Sentinel

Audit Trail

Bridge evaluation lifecycle events to an audit backend for compliance and debugging.

The audit_hook package bridges Sentinel lifecycle events to an audit trail backend. It records structured audit events for evaluation operations.

Setup

import "github.com/xraph/sentinel/audit_hook"

// With a Recorder implementation
auditExt := audithook.New(myRecorder)

// Or with a simple function
auditExt := audithook.New(audithook.RecorderFunc(func(ctx context.Context, event *audithook.AuditEvent) error {
    log.Printf("AUDIT: %s %s %s", event.Action, event.Resource, event.ResourceID)
    return nil
}))

// Register with engine
eng, _ := engine.New(
    engine.WithExtension(auditExt),
)

Recorder interface

type Recorder interface {
    Record(ctx context.Context, event *AuditEvent) error
}

The RecorderFunc adapter lets you use a plain function:

type RecorderFunc func(ctx context.Context, event *AuditEvent) error

AuditEvent

type AuditEvent struct {
    Action     string
    Resource   string
    Category   string
    ResourceID string
    Metadata   map[string]any
    Outcome    string
    Severity   string
    Reason     string
}

Actions

Audit actions for Sentinel lifecycle events:

ActionDescription
sentinel.eval.run.startedEvaluation run initiated
sentinel.eval.run.completedRun completed successfully
sentinel.eval.run.failedRun failed
sentinel.case.startedCase evaluation started
sentinel.case.completedCase evaluation completed
sentinel.case.failedCase evaluation failed
sentinel.baseline.savedBaseline saved
sentinel.regression.detectedRegression detected
sentinel.redteam.startedRed team evaluation started
sentinel.redteam.completedRed team evaluation completed
sentinel.prompt_version.createdPrompt version created
sentinel.comparison.completedMulti-model comparison completed

Severity levels

LevelUsage
infoNormal operations (run started, case completed)
warningRegressions detected
criticalFailures (run failed, case failed)

Filtering

Use WithActions to limit which events are recorded:

auditExt := audithook.New(myRecorder,
    audithook.WithActions(
        audithook.ActionEvalRunStarted,
        audithook.ActionEvalRunFailed,
        audithook.ActionRegressionDetected,
    ),
)

Only the specified actions will be recorded; all others are silently dropped.

Observability

Built-in metrics extension with lifecycle counters.

End-to-End Evaluation Pipeline

Complete walkthrough — create a suite, add cases, run evaluations, save baselines, and detect regressions.

On this page

SetupRecorder interfaceAuditEventActionsSeverity levelsFiltering