The Requirement
Every AI agent interaction should log: user identity, timestamp, input prompt, model name and version, retrieved context (document IDs, not full text), tool calls with inputs and outputs, the final response, any data writes the agent performed, and the confidence or rationale for material decisions. HubSpot’s Audit Cards (released October 2025) are one well-designed pattern. Salesforce Agentforce Command Center uses an OpenTelemetry-compatible trace model. ServiceNow’s Now Assist Audit and Microsoft Purview AI Hub fill the same role on their respective stacks.
A workable schema:
{
"session_id": "abc-123",
"actor": {"user_id": "u_88", "type": "human"},
"agent": {"name": "case-resolver", "version": "v3.2", "model": "claude-sonnet-4.7"},
"ts": "2026-04-24T14:22:01Z",
"input": {"channel": "email", "subject": "..."},
"retrieval": [{"doc_id": "kb_4421", "score": 0.83}],
"tools": [{"name": "case.update", "args": {...}, "result": "ok"}],
"output": {"text": "...", "confidence": 0.91},
"writes": [{"object": "Case", "id": "5003...", "field_changes": {...}}]
}Compliance Driver
EU AI Act Article 12 mandates automatic logging for high-risk systems, with logs retained for the system’s lifetime — at minimum six months, longer where sectoral law requires. Article 26(6) extends the retention obligation to deployers. Sector regulations stack on top: HIPAA’s 6-year retention for PHI access, SOX 7 years for financial controls, GDPR Article 30 records of processing, CPRA right-to-know. Internal policy increasingly requires demonstrable audit. “Our agent did X” without logs is legally indefensible — and in adversarial discovery, the absence is itself adverse inference.
Trust Driver
Users and employees trust systems they can inspect. Opaque AI changes generate resistance and shadow IT. Agents that log decisions and surface them in the UI build adoption; ones that don’t bleed engagement within 90 days. Internal CSAT on AI tools correlates more strongly with explainability than with raw accuracy in 2025 Forrester data.
Debugging Driver
Production agent failures are nearly impossible to root-cause without traces. Why did the agent recommend the wrong product? Was it the prompt, the retrieval, the tool output, the model version, or a stale cached value? A complete audit trail answers in minutes; an incomplete one means rebuilding the conversation from logs, customer reports, and guesswork.
Practical Implementation
Emit structured events — JSON Lines, not free-form strings — to your observability stack: Splunk, Datadog, Honeycomb, Salesforce Data Cloud, ServiceNow Workflow Data Fabric, or a lake (S3, ADLS) partitioned by date. Stream to a SIEM for security correlation. Index hot events for 90 days; archive to cold storage with a documented restore SLA for the rest of the retention window.
Make individual audit entries user-accessible — “why did this change happen” must have a one-click answer in the CRM record timeline. Mask PII in logs that leave the security boundary; tokenize identifiers so analysts can reason about behavior without seeing names.
Common Failure Modes
- Logging only the input and final output, missing tool calls and retrieval — the most useful debugging info is in the middle.
- Free-form string logs that no parser can structure later.
- No retention policy, so logs either bloat indefinitely or expire silently.
- Logs in the agent’s own database (single point of failure if the agent is the problem).
What to Do This Week
Pick one production agent. Trace one real conversation end-to-end. If you can’t reconstruct exactly what the agent did and why, your audit is broken.
