The audit log is a feature, not a footnote.
The Trust posture page makes the headline claim — every action and every reasoning step is logged. This page is the procurement-grade unpacking of that claim: seven structured layers that make the log itself a working compliance surface, not a dormant evidence locker. Outside counsel, the CISO, and the firm’s ethics partner all have a stake in what’s below.
Every layer described below is a shipped capability with a corresponding V1-Backend module on dev. The page is reconciled against code, not aspirational.
- Layer 01 — Action logging
Every action, every reasoning step.
Every action a user takes inside the tenant — sign-in, view, edit, generate, sign, send, file — is logged to Azure Monitor with actor identity (Microsoft Entra ID), timestamp, action type, matter reference, and IP. Every reasoning step the supervisor and sub-agents take is logged with equivalent fidelity: which sub-agent was dispatched, which F5 composition was used, which sources were consulted, which output was produced. The action log and the reasoning log are joined on the matter and the moment. The full trace is exportable as tamper-evident JSON for litigation discovery, ethics review, or malpractice insurance audit. - Layer 02 — Structured audit events
A documented taxonomy, not free-text.
Audit events are emitted against a documented event taxonomy — not free-text strings. Every event has a stable identifier (e.g., ai.demand_package_generated, intake.workspace.case_assembled, billing.reconciliation.completed), a versioned schema, and a contractual retention obligation. The taxonomy is the substrate the compliance-alerts engine subscribes to. - Layer 03 — Case auditor (matter-level)
A daily auditor on every open file.
The case auditor job runs at 06:00 UTC against every active matter in the tenant. It surfaces missed appointments, treatment gaps that exceed the configured threshold, providers who haven’t reported within the contract window, deadlines coming due, conflict-check status changes, and matter-state inconsistencies the supervisor didn’t catch during the day. The report lands in the firm-admin dashboard and the matter-specific Review Panel. - Layer 04 — Behavioral auditor (user-level)
Compliance pattern detection across users.
The behavioral auditor job operates at the user-level rather than the matter-level. Its scope is compliance pattern detection — surfacing the kinds of user behavior that the firm’s ethics counsel needs to know about: cross-matter information leakage attempts, role-boundary excursions, anomalous access patterns, bulk-export behavior outside normal cadence. The behavioral auditor does not surveil legitimate work; it surfaces patterns that would warrant a partner-level review under the firm’s own policy. - Layer 05 — Compliance alerts engine
Detect once. Notify the right person.
The compliance-alerts engine subscribes to the structured audit-event stream and applies firm-configurable rules to surface compliance issues in real time. The engine is the bridge between the audit log (which records what happened) and the firm’s decision-making (which decides what to do). Alerts route to the firm-admin user with notification cadence the firm sets — immediate, daily digest, or weekly summary. - Layer 06 — Retention policies
Per-state-bar, per-firm, per-matter.
Audit logs are retained for the contractually agreed period — default seven years, configurable up to the most-protective applicable state-bar requirement. Retention policies are firm-configurable for matter data (per-state-bar rules), tenant-configurable for audit logs, and overridable per-matter when a legal hold is in effect. The retention policy itself is a structured object — it can be audited, reviewed, and exported in the same way the underlying data can. - Layer 07 — Audit archival
Long-term storage at archival cost.
The audit archival job migrates audit data older than the hot-retention window to long-term archival storage. The data remains searchable and exportable through the firm-admin surface but the storage cost falls dramatically once it lands in the archival tier. Retention obligations are preserved; cost is not duplicated.
Why every layer matters to the buyer.
Procurement officers approve software that produces audit evidence they can defend to regulators. CISOs approve software whose monitoring posture matches their own. Ethics partners approve software whose behavioral surveillance is defensible under the firm’s own policy. Insurance carriers approve software whose audit trail survives a malpractice claim.
JustineAI™ ships the audit and monitoring layers before the customer asks. Layers 01–02 are the foundation. Layer 03 is the everyday operational value (caught issues surface daily). Layers 04–05 are the ethics-and-compliance partner’s working surface. Layers 06–07 satisfy the state-bar retention rule without bloating the firm’s storage costs.