Audit Logging - Guardrail Layer
Documentation

Audit Logging

Complete, contextual audit trails for every query evaluated by Guardrail Layer — including intent, enforcement decisions, and outcomes.

Why Traditional Database Logs Aren't Enough

Native database logs capture what happened — not why it happened.

When LLMs are involved, this gap becomes critical. A raw SQL statement provides no insight into:

  • Who initiated the request
  • Which role or policy applied
  • Whether the query was transformed
  • What alternative actions were considered

Audit logs without intent are insufficient for LLM-driven systems.

What Guardrail Layer Logs

Guardrail Layer records a structured audit event for every query, regardless of outcome.

original_query

The SQL as received

transformed_query

Rewritten version if modified

user_context

User ID and role information

execution_source

Human, agent, or system

policy_rules

Rules evaluated for this query

decision_outcome

Allow, transform, or deny

execution_metadata

Duration, rows, cost

timestamps

Request and completion times

Query Lifecycle Visibility

Each audit entry captures the full lifecycle of a query:

Query Received
Metadata Analysis
Role & Context Resolution
Policy Evaluation
Allow / Transform / Deny
Execution (if allowed)

Decision Transparency

When a query is denied or transformed, Guardrail Layer records the specific reasons for the decision.

Decision: DENY
• Column "email" restricted for role "llm_agent"
• Missing mandatory LIMIT clause

This makes it possible to understand and explain enforcement behavior without reverse-engineering SQL.

Audit Logs for LLM Behavior Analysis

Audit logs are not just for compliance — they are a diagnostic tool.

Teams use audit data to:

Pattern Detection

Identify unsafe prompt patterns

Behavior Tracking

Detect repeated exploratory behavior

Inference Analysis

Understand inference attempts

Policy Refinement

Refine role and policy definitions

Retention & Export

Audit logs can be retained, exported, or streamed based on deployment configuration.

Retention Policies

Configurable by organization

SIEM Integration

Export to logging platforms

Queryable History

Search and analyze past queries

Compliance & Accountability

Guardrail Layer's audit model supports:

  • Internal security reviews
  • Incident response investigations
  • Regulatory compliance requirements
  • Customer-facing transparency

Every enforcement decision is explainable, reproducible, and attributable.

Why This Matters

When LLMs touch production data, trust is built through visibility — not assumptions.

Guardrail Layer logs decisions, not just queries.

Next Steps

Define metadata classifications Review query enforcement
Audit logs capture intent, context, and outcome — not just SQL text.
Scroll to Top