Log field anatomy
Every field captured because compliance teams asked for it. Log records are written once and never modified — WORM-pattern storage at the application layer, with SHA-256 integrity hashing so any tampering is detectable.
request_id
UUID v4. Immutable primary key for the audit record. Cross-reference from incident reports, SIEM, or external systems.
tenant_id
The tenant scope assigned at the proxy layer. Pulled from header, API key, or project context — not from the prompt.
model_version
Full model version string as reported by the upstream API. Critical for reproducibility — "which version produced this answer?"
policy_verdict
ALLOWED / REDACTED / BLOCKED. Machine-readable verdict for automated compliance filtering and alerting.
pii_findings
List of entity type labels detected. Not the raw values — just the type identifiers. Auditor gets the count and category without seeing the data.
prompt_hash
SHA-256 of the pre-redaction prompt. Proves the prompt existed at this timestamp. Post-redaction prompt hash also stored separately.
created_at
UTC ISO 8601 timestamp of the Meibel intercept, not the upstream model response. Server-side clock, not client-submitted.