The audit trail
The record Prefactor keeps for each agent run is more than a log of what happened. Every run record is tied to the specific agent version that produced it, the activity schema version that governed it, the spans that make up its timeline, and — where a risk profile is assigned — the risk classification derived from those spans. Those connections are what make the record useful for review and not just for debugging.
What gets recorded
Section titled “What gets recorded”Every time an agent runs, Prefactor creates an instance — a run record that accumulates everything that happened during that execution. The instance is the unit of record. Everything else hangs off it.
Inside that instance, each step the agent takes is recorded as a span: an LLM call, a tool invocation, a message sent or received. Each span carries the inputs that went in, the outputs that came back, the time it took, and whether it succeeded or failed. Together, the spans form the activity timeline of the run.
The instance record also carries what ties it to its context: the agent version that was running, the activity schema version that governed it, and the environment it ran in. If the agent has a risk profile assigned, the peak risk classification for that run is recorded on the instance too, derived from the spans it contains.
How the records connect
Section titled “How the records connect”The version record is the traceability anchor. Every instance points to the specific agent version that produced it, and that version does not change when a new version ships. A review conducted six months from now draws on exactly the same version record as one conducted today.
The schema link is the conformance record. Each instance is tied to the activity schema version that was current when that run was registered. If a span’s payload diverged from the declared shape, Prefactor recorded the mismatch — it is part of the record, not hidden. You can see not just what happened but where the agent’s behaviour differed from what was declared.
The risk classification is a calculated result, not a judgement made after the fact. It is derived from the spans in that run against the weights and thresholds in the assigned risk profile, and it is reproducible: given the same spans and the same profile, the same classification follows.
Immutability
Section titled “Immutability”Once recorded, spans and instances do not change. Prefactor does not go back and re-score historical runs when a risk profile is updated, or re-validate past spans when a schema changes. Each run is permanently tied to the conditions under which it occurred.
What a review looks like in practice
Section titled “What a review looks like in practice”A compliance reviewer working in Prefactor would typically look at a specific agent’s instance list, filter to the relevant environment and time window, and open the instances that reached a risk level they care about. From there, the span timeline shows every step in sequence, with inputs and outputs. The version and schema version for that instance are visible alongside it. If the reviewer needs to verify what the schema declared for a particular span type, the activity schema tab for that agent shows every version’s definitions.
Further reading
Section titled “Further reading”- Instance — what an instance record contains and its lifecycle states.
- Span — the individual steps recorded within an instance.
- Risk profile — how risk classifications are calculated and what they mean.
- Activity schema — how schema versions are created and what they declare.