Skip to main content
For Auditors & CFO IT

How Auditors Verify Our Work

FinAdvantage produces a complete, tamper-evident audit trail for every agent decision. This page shows you exactly what data is recorded, how it is structured, and how to export it for audit documentation.

The Five-Stage Audit Trail

Every workflow execution passes through five audit-gated stages. Each stage writes an immutable record to the execution trace.

01 — Intent Classification

Every user message is parsed by the SupervisorAgent. The intent is classified, decomposed into sub-tasks, and routed to specialized SkillAgents. This decision tree is logged.

SupervisorAgent reads the conversation context, classifies intent (bank_reconcile, invoice_extract, journal_entry, etc.), and emits a routing decision with confidence score. Stored in AgentTrace.route_decision.

[SupervisorAgent] intent=bank_reconcile confidence=0.94 → [SkillAgent: bank_reconciliation]
02 — Tool Execution Harness

Each tool runs inside a sandboxed execution harness. The harness captures the tool name, parameters, raw response, and any errors — with nanosecond-level timestamps.

Sandbox captures: tool_id, tool_name, parameters (redacted of sensitive values), execution_duration_ms, result_size_bytes, error_type, error_message. Written to ToolInvocation table before response returns.

[ToolExecutionHarness] tool=match_by_amount_tolerance params={amount: "1,234.56", tolerance: 0.02} duration_ms=14 result={match_id: "TXN-789", confidence: 0.97}
03 — Human Review Node

Any write operation to your ERP passes through the HumanReviewNode. The workflow pauses, an alert is posted to the dashboard, and the item appears in your review queue with full context.

HumanReviewHistory stores: review_requested_at, reviewed_by, action (APPROVED/REJECTED/EDITED), edited_parameters (if any), comments. The review decision gates the write-back operation.

[HumanReviewNode] PAUSED action=CREATE_JOURNAL_ENTRY target=QuickBooks JournalEntry reviewed_by=null status=PENDING_APPROVAL
04 — ERP Write-Back with Read-Back

Approved write operations are posted to your ERP. FinAdvantage immediately reads the record back to confirm it was posted correctly. Transient failures are retried up to 3× before surfacing an exception.

erp_write_with_retry.py: POST → READ_BACK → if mismatch, retry with exponential backoff. Final status written to PipelineExecutionEvent with verification_confirmed=True/False.

POST /api/v3/journal_entries → 201 Created → READ_BACK: GET /api/v3/journal_entries/{id} → 200 OK, matches POST payload → PipelineExecutionEvent.verified = true
05 — Full Audit Trail Export

Every execution can be exported as a timestamped, tamper-evident PDF or CSV. The export includes the original input, every agent decision, every tool call, every review action, and the final ERP confirmation.

Exports are generated from PipelineExecution + PipelineExecutionStep + ToolInvocation + HumanReviewHistory joined data. Signed with HMAC-SHA256 to detect post-export tampering. Complies with SOX, SSAE 18, AICPA TIA 505.

Audit Export — finadvantage_audit_2026-05-14.pdf ├─ Conversation: "Reconcile Acme Corp operating account" ├─ AgentTrace (n=4) ├─ ToolInvocation (n=12) ├─ HumanReviewHistory (n=3, all APPROVED) └─ ERP Confirmation (n=3, all VERIFIED)

The Audit Data Model

Eight first-class tables power the audit trail. Every row is timestamped, attributed to an organization, and immutable.

AgentTrace
1 per conversation turn

Root trace for every agent execution. Contains intent classification, routing decision, model used, and total token count.

ExecutionTrace
1 per skill execution

Step-level trace for each agent sub-task. Nested under AgentTrace. Contains reasoning chain and intermediate outputs.

PipelineExecution
1 per pipeline run

Pipeline run record. Contains pipeline version, triggering user, start/end timestamps, and final outcome.

PipelineExecutionStep
1 per step per run

Individual step within a pipeline run. Links to the skill or tool executed, input/output hashes, and duration.

ToolInvocation
1 per tool call

Each atomic tool call. Parameters (redacted), response size, duration, and error state. Timestamped to the nanosecond.

HumanReviewHistory
1 per review action

Human review decisions for write-gated operations. Reviewer identity, decision, comments, and any edited parameters.

PipelineCheckpoint
1 per named checkpoint

Named checkpoints within a pipeline. Used for pause/resume and for auditors to identify key approval points.

ExecutionFeedback
1 per feedback event

End-user feedback on agent outputs. Thumbs up/down plus optional comment. Fed into PatternMatch for adaptive learning.

Per-Org MCP Isolation

Your ERP OAuth tokens run in a dedicated subprocess. No other organization shares your process, memory, or credentials.


┌─────────────────────────────────────────────────────────────────────┐
│                    FinAdvantage AI Platform                            │
├─────────────────────────────────────────────────────────────────────┤
│                                                                     │
│   ┌──────────────┐     ┌──────────────┐     ┌──────────────┐        │
│   │   Org-A     │     │   Org-B     │     │   Org-C     │        │
│   │  (Tenant)   │     │  (Tenant)   │     │  (Tenant)   │        │
│   └──────┬───────┘     └──────┬───────┘     └──────┬───────┘        │
│          │                    │                    │                │
│          ▼                    ▼                    ▼                │
│   ┌──────────────┐     ┌──────────────┐     ┌──────────────┐        │
│   │ MCP Subproc A│     │ MCP Subproc B│     │ MCP Subproc C│        │
│   │ (Isolated)   │     │ (Isolated)   │     │ (Isolated)   │        │
│   │              │     │              │     │              │        │
│   │ QB Creds A   │     │ QB Creds B   │     │ QB Creds C   │        │
│   │ Xero Creds A │     │ Xero Creds B │     │ Plaid Creds C │        │
│   └──────────────┘     └──────────────┘     └──────────────┘        │
│                                                                     │
│   No shared state. No shared memory. No credential leakage.         │
│   Circuit breakers: 3 crash → 5min coolown → max 50 subprocesses    │
└─────────────────────────────────────────────────────────────────────┘
Per-tenant credential storage with AES-256 encryption at rest
MCP subprocess spawned per organization — no shared memory
SOC 2 Type II certified infrastructure and data handling

Compliance Standards

The audit trail satisfies requirements from the following frameworks out of the box.

SOX

Every journal entry, approval, and modification timestamped and attributable to a specific user or agent decision.

SSAE 18

Controls over data isolation, encryption at rest, and access logging documented in the security architecture.

AICPA TIA 505

Prepared by Client (PBC) list can be auto-generated from prior period audit trail, reducing request list churn.

SOC 2 Type II

Annual independent audit of security, availability, and confidentiality controls. Audit reports available to enterprise customers under NDA.

GDPR

Full data export and right-to-erasure APIs. EU data residency available for enterprise customers.

HIPAA

Healthcare addendum available for enterprise plans with BAA support.

Need the Full Audit Package?

Enterprise customers can request the complete audit documentation package including data dictionary, schema diagrams, sample audit exports, and a call with our security team.

View Security Page