Audit Logging

Every operation in the Memory Scope API is logged in a comprehensive audit trail. This ensures compliance, security, and complete transparency.

What is Audit Logging?

Audit logging records every operation performed through the API, including memory creation, reads, revocations, and policy denials. Each audit event contains detailed information about what happened, when it happened, and who initiated it.

Compliance Ready

Comprehensive audit logging is essential for GDPR, SOC 2, and other compliance requirements. The audit trail provides a complete record of all data access and modifications.

What Gets Logged?

The following events are logged in the audit trail:

MEMORY_CREATE

When a memory is created

Logged Fields:

user_idscopedomainapp_idtimestamp

MEMORY_READ

When memories are read

Logged Fields:

user_idscopedomainpurposememory_idsrevocation_grant_id

MEMORY_REVOKE

When access is revoked

Logged Fields:

revocation_grant_iduser_idscopedomain

POLICY_DENIED

When a read is denied by policy

Logged Fields:

user_idscopepurposereason_code

Audit Event Structure

Each audit event contains the following information:

Example Audit Event

{
  "id": "audit_abc123...",
  "event_type": "MEMORY_READ",
  "app_id": "app_xyz789...",
  "user_id": "user123",
  "scope": "preferences",
  "domain": "food",
  "purpose": "generate food recommendations",
  "purpose_class": "recommendation",
  "memory_ids": [
    "mem_001",
    "mem_002"
  ],
  "revocation_grant_id": "grant_xyz...",
  "created_at": "2026-01-27T10:15:23Z",
  "reason_code": null,
  "meta": {
    "max_age_days": 30,
    "confidence": 0.85
  }
}

Use Cases

Compliance & Regulatory Requirements

Audit logs provide the documentation needed for GDPR, SOC 2, HIPAA, and other compliance frameworks. You can demonstrate who accessed what data and when.

Security Monitoring

Monitor for suspicious activity, unauthorized access attempts, and policy violations. Identify patterns that might indicate security issues.

Debugging & Troubleshooting

When issues arise, audit logs provide a complete history of operations. Trace exactly what happened leading up to a problem.

User Data Requests

When users request their data (GDPR right to access), audit logs help you identify all data associated with a user and provide a complete history.

Querying Audit Logs

Audit logs can be queried through the API (when available) or accessed directly from the database. Common queries include:

By User: Find all operations for a specific user
By Scope: Track all access to a particular scope
By Time Range: Get events within a specific time period
By Event Type: Filter by operation type (create, read, revoke)
Policy Violations: Find all denied access attempts

Note: Audit log querying will be available through the developer console in a future release.

Data Retention

Audit logs are retained according to your compliance requirements. The default retention period is configurable, and logs can be exported for long-term storage if needed.

For GDPR compliance, audit logs should be retained for at least the duration required by your jurisdiction, typically 6-7 years for financial data or as specified by your legal requirements.

Best Practices

Regular Review: Periodically review audit logs to identify unusual patterns or security issues.
Export for Compliance: Export audit logs regularly for compliance documentation and long-term storage.
Monitor Policy Denials: Track policy denials to identify application bugs or misconfigurations.
User Data Requests: Use audit logs to quickly respond to user data access or deletion requests.
Security Alerts: Set up alerts for suspicious patterns, such as multiple policy denials or unusual access patterns.