Skip to main content

BIO-QMS Agent Audit Hook

PostToolUse hook that captures BIO-QMS agent invocations for FDA 21 CFR Part 11 audit trail compliance.

Trigger

  • Event: PostToolUse
  • Tool: Task (when subagent involves bio-qms-* agents)
  • Condition: Task description or prompt contains bio-qms- agent reference

Behavior

When a BIO-QMS agent is invoked via the Task tool:

  1. Capture invocation metadata:

    • Agent ID (which bio-qms agent was called)
    • Model tier (opus/sonnet/haiku)
    • Input summary (truncated to 500 chars)
    • Timestamp (ISO 8601 UTC)
    • Correlation ID (session or work order ID)
  2. Capture response metadata:

    • Output summary (truncated to 500 chars)
    • Success/failure status
    • Duration (ms)
    • Token consumption
    • Confidence score (if available)
  3. Determine retention:

    • Regulatory flag true → 7-year retention (FDA Part 11)
    • Regulatory flag false → 3-year retention
  4. Log audit entry:

    • Write to BIO-QMS audit log
    • Link to workflow state transition (if applicable)

Audit Entry Schema

interface AgentAuditEntry {
id: string;
tenantId: string;
correlationId: string;
eventType: AuditEventType;
timestamp: string;
agentId: AgentId;
modelTier: ModelTier;
inputSummary?: string;
outputSummary?: string;
confidence?: number;
tokensConsumed?: number;
durationMs?: number;
success: boolean;
regulatoryFlag: boolean;
retentionYears: number;
retentionExpiresAt: string;
}

Integration

  • TypeScript Implementation: backend/libs/qms-core/src/agents/agent-audit.ts
  • Creates: AgentAuditEntry via createInvocationAudit() and createResponseAudit()
  • Workflow Link: linkToTransition() connects audit to state machine transitions

See Also

  • Skill: skills/bio-qms-agent-framework/SKILL.md
  • Command: /bio-qms-agent
  • TypeScript: agent-audit.ts (11 event types, retention logic)