Summary
Teach users how to enable and configure tamper-evident audit logging for compliance requirements. Audit logging is distinct from tracing (debugging) and metrics (operations) — it produces an immutable, verifiable record of agent actions for regulatory and legal purposes.
Course Section Outline
- Difference between tracing (debugging), metrics (operations), and audit logging (compliance)
- Enabling the AuditStore and choosing a backend (sqlite for dev, postgres for production)
- HMAC chain for tamper detection — how each record signs over the previous hash
- PII redaction patterns — configuring what gets scrubbed before persistence
- Retention policies and scheduled purge jobs
- Querying audit records via the REST API
- Meeting compliance frameworks — SOC 2, FedRAMP, and HIPAA audit requirements
- Exporting audit records to SIEM systems (Splunk, Elastic) via structured log forwarding
Lab Exercise
Enable audit logging on an agent with sqlite storage. Perform several interactions including tool calls and approval workflows. Query the audit API to inspect records. Run the HMAC chain verification to confirm tamper-evidence integrity.
Companion Issues
Companion issues filed on fips-agents/agent-template, fips-agents/gateway-template, fips-agents/ui-template, and fips-agents/fips-agents-cli.
Size
S-M
Summary
Teach users how to enable and configure tamper-evident audit logging for compliance requirements. Audit logging is distinct from tracing (debugging) and metrics (operations) — it produces an immutable, verifiable record of agent actions for regulatory and legal purposes.
Course Section Outline
Lab Exercise
Enable audit logging on an agent with sqlite storage. Perform several interactions including tool calls and approval workflows. Query the audit API to inspect records. Run the HMAC chain verification to confirm tamper-evidence integrity.
Companion Issues
Companion issues filed on fips-agents/agent-template, fips-agents/gateway-template, fips-agents/ui-template, and fips-agents/fips-agents-cli.
Size
S-M