How Auditors Verify Our Work
FinAdvantage produces a complete, tamper-evident audit trail for every agent decision. This page shows you exactly what data is recorded, how it is structured, and how to export it for audit documentation.
The Five-Stage Audit Trail
Every workflow execution passes through five audit-gated stages. Each stage writes an immutable record to the execution trace.
Every user message is parsed by the SupervisorAgent. The intent is classified, decomposed into sub-tasks, and routed to specialized SkillAgents. This decision tree is logged.
SupervisorAgent reads the conversation context, classifies intent (bank_reconcile, invoice_extract, journal_entry, etc.), and emits a routing decision with confidence score. Stored in AgentTrace.route_decision.
Each tool runs inside a sandboxed execution harness. The harness captures the tool name, parameters, raw response, and any errors — with nanosecond-level timestamps.
Sandbox captures: tool_id, tool_name, parameters (redacted of sensitive values), execution_duration_ms, result_size_bytes, error_type, error_message. Written to ToolInvocation table before response returns.
Any write operation to your ERP passes through the HumanReviewNode. The workflow pauses, an alert is posted to the dashboard, and the item appears in your review queue with full context.
HumanReviewHistory stores: review_requested_at, reviewed_by, action (APPROVED/REJECTED/EDITED), edited_parameters (if any), comments. The review decision gates the write-back operation.
Approved write operations are posted to your ERP. FinAdvantage immediately reads the record back to confirm it was posted correctly. Transient failures are retried up to 3× before surfacing an exception.
erp_write_with_retry.py: POST → READ_BACK → if mismatch, retry with exponential backoff. Final status written to PipelineExecutionEvent with verification_confirmed=True/False.
Every execution can be exported as a timestamped, tamper-evident PDF or CSV. The export includes the original input, every agent decision, every tool call, every review action, and the final ERP confirmation.
Exports are generated from PipelineExecution + PipelineExecutionStep + ToolInvocation + HumanReviewHistory joined data. Signed with HMAC-SHA256 to detect post-export tampering. Complies with SOX, SSAE 18, AICPA TIA 505.
The Audit Data Model
Eight first-class tables power the audit trail. Every row is timestamped, attributed to an organization, and immutable.
AgentTraceRoot trace for every agent execution. Contains intent classification, routing decision, model used, and total token count.
ExecutionTraceStep-level trace for each agent sub-task. Nested under AgentTrace. Contains reasoning chain and intermediate outputs.
PipelineExecutionPipeline run record. Contains pipeline version, triggering user, start/end timestamps, and final outcome.
PipelineExecutionStepIndividual step within a pipeline run. Links to the skill or tool executed, input/output hashes, and duration.
ToolInvocationEach atomic tool call. Parameters (redacted), response size, duration, and error state. Timestamped to the nanosecond.
HumanReviewHistoryHuman review decisions for write-gated operations. Reviewer identity, decision, comments, and any edited parameters.
PipelineCheckpointNamed checkpoints within a pipeline. Used for pause/resume and for auditors to identify key approval points.
ExecutionFeedbackEnd-user feedback on agent outputs. Thumbs up/down plus optional comment. Fed into PatternMatch for adaptive learning.
Per-Org MCP Isolation
Your ERP OAuth tokens run in a dedicated subprocess. No other organization shares your process, memory, or credentials.
┌─────────────────────────────────────────────────────────────────────┐ │ FinAdvantage AI Platform │ ├─────────────────────────────────────────────────────────────────────┤ │ │ │ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ │ │ Org-A │ │ Org-B │ │ Org-C │ │ │ │ (Tenant) │ │ (Tenant) │ │ (Tenant) │ │ │ └──────┬───────┘ └──────┬───────┘ └──────┬───────┘ │ │ │ │ │ │ │ ▼ ▼ ▼ │ │ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │ │ │ MCP Subproc A│ │ MCP Subproc B│ │ MCP Subproc C│ │ │ │ (Isolated) │ │ (Isolated) │ │ (Isolated) │ │ │ │ │ │ │ │ │ │ │ │ QB Creds A │ │ QB Creds B │ │ QB Creds C │ │ │ │ Xero Creds A │ │ Xero Creds B │ │ Plaid Creds C │ │ │ └──────────────┘ └──────────────┘ └──────────────┘ │ │ │ │ No shared state. No shared memory. No credential leakage. │ │ Circuit breakers: 3 crash → 5min coolown → max 50 subprocesses │ └─────────────────────────────────────────────────────────────────────┘
Compliance Standards
The audit trail satisfies requirements from the following frameworks out of the box.
Every journal entry, approval, and modification timestamped and attributable to a specific user or agent decision.
Controls over data isolation, encryption at rest, and access logging documented in the security architecture.
Prepared by Client (PBC) list can be auto-generated from prior period audit trail, reducing request list churn.
Annual independent audit of security, availability, and confidentiality controls. Audit reports available to enterprise customers under NDA.
Full data export and right-to-erasure APIs. EU data residency available for enterprise customers.
Healthcare addendum available for enterprise plans with BAA support.
Need the Full Audit Package?
Enterprise customers can request the complete audit documentation package including data dictionary, schema diagrams, sample audit exports, and a call with our security team.