Skip to main content

Overview

The audit dashboard’s Decisions view and the /audit/decisions API show every authority verification outcome recorded in the Postgres database — approved, rejected, and pending override. Requires audit_db: true in GET /health (Postgres connected).

Listing decisions

// All recent decisions
const decisions = await client.audit.decisions({ limit: 50 });

// Filter by policy
const claimsDecisions = await client.audit.decisions({
  policyId: "claims-approval",
  limit: 100,
});

// Date range
const todaysDecisions = await client.audit.decisions({
  from: new Date().toISOString().slice(0, 10) + "T00:00:00Z",
  to:   new Date().toISOString().slice(0, 10) + "T23:59:59Z",
});

// Approvals only
const approvals = await client.audit.decisions({
  decision: "approve",
});

DecisionRow fields

Each row in the decision list: 
interface DecisionRow {
  execution_id: string;
  execution_fingerprint: string;
  policy_id: string;
  policy_version: string;
  decision: string;              // "approve" | "reject" | custom action string
  execution_state: string;       // "completed" | "pending_override"
  runtimeVersion: string;
  runtimeHash: string;
  executed_at: string;           // ISO 8601
  recorded_at: string;           // ISO 8601
  verification_valid: boolean | null;
  signature_verified: "verified" | "failed" | "unknown";
  runtime_verified: "verified" | "failed" | "unknown";
  schema_compatible: "verified" | "failed" | "unknown";
  verified_at: string | null;
}

Retrieving a single decision

const detail = await client.audit.decision("claim-CLM-2024-00441");

console.log(detail.id);                    // auto-increment row ID
console.log(detail.execution_id);          // "claim-CLM-2024-00441"
console.log(detail.execution_fingerprint); // SHA-256 of canonical signals
console.log(detail.policy_id);             // "claims-approval"
console.log(detail.policy_version);        // "1.0.0"
console.log(detail.schema_version);        // "1.0.0"
console.log(detail.decision);              // "approve"
console.log(detail.execution_state);       // "completed"
console.log(detail.signals_hash);          // SHA-256 of signals
console.log(detail.signature);             // Ed25519 signature
console.log(detail.attestation);           // full attestation object
console.log(detail.executed_at);           // ISO timestamp
console.log(detail.recorded_at);           // ISO timestamp

curl examples

# List recent decisions
curl "http://localhost:3000/audit/decisions?limit=20" \
  -H "Authorization: Bearer $PARMANA_API_KEY" | jq .

# Filter by policy and date range
curl "http://localhost:3000/audit/decisions?policyId=claims-approval&from=2024-01-01T00:00:00Z&limit=100" \
  -H "Authorization: Bearer $PARMANA_API_KEY" | jq .

# Single decision
curl "http://localhost:3000/audit/decisions/claim-CLM-2024-00441" \
  -H "Authorization: Bearer $PARMANA_API_KEY" | jq .

Dashboard

Navigate to http://localhost:8081 to browse decisions in the UI. The dashboard provides:
  • Paginated decision timeline
  • Filter by policy ID, decision outcome, and date range
  • Click to expand full attestation detail for any decision
  • Verification status indicators per decision

Troubleshooting

Empty results — If Postgres was not connected when decisions were executed, they were not recorded. Check audit_db in /health and verify Postgres is running. decision field shows raw action string, not “approve” — The decision column stores the action value from the policy rule. If your policy uses custom action names (e.g., "manual_review", "hold"), those appear here. Filter by the exact string your policy uses. verification_valid: null — The attestation has not been verified yet. Run POST /verify with the attestation to populate the verification columns.