molecule-ai/docs
35
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
86fa0e9ec3
docs/content/blog/2026-04-21-audit-trail-panel/index.mdx
molecule-ai[bot] 04732e3fe6
docs(blog): add waitlist page and audit trail panel posts (#53) 
Squash-merge: waitlist page + audit trail panel blog posts. Acceptance: published on docs.
2026-04-21 00:23:16 +00:00

64 lines
4.8 KiB
Plaintext
Raw Blame History

---
title: "See Every Decision Your AI Agents Make: Audit Trail Panel Ships on Canvas"
description: "Molecule AI Canvas now shows a live audit ledger for every workspace — delegation events, decision calls, human-in-the-loop gates, and tamper-evident chain integrity markers."
publishedAt: 2026-04-21
---
> "We need to show our security team that our agent is making decisions the way we configured it — not going off-script. A screenshot of a chat log isn't going to cut it."
>
> — Platform engineer at a Series B fintech, describing what a compliance review needs before they'll approve agent workflows in production
That's the ask. Not "show me the logs." Not "export a CSV." Show me what your agent actually did, in a form that a non-engineer can read and a compliance officer can sign off on.
The Audit Trail Panel ships that answer directly into the Molecule AI Canvas.
## What's in the Audit Trail
Every workspace now has a live ledger accessible from the SidePanel's **Audit** tab. Each entry in the trail captures a discrete event in the agent's operational history:
- **Delegation** — when the agent handed a task to another workspace. Who delegated to whom, when, and what the task was.
- **Decision** — when the agent made a consequential call: choosing a tool, routing a request, deciding to escalate.
- **Gate** — a human-in-the-loop checkpoint. When the agent paused for human approval before proceeding, what the human decided.
- **HITL** — a broader human-in-the-loop event, covering review flows and approval sequences.
Each entry is color-coded by type, making it immediately visible at a glance whether you're looking at a routine delegation or a human-authorized escalation. The panel supports cursor-based pagination — "Load more" appends the next page, so there's no hard ceiling on how far back the trail goes.
## Tamper Evidence: Chain Validity Indicators
Here is the feature that separates an audit log from an audit trail.
Each entry carries a `chain_valid` flag. When the Molecule AI backend detects that an event's cryptographic chain has been broken — that the entry may have been modified, deleted, or inserted after the fact — the ledger renders a red ⚠ indicator with accessible `aria-label` and `title` text.
This is not a real-time intrusion detection system. It is evidence. When an auditor asks "can you prove this log wasn't altered after the fact?", the chain validity indicator is the answer.
## Filtering by Event Type
The filter bar at the top of the Audit Trail panel lets you isolate a single event type — all Delegation events, all Gates, all HITL checkpoints. Clicking a filter resets the page and re-fetches with the `?event_type=` parameter. The active filter shows `aria-pressed` state for accessibility.
For compliance workflows, this means: "show me every human-in-the-loop gate this agent passed in the last 30 days" is one filter click and one scroll.
## Enterprise Observability: The Layer Above Fleet Visibility
Phase 30 gave operators fleet visibility — the ability to see every agent, everywhere, on one canvas. The Audit Trail Panel gives them **operational visibility**: the ability to understand *what happened* inside any individual agent's session, after the fact.
These two features layer on top of each other. Fleet visibility tells you where your agents are and what state they're in right now. The audit trail tells you what they did, what decisions they made, and whether those decisions were authorized.
For enterprises deploying AI agents in regulated environments — financial services, healthcare, legal ops, infrastructure — this is the observability stack that makes a production deployment defensible.
## Where the Audit Trail Fits in the Phase 30 Story
Phase 30 shipped per-workspace bearer tokens, giving every agent a cryptographic identity. The Audit Trail Panel is the observability layer that makes that identity useful: every API call made with a per-workspace token is now attributable to a specific agent, in a specific session, with a specific outcome.
Combined with org-scoped API keys (which carry audit prefixes across every API call at the org level), Molecule AI now has a two-layer audit story: token-level attribution in API logs, and event-level attribution in the Canvas audit trail. Teams running production agents can answer "which agent did what, when, and was it authorized?" without stitching together a custom logging pipeline.
## Get Started
The Audit Trail Panel is live on all Canvas instances as of the 2026-04-17 release.
- Open any workspace on the Canvas
- Click the **Audit** tab (⊟) in the SidePanel
- Filter by event type, scroll back through the history
- Look for the ⚠ indicator to confirm chain validity
The panel requires no configuration, no plugin install, and no export step. It's already there.
Reference in New Issue View Git Blame Copy Permalink