The cryptographic anomaly record

A log you can quietly edit is not evidence — it's a story. The Anomaly Record exists to be the opposite: the smallest possible artifact that an auditor, a regulator, or a future version of you can verify without taking anyone's word for it.

Concretely, each record is a structured row containing a VANTIO_TRACE_ID (UUID v4), execution metadata (PID, bytes severed, target host, action taken), an HMAC-SHA256 receipt over the event's trace ID, and a TrueTime commit timestamp from GCP Spanner. No prompts. No completions. Just what happened, when, and proof it wasn't tampered with.

Verifiable without trusting us

The HMAC receipt is computed with the tenant's API key as the signing secret and returned in the x-vantio-signature header on every ingest. That means anyone holding the tenant key can recompute the HMAC and confirm the receipt was issued for that exact trace ID. You don't have to trust the ledger; you can check it. That distinction is the whole point of a cryptographic record versus a database you're asked to believe.

The payload quarantine

Keeping content out isn't a policy promise; it's enforced in two places. Structurally, the ingest route whitelists only specific metadata fields — prompts and completions are architecturally excluded, so there's no column for them to land in. Contractually, the service-role key used for writes has no read access on raw input columns. The system is built so that the embarrassing data simply never exists to leak.

Mapping to the rules people actually get audited against

GDPR Article 30 asks for a “record of processing activities.” The ledger satisfies that natively: every agent action that touches personal data produces an immutable record with a globally consistent timestamp, a unique event ID, and a cryptographic integrity proof. The same primitive lines up with SOC 2 CC7.2 (detection and evidence of anomalies) and with the kind of defensible timeline SEC cyber-disclosure expectations increasingly assume you can produce on demand. Compliance teams don't want a dashboard screenshot; they want a record that holds up when someone hostile is looking at it. That's what this is.