Trust, Governance & Security · 09.03
Audit: No Anonymous Spend
Action attribution with node-level token accounting from a single sink — no anonymous spend.
Every entry knows who did it and what it cost
An audit entry is attributed to one of four actor types — agent, user, system, or scheduler — and carries real token and cost figures for that specific action, not an aggregate estimate. GET /v1/runs/:runId/audit reads directly from this trail, and because budgets, observability, and governance summaries all read from the same sink rather than each keeping their own count, a dollar spent by one node always shows up the same way no matter which surface you're looking at it from.
Best-effort by design — an audit failure can't break a run
Recording an audit entry is fire-and-forget: the engine calls it and swallows any failure rather than letting a logging problem cascade into a failed workflow run. The trail is meant to be sacred and complete, but never at the cost of being the reason real work stopped.