Immutable, cryptographically-chained event ledger for compliance and audit.
Vault gives your organization a tamper-evident record of every meaningful action taken by or against your AI agents. Every event is hashed into an append-only chain that you can independently verify at any time.
Plan requirement: Max plan. To upgrade, visit Account > Billing in the dashboard or contact sales@veriswarm.ai.
Vault maintains an ordered, append-only ledger per workspace. Each event is cryptographically linked to the previous event. Modifying any historical event breaks the chain for all subsequent entries — immediately detectable via the verification endpoint.
Vault events are immutable. There are no update or delete operations. Any unauthorized modification at the storage layer breaks the hash chain automatically.
Events are recorded automatically when Vault is enabled. You do not need to call a separate API. Any event processed through VeriSwarm's suite — Guard scans, Passport verifications, trust decisions, agent events — is written to the ledger.
Each ledger entry contains:
| Field | Description |
|---|---|
event_id |
Unique identifier |
actor_type / actor_id |
Who performed the action (user, agent, system, platform) |
subject_type / subject_id |
What the action targeted (agent, tool, mcp_server, user, policy) |
event_type |
Standardized event type |
source |
Origin system or integration |
occurred_at |
When the event happened (UTC) |
ingested_at |
When VeriSwarm recorded the event (UTC) |
payload |
Event-specific data |
visibility |
Access level: public, internal, or private |
correlation_id |
Optional ID linking related events |
content_hash |
Cryptographic hash of the event content |
previous_event_hash |
Hash of the preceding event in the chain |
Verify the integrity of your ledger at any time. The verification endpoint walks the hash chain and reports whether every link is valid.
A successful response:
{
"ok": true,
"checked_count": 842,
"total_count": 842,
"partial": false,
"errors": []
}
If ok is false, one or more events have been modified, deleted, or inserted outside normal operations. Treat broken chain errors as a security incident and investigate immediately.
For large ledgers, verification may be partial (checked_count < total_count). Run verification repeatedly to cover the full chain.
Export ledger data for offline analysis, regulatory submissions, or archival.
| Format | Description |
|---|---|
json |
Array of event objects |
csv |
Tabular format with header row |
| Filter | Description |
|---|---|
event_type |
Filter to a specific event type |
actor_type |
Filter by actor type |
agent_id |
Filter to events for a specific agent |
limit |
Maximum events (default 1,000; max 10,000) |
Each completed export includes a checksum for integrity verification.
The vault ledger can be filtered to a specific agent using the agent_id query parameter. This is available both in the API and in the agent detail page (Vault tab), where each agent's ledger entries are displayed inline with event type, source, actor, hash chain, and timestamp.
For full endpoint details, see the API reference.
Vault is designed to support compliance logging for common regulatory frameworks. VeriSwarm's own certifications are in progress — the information below describes how Vault's capabilities map to framework requirements.
SOC 2 Type II audits require continuous monitoring artifacts. Vault's immutable ledger logs agent activities, access decisions, and policy enforcement without gaps. Auditors can independently verify chain integrity and export date-ranged subsets for review.
The EU AI Act mandates that deployers of high-risk AI systems maintain behavior logs (Articles 12 and 26). Vault captures trust decisions, moderation actions, and agent interactions in a tamper-evident format. Exports provide structured records suitable for regulatory submissions.
ISO/IEC 42001 (AI Management Systems) requires evidence of AI governance controls. Vault records demonstrate that trust scoring, policy enforcement, and agent oversight are operating as documented. Chain verification provides cryptographic proof that records have not been altered.
Note: VeriSwarm compliance certifications (SOC 2, ISO 27001) are in progress. Contact sales@veriswarm.ai for the latest status.