LLM-agent compliance audit
Compliance teams ask: when this agent answered the user, what did it see, what did it call, what did it return? The answer is an entangled state — and Zeq is an entangled state.
Pattern: one state machine per agent. Each conversation turn writes:
- A
promptevent — hash of the user prompt. - A
model_callevent — hash of the prompt-as-shipped-to-model + chosen model + tool definitions. - A
tool_callevent per tool invocation — hash of the request, hash of the response. - A
responseevent — hash of the final model output.
Every event lands at a known Zeqond on the agent's chain. The compliance team validates with pohc/validate, audits with explore, and proves a 30-day retention SLA with the entangled state row count.
1. Spin up an agent machine
curl -sS https://zeqapi.com/api/chain/state-machines \
-H "Authorization: Bearer ${ZSM_KEY}" \
-H "Content-Type: application/json" \
-d '{"slug":"agent-customer-support-1","is_public":false,
"display_name":"Customer support agent",
"purpose":"Audited LLM responses, 30-day retention"}'
2. Wrapper around your model client
// agent-with-audit.ts — runs server-side; the agent itself can be GPT/Claude/Llama
import crypto from "crypto";
const ZEQ_HOST = "https://zeqapi.com";
const SLUG = "agent-customer-support-1";
const ZSM_KEY = process.env.ZSM_KEY!;
const sha256 = (s: string) =>
crypto.createHash("sha256").update(s).digest("hex");
async function chainEvent(
type: "prompt" | "model_call" | "tool_call" | "response",
payloadHash: string,
envelope: Record<string, unknown> = {},
) {
const r = await fetch(`${ZEQ_HOST}/api/chain/${SLUG}/event`, {
method: "POST",
headers: {
"Authorization": `Bearer ${ZSM_KEY}`,
"Content-Type": "application/json",
},
body: JSON.stringify({ type, hash: payloadHash, ...envelope }),
});
return await r.json();
}
export async function audit(turn: {
user_prompt: string;
model: string;
system: string;
tools?: Record<string, unknown>;
}, run: (input: string) => Promise<{ output: string; tool_calls: Array<{tool: string; req: string; res: string}> }>) {
// 1. record the user prompt
await chainEvent("prompt", sha256(turn.user_prompt));
// 2. record the model call (prompt + system + tools as shipped)
const modelCall = JSON.stringify({ system: turn.system, user: turn.user_prompt, tools: turn.tools, model: turn.model });
await chainEvent("model_call", sha256(modelCall));
// 3. run the agent
const result = await run(turn.user_prompt);
// 4. record each tool call
for (const tc of result.tool_calls) {
await chainEvent("tool_call", sha256(JSON.stringify(tc)));
}
// 5. record the response
await chainEvent("response", sha256(result.output));
return result;
}
Drop this in front of your model client. Every turn writes 3+N events to chain — three from the agent, N from tool calls.
3. Compliance-team audit
A compliance officer needs to prove what the agent did between Zeqond A and Zeqond B:
curl -sS "${ZEQ_HOST}/api/chain/${SLUG}/explore?from=A&to=B&limit=1000" \
-H "Authorization: Bearer ${ZSM_KEY}" | jq '.rows[] | {zeqond: .zeqondNumber, type: .transitionType, hash: .stateHash}'
To prove integrity of the entangled state (no row tampered, no row inserted, no row dropped):
curl -sS "${ZEQ_HOST}/api/chain/${SLUG}/pohc/validate?from=A&to=B" \
-H "Authorization: Bearer ${ZSM_KEY}"
To prove a specific prompt hash made it on the entangled state at the claimed Zeqond, the team has the prompt text → recomputes sha256(prompt) → calls GET /api/chain/:slug/block?zeqond=N and checks the state_hash matches. If it does, the framework witnessed that exact byte sequence.
4. Retention SLA — 30 days
The entangled state's row count IS the audit trail. To prove "we retained every turn for 30 days":
curl -sS "${ZEQ_HOST}/api/chain/${SLUG}/explore?from=$(($(date +%s) * 1000000 / 777000))&limit=1000" \
-H "Authorization: Bearer ${ZSM_KEY}" | jq '.count'
Convert Unix seconds → Zeqond via t / 0.777, query the window, count. The entangled state is the SLA artifact.
5. Add a contract for stricter SLAs
For high-stakes regulated agents, deploy the compliance-audit template (one of the ready-to-deploy templates):
curl -sS https://zeqapi.com/api/contracts/templates/compliance-audit/deploy \
-H "Authorization: Bearer ${ZSM_KEY}" \
-H "Content-Type: application/json" \
-d '{"slug":"agent-customer-support-1"}'
Then on every turn, drive the contract from idle → audited with the prompt+response as input. The transition's proof_digest is signed; the tally token minted on success is the auditor's receipt.
What the entangled state proves
| Question | Answer |
|---|---|
| Did this prompt reach the model? | state_hash for type model_call matches sha256(prompt-as-shipped). |
| Did this tool call happen? | A tool_call row at the right Zeqond with the right hash. |
| Was the entangled state tampered after the fact? | pohc/validate returns valid: false and broken_at. |
| How many turns happened in the window? | explore?from=A&to=B&limit=… row count. |
| Are we still keeping the audit trail? | Latest state row's last_event_at is recent. |
The framework doesn't claim the agent did the right thing — but it does claim, cryptographically, what the agent saw and what it returned. The "right thing" check is your business; the substrate is reproducible.