A tamper-proof audit logging service for AI agent and MCP tool activity that captures every tool invocation, file access, user input, and agent output with cryptographic proofs so teams can pass SOC 2, HIPAA, and EU AI Act audits that existing observability tools cannot satisfy

Claude Cowork activity is explicitly excluded from Anthropic's Audit Logs and Compliance API, creating a documented compliance gap. 33% of organizations deploying AI agents lack any audit trail for their agent activity. SOC 2 Trust Service Criteria were built for human-operated systems; autonomous agents that make decisions at machine speed without human authorization have no standard way to generate the access control evidence auditors require. EU AI Act enforcement starts August 2026 with logging mandates for high-risk systems. HIPAA teams cannot reconstruct PHI access patterns from agent sessions. Existing tools like Langfuse and Helicone focus on LLM observability (latency, token cost) not compliance evidence (who accessed what data, when, with what authorization, and why). A dedicated service that hooks into MCP server calls and agent SDKs, writes append-only hash-chained logs with Merkle verification, exports audit packs with cryptographic proofs auditors can independently verify, and covers the gap where Anthropic's own compliance API does not. The HN Show thread for Traceprompt identified fintech and healthcare teams manually stitching together API Gateway + CloudWatch + S3 to patch this gap.