NORNR mark NORNR Mandates, approvals and evidence for autonomous agents.
Control room

Guide / Audit trail

8 minutes

How to add audit trail before agent spend moves

Add a decision trail, receipt context and operator-readable history before agent spend moves.

Updated March 17, 2026
Pattern Audit trail
Outcome Policy returns approved, queued or rejected before spend moves.
Diagram showing a NORNR decision, receipt artifact, and workflow run record being stored together for audit trail.
The goal is not just policy at decision time, but a durable trail that operators can explain later without reconstructing the run from logs.
You will add
  • a decision object attached to every paid action
  • a consistent place to store audit context
  • a reviewable trail before settlement
Best for
  • teams adding accountability before production
  • operators who expect internal review later
  • workflows that already log run metadata

1. Why this guide matters

Most teams do not need a full finance system on day one. They do need an answer to a simple question: why was this agent allowed to spend?

This guide shows the smallest useful pattern for storing decision context before the paid step runs.

2. Install what you need

bash 
npm install @nornr/sdk

This guide uses the hosted NORNR path at https://nornr.com, so you can validate the decision flow without standing up the full local stack first.

3. Create the governed wallet

typescript 
import { Wallet } from "@nornr/sdk";

const wallet = await Wallet.create({
  owner: "audit-agent",
  dailyLimit: 60,
  requireApprovalAbove: 20,
  baseUrl: "https://nornr.com",
});

This wallet is the mandate. It sets the budget and review threshold before the framework-specific workflow is allowed to continue.

4. Apply it in the workflow

typescript 
const decision = await wallet.pay({
  amount: 12.5,
  to: "openai",
  purpose: "model inference",
});

await saveRunRecord({
  workflowId,
  decision,
  requestedBy: "research-agent",
});

if (decision.status === "approved") {
  await runPaidStep();
}

The key pattern stays the same across frameworks: ask NORNR for a decision first, then let the expensive or externally billable step run only if policy says yes.

5. What to expect

  • approved means the workflow can continue immediately inside its mandate.
  • queued means the request crossed an approval threshold and should wait for review.
  • rejected means policy did not allow the action to proceed.

That three-way split is what makes the pattern useful: low-risk work stays fast, higher-risk work becomes reviewable, and clearly out-of-policy work never leaves the workflow.

6. When to use this pattern

  • you can already run the workflow but cannot explain it later
  • finance, ops or customers will ask why the action was allowed
  • you want a trail before you need a compliance project

7. What the output should look like

output 
{
  "workflowRunId": "run_123",
  "decision": { "status": "approved" },
  "actor": "audit-agent",
  "artifactUrl": "https://..."
}

You do not need the exact same payload shape everywhere. What matters is that the workflow can clearly distinguish approved, queued and rejected outcomes and persist the decision context.

8. Live proof and operator reality

  • The deployed system already exposes receipts, evidence and operator-facing history.
  • Receipt evidence is already a first-class concept in the product instead of an afterthought.
  • The same audit pattern works whether the spend came from a framework, a vendor action or a custom workflow.
NORNR control room showing receipt and evidence context that supports an audit trail.
A useful audit trail is visible to operators, not buried in system logs. The live product already organizes this context around governed activity.

The point of this pattern is not just better code structure. It is a workflow that operators can actually inspect, explain and intervene in when a request leaves its normal mandate.

9. Common mistakes

  • Saving only the final payment outcome and not the decision that allowed it.
  • Storing evidence in a separate system with no link back to the workflow run.
  • Treating auditability as a reporting problem instead of a workflow design problem.

10. When not to use this pattern

  • you only care about end-of-month aggregate reporting
  • the workflow has no stable run identifier or place to persist evidence
  • you are still deciding whether the action should be governed at all

11. What this replaces and what it does not

  • Raw application logs are useful, but they do not give operators a decision object they can review later.
  • Payment processor receipts show settlement, but not why the workflow was permitted to settle.
  • Spreadsheet-based reconciliation can summarize activity, but it rarely preserves agent intent and approval context.

12. Implementation checklist

  • Persist the decision payload before the billable step runs.
  • Attach artifact URLs, references or receipt IDs to the same run record.
  • Store actor and timestamp data so later review is not guesswork.
  • Keep approval comments and receipt evidence in the same trail.

13. Featured follow-up paths

These are the adjacent pages most likely to help you turn this guide into a real rollout path instead of a one-off demo.

14. Where to go next

Related guides

Keep going from the same control problem.

These are the closest follow-up guides in the same part of the library.

Auditability / 8 minutes

How to make agent actions auditable

Make agent actions auditable by persisting the NORNR decision next to the workflow run and outcome.

Read guide Evidence / 8 minutes

How to attach receipts and evidence to agent-triggered actions

Attach receipts and evidence to agent-triggered actions so operators can trace what happened after the decision.

Read guide Governance / 12 minutes

Agent spend governance for AI agents

Budgets, approvals, counterparties and audit trail for AI agents that are getting close to real spend.

Read pillar

Next move

Prove the path, then wire it into your real workflow.

Start with the hosted quickstart if you want the fastest confirmation, or open the control room to see how approvals and evidence behave in the live operator surface.

Start in 5 minutes Open control room Back to guides