cycle.

Retention changes are irreversible. Export data you need before reducing the retention period. Compliance reports generated before the change are not affected.

Export

Dashboard export

Go to Observability → Traces, apply any filters, and click Export. Rivano generates a JSONL file with one trace object per line.

API export

Query traces programmatically using the Traces API with date range filters:

# Export all traces from the last 30 days
curl "https://api.rivano.ai/api/traces?limit=1000&offset=0&startDate=2026-03-01&endDate=2026-04-01" \
  -H "Authorization: Bearer rv_api_..." \
  | jq '.data[]' > traces.jsonl

For large datasets, paginate using limit and offset until data.length < limit.

Governance log export

curl "https://api.rivano.ai/api/traces/stats?period=30d" \
  -H "Authorization: Bearer rv_api_..."

Compliance reports (SOC 2, GDPR, ISO 27001) can be exported as PDF or JSON from Security → Compliance → Generate Report.

Previous ← Policies Next Cost Tracking →