Portal Community
EdgeInteract

Audit Hook

The AuditInteractionHook logs every interaction — published request, received response (or timeout), and blocked attempts — to an immutable audit store. This creates a compliance-grade record of every human decision made through EdgeInteract.

What Gets Audited

The audit hook runs at both lifecycle points and creates records for every event:

EventHook PointRecord Created
Interaction publishedOnBeforePublish (after hook)InteractionAuditEvent { status: "published" }
Interaction blockedOnBeforePublish (catch)InteractionAuditEvent { status: "blocked", blockedBy }
Response receivedOnAfterRespondInteractionAuditEvent { status: "responded", outcome, responseMs }
Interaction timed outTimeout handlerInteractionAuditEvent { status: "timed_out" }

Audit Record Schema

public record InteractionAuditEvent
{
    public string AuditId { get; init; } = Guid.NewGuid().ToString();
    public string InteractionId { get; init; } = default!;
    public string Type { get; init; } = default!;
    public string TargetUserId { get; init; } = default!;
    public string Status { get; init; } = default!; // published|blocked|responded|timed_out
    public string? Outcome { get; init; }
    public string? RespondedBy { get; init; }
    public double? ResponseTimeMs { get; init; }
    public string? CorrelationId { get; init; }
    public string? BlockedBy { get; init; }
    public DateTimeOffset OccurredAt { get; init; } = DateTimeOffset.UtcNow;
    public Dictionary<string, string> Metadata { get; init; } = new();
}

Registering the Audit Hook

// In Program.cs
builder.Services.AddEdgeInteract(options => {
    options.AuditLog.Enabled = true;
    options.AuditLog.RetentionDays = 365; // 1 year
    options.AuditLog.StorageProvider = AuditStorageProvider.SqlServer;
    options.AuditLog.SensitiveFields = ["payload.formData.ssn", "payload.formData.accountNumber"];
});

builder.Services.AddInteractionHook<AuditInteractionHook>();

Sensitive Field Redaction

The audit hook supports field-level redaction for sensitive payload data. Fields listed in SensitiveFields are replaced with [REDACTED] before the audit record is persisted:

// Configuration
options.AuditLog.SensitiveFields = [
    "payload.formData.socialSecurityNumber",
    "payload.formData.creditCardNumber",
    "payload.context"  // Redact the entire context string
];

Querying the Audit Log

The audit log is queryable via IInteractionAuditStore:

// C# — query audit records
var records = await _auditStore.QueryAsync(new AuditQuery
{
    UserId = "usr_abc123",
    Type = InteractionTypes.Approval,
    Status = "responded",
    FromDate = DateTimeOffset.UtcNow.AddDays(-30),
    ToDate = DateTimeOffset.UtcNow
});

foreach (var record in records)
{
    Console.WriteLine($"{record.OccurredAt}: {record.Type} → {record.Outcome} by {record.RespondedBy}");
}
Compliance Requirement For GDPR and SOC 2 compliance, the audit hook is strongly recommended for all production EdgeInteract deployments. Audit records are immutable — once written, they cannot be modified or deleted via the API (only expired by the retention policy).
← Response Validation Hook Next: Rate Limit Hook →