Skip to main content

📝 Audit Logging

Compliance under Saudi regulations (ZATCA, GOSI, PDPL, and NCA) requires an immutable, tamper-evident record of all user, system, and AI operations. BayanCore implements a zero-deletion audit trail architecture.

1. Immutable Log Architecture

To prevent unauthorized manipulation of historical logs, the auditing system isolates writes:

  • Database Constraints: The audit log table resides in a dedicated MariaDB schema. The application service connects to this schema using a user role restricted solely to INSERT privileges. No UPDATE or DELETE executions are accepted.
  • Cryptographic Hash Chaining: Every log entry contains the SHA-256 signature of the preceding row's metadata and payload. This links all records in a chronological cryptographic chain: Row Hash = SHA256(Current Payload + Previous Row Hash)
  • Tamper Detection: A daily system cron job recalculates the hashes across all rows. If a hash mismatch is detected (indicating manual database alteration), the system locks and flags an alert to the Security Ops Dashboard.

2. "Action by User via AI" Log Format

When actions are executed or drafted by the AI assistant (Tiers 2 and 3), the system logs the interaction using a standardized JSON schema to preserve human responsibility and clear audit paths.

Sample Audit Payload

{
  "log_id": "audit_8271b-29a3",
  "actor": {
    "user_id": "usr_9281a",
    "role": "Finance Manager",
    "ip_address": "197.34.120.4"
  },
  "action": {
    "type": "POST_PURCHASE_INVOICE",
    "timestamp_gregorian": "2026-06-02T01:15:00Z",
    "timestamp_hijri": "1447-12-16T01:15:00Z",
    "entity_type": "Purchase Invoice",
    "entity_id": "PINV-2026-0041"
  },
  "agency": {
    "generated_by_ai": true,
    "ai_agent_id": "agent_ap_ocr_v1",
    "ai_confidence_score": 0.98,
    "user_review_action": "APPROVED_WITHOUT_EDIT",
    "prompt_interaction_id": "prompt_8812c"
  },
  "changes": {
    "before": null,
    "after": {
      "vendor_id": "vendor_921a",
      "gross_amount": 15000.00,
      "vat_amount": 2250.00
    }
  },
  "hash": "d5f8a0e882a1768c92ff3b99..."
}

3. Data Retention Schedule

To align with ZATCA and Saudi Commercial Laws, data is archived and purged based on a structured lifecycle:

Data TypeStatutory RetentionStorage TierImmutability Control
Financial Transactions / GL10 Yearsrelational MariaDBAppend-Only, Write-Once
ZATCA Signed Invoice XMLs10 YearsOCI Object Store (WORM)Cryptographic Hash Chain
User Activity Logs5 YearsPartitioned Audit TablesSHA-256 Hash Chain
System Operations Logs2 YearsOCI Object StoreAuto-Purged after 2 Years
AI Context Tokens / Cache30 DaysRedis / Temp DBAuto-Purged after 30 Days