Control CoreDocs

Audit vs Diagnostic Logs

Control Core intentionally separates audit and diagnostic data so each can be governed correctly.

Audit Logs (Compliance Record)

Audit logs answer who did what, when, and with what outcome.

  • Database-backed event history for user/admin/system actions
  • Used for compliance controls, investigations, and evidence
  • Includes policy change traceability (version and commit context when available)
  • Includes transaction-integrity fields (request correlation, decision source, latency, actor, and AI guardrail metadata)

Implementation note: By default, Control Core stores audit records in relational storage with retention controls.
Tamper-evident evidence mode (signed export manifests and immutable/WORM targets) is an enterprise deployment option and must be explicitly configured.

Single source of truth for decision history

Every PBAC decision — bouncer enforcement (AI_TRAFFIC_LOG, AI_POLICY_VIOLATION, AI_PII_REDACTION, generic allow/deny), Control Plane evaluation (POST /v1/decisions/evaluate), policy authoring/promotion, Control Bridge sync lifecycle, approval gates, and SIEM delivery — is written to the audit_logs table. It is the single surface that the audit UI, SIEM outbox, retention job, and long-term evidence exports read from.

Earlier internal builds carried a separate decision_requests table as a half-built parallel decision store; it was never wired to a router and was removed in the multi-environment overhaul. If you are upgrading from a pre-2026.04 build, the scrum_drop_decision_requests Alembic migration removes the legacy table; nothing in your retention, SIEM, or BI pipeline reads from it.

Per-environment retention (sandbox vs production vs custom envs) is configured under Settings → Logging & Retention and applies directly to audit_logs rows scoped by the environment column.

Diagnostic Logs (Behavior Trace)

Diagnostic logs answer how the system behaved during a request/incident.

  • High-fidelity operational and policy-evaluation context
  • Used for debugging, performance tuning, and PBAC root-cause analysis
  • Shared as secure packages or via approved external connectors (for example, Grafana/Splunk)
  • Off by default. Administrators turn subsystems on per-level from Settings → Diagnostic Logs. See Diagnostic Logs for the full workflow, export format, and purge semantics.

Data Handling Expectations

  • Treat audit logs as long-lived compliance evidence.
  • Treat diagnostics as scoped troubleshooting artifacts with bounded retention.
  • Apply redaction/masking policies consistently before sharing with support.
  • For SIEM pipelines, use durable outbox delivery and monitor pending/failed/dead-letter queue states.