Valta Docs
Audit Trail
Every action on Valta creates an audit entry. Entries are immutable. No one can delete or modify them — including you.
Why immutability matters
When an agent goes rogue or an unexpected charge appears, you need a trustworthy record. A log that can be edited or deleted is not a trustworthy record.
Valta's audit trail uses a hash chain: each entry contains the cryptographic hash of the previous entry. If any entry is tampered with, every subsequent hash becomes invalid. The entire chain fails verification.
This gives you:
- A complete, ordered history of every action
- Proof that no entries have been inserted, modified, or removed
- A compliance-grade trail you can export at any time
What gets logged
| Event | Description |
|---|---|
agent_run_started | An agent run was initiated, including the task and context passed. |
agent_run_completed | Run finished successfully. Includes summary and duration. |
agent_run_failed | Run ended with an error. Includes error details. |
transaction_attempted | A financial action was attempted by the agent. |
transaction_completed | A financial action completed successfully. |
transaction_blocked | A financial action was blocked by policy. Includes the specific rule violated. |
policy_violation | A policy rule was triggered, with the field and threshold that failed. |
agent_frozen | Agent was frozen. Includes the user ID that triggered the freeze. |
agent_unfrozen | Agent was unfrozen. Includes the user ID that triggered the unfreeze. |
api_key_created | A new API key was created for the account. |
api_key_revoked | An API key was revoked. |
injection_attempt_blocked | A prompt injection attempt was detected and blocked. |
Reading the audit trail
import { ValtaClient } from 'valta-sdk'
const valta = new ValtaClient({ apiKey: process.env.VALTA_API_KEY })
const { data, total } = await valta.audit.list({
agentId: agent.id,
limit: 50,
})
// Single entry with hash chain fields:
const entry = await valta.audit.get(entryId)
console.log(entry.action) // e.g. 'transaction_blocked'
console.log(entry.hash) // SHA-256 hash of this entry
console.log(entry.previousHash) // Hash of the preceding entry
console.log(entry.createdAt) // ISO 8601 timestamp
console.log(entry.metadata) // Action-specific details
Verifying chain integrity
Walk the entire hash chain for an agent and confirm no entries have been tampered with:
const result = await valta.audit.verify(agentId)
console.log(result.intact) // true if no tampering detected
console.log(result.entriesChecked) // Total number of entries verified
console.log(result.firstFailedId) // Set only if intact is false
Verification runs client-side — Valta's SDK downloads the entries and computes the hashes locally. The result is not influenced by Valta's servers.
Exporting for compliance
const entries = await valta.audit.export({ agentId: agent.id })
// Returns all entries as an array — auto-paginates internally
// Write to a file, upload to S3, push to your compliance system:
import { writeFileSync } from 'fs'
writeFileSync('audit.json', JSON.stringify(entries, null, 2))
The export includes all fields, including hash and previousHash, so downstream systems can independently verify the chain.