Audit Trail

Every PR Veriva analyzes produces an append-only JSONL audit trail capturing every stage event, every LLM call (prompt, response, tokens, cost), every rule firing, and every config read. Combined with per-finding provenance, you can answer "why did this PR pass" with full evidence months after the fact.

Two complementary surfaces

Per-finding provenance answers "why does this finding exist" — visible in every PR comment. Per-PR JSONL trail answers "what did the pipeline actually do" — visible to admins and exportable.

Per-finding provenance

Stage 9 (Explain) attaches a provenance object to every finding written to the database. Renders inline in the PR comment as [stage:rule] message with click-through to AI call detail for owners and admins.

{
  "stage": "AI_REVIEW",
  "ruleId": null,
  "promptVersionId": "pv_2k4j8...",
  "aiCallLogId": "ac_9q1m2...",
  "modelId": "us.anthropic.claude-sonnet-4-6",
  "evidence": "if (user.role == 'admin') { eval(req.body.code) }",
  "lineRange": "src/api/admin.ts:142-145"
}

For static-stage findings, ruleId is set and the AI fields are null:

{
  "stage": "STATIC",
  "ruleId": "security/eval-on-user-input",
  "promptVersionId": null,
  "aiCallLogId": null,
  "evidence": "eval(req.body.code)",
  "lineRange": "src/api/admin.ts:144"
}

Cross-check and Deep Audit badges

Findings carry status flags from later stages. The PR comment renders these as inline badges:

Disputed by cross-check — a finding the disputer model demoted at stage 5.
Confirmed by deep audit — a CRITICAL or disputed finding revisited and upheld at stage 6.
Auto-fix available — stage 7 produced a patch the author can apply.

Per-PR JSONL trail

Path: /var/veriva/audit/<orgId>/<prId>.jsonl (configurable via VERIVA_AUDIT_PATH). One line per event, ISO-8601 timestamp first, then a structured payload. Append-only — nothing in Veriva ever rewrites a line.

Event types you'll see:

pipeline_start / pipeline_end
stage_start / stage_end
config_read — every SystemConfig key read during the run
ai_call — full prompt, response, model ID, token counts, cost
rule_fire — static rule matched, with rule ID and evidence
finding_emit — a finding written, with full provenance
policy_eval — merge policy evaluation with conditions matched
budget_check — running cost vs ceiling

Example line

{"ts":"2026-04-19T14:22:01.143Z","event":"ai_call","stage":"AI_REVIEW","pipelineRunId":"pr_8h3k...","traceId":"tr_92m...","model":"us.anthropic.claude-sonnet-4-6","promptVersionId":"pv_2k4j8...","inputTokens":4218,"outputTokens":612,"costUsd":0.0094,"latencyMs":3421,"cacheReadTokens":3800}

Audit log (write actions)

Separate from the JSONL pipeline trail, the AuditLog table records every write action across the org: member invites, role changes, policy edits, hook edits, billing changes, API key ops, impersonation start/stop, data export. Visible to OWNER and ADMIN at Settings → Audit log with date-range filter, action-type filter, and CSV export.

Retention

Source	Retention
JSONL pipeline trail (local disk)	1 year, then S3 archive (v2)
`AICallLog` table	90 days
`AuditLog` table	1 year
`PRReviewOutcome`	Indefinite

Customer access to JSONL

The JSONL trail is on Veriva infrastructure today. Self-serve customer export of the JSONL for a given PR is on the roadmap — for now request via support@veriva.dev. The full org data export (Settings → General → Data) does include all findings, audit log entries, and AI call summaries.

Models

Roles & Access