Audit Trail & Compliance

Regulatory compliance için:

• What — agent ne yaptı (tool, params, result)
• When — timestamp (ms precision)
• Who — user_id, session_id, model version, prompt hash
• Why — model'in rationale (thinking block)
• Result — success/fail, output snapshot

Immutable storage: append-only log (S3 + Object Lock, AWS QLDB, Postgres with no-update trigger).

Retention: sektöre göre 3-7 yıl. PII varsa hashing + encryption.

Use case: EU AI Act yüksek risk sistemlerinde post-incident audit zorunlu — bu log olmadan compliant değilsin.