How long does SYEN Comply integration take?

Under thirty minutes for a new event type. The integration guide is structured as six chapters: install, authenticate, ingest, verify, retrieve proof, and source-system mapping.

What cryptographic primitives does SYEN Comply use?

SYEN Comply signs every audit event with ed25519 over RFC 8785 JSON canonicalized payloads, hash-links the records into a per-tenant chain, and anchors batches to RFC 3161 trusted timestamp authorities.

Does SYEN Comply support BYO KMS?

Yes. Signing keys live in your AWS KMS or Azure Key Vault. SYEN never holds the private material — we hold only public verification keys.

How do I verify a SYEN Comply chain?

Each event includes ten proof elements: the signed canonicalized payload, ed25519 signature, public-key fingerprint, prev-hash, current-hash, RFC 3161 timestamp token, anchor batch ID, tenant ID, sequence number, and KMS key ARN. Replay any subset offline with the syen-verify CLI.

How many source systems can SYEN Comply ingest from?

Fifty integrations across nine categories: identity & access, communications, fraud & AML, data & analytics, AI execution, AppSec, workflow & ITSM, endpoint, and finance. Common platforms include Okta, Snowflake, Azure OpenAI, AWS Bedrock, and ServiceNow.

Audit Trail API Documentation v1.2 — SYEN Comply

§01overview

syen comply is a cryptographic audit ledger for ai decision systems. it records every ai action, human approval, and automated decision as a tamper-evident entry that is independently verifiable by auditors, regulators, and courts.

this guide covers installation, authentication, event ingestion, chain verification, and proof retrieval. a complete integration for a new event type takes under thirty minutes.

§02prerequisites

python 3.10 or higher
a running syen comply deployment via aws or azure marketplace
your tenant credentials provided at subscription activation
network access to your syen comply endpoint

§03installation

no custom sdk required. use the standard python requests library:

pip install requests

§04authentication

authenticate with the api to receive a bearer token. all subsequent requests use this token.

curl

curl -X POST https://api.syensystems.com/api/v1/attest \
  -H "Content-Type: application/json" \
  -d '{
    "tenant_id": "your-tenant-id",
    "agent_id": "your-agent-name",
    "agent_code_hash": "sha256-hash-of-your-agent-code"
  }'

# Returns: {"token": "Bearer ..."}

python

import requests

resp = requests.post(
    "https://api.syensystems.com/api/v1/attest",
    json={
        "tenant_id": "your-tenant-id",
        "agent_id": "your-agent-name",
        "agent_code_hash": "sha256-hash-of-your-agent-code"
    }
)
token = resp.json()["token"]
headers = {"Authorization": f"Bearer {token}"}

note: agent_code_hash should be the sha-256 hash of the exact script or model version executing. this creates a verifiable link between the audit record and the code that generated it.

§05ingesting events

every ai action, decision, or system event is recorded with a single ingest() call. the event_class determines the category. event_type is a free-form string scoped within the class.

basic event

receipt = requests.post(
    "https://api.syensystems.com/api/v1/events",
    headers=headers,
    json={
        "event_class": "EXECUTION",
        "event_type": "credit.decision.made",
        "stream_id": "your-tenant-id:prod-us-east-1:credit-decisions",
        "payload": {
            "applicant_id": "app-991",
            "decision": "APPROVED",
            "score": 740
        }
    }
).json()

print(receipt["event_id"])          # unique event identifier
print(receipt["sequence_counter"])  # position in the chain

event with human decision surface

when a human reviewed and approved a decision, include the decision_surface to record what was shown, when, and what they decided.

receipt = requests.post(
    "https://api.syensystems.com/api/v1/events",
    headers=headers,
    json={
        "event_class": "EXECUTION",
        "event_type": "credit.decision.made",
        "stream_id": "your-tenant-id:prod-us-east-1:credit-decisions",
        "payload": {"applicant_id": "app-991", "decision": "APPROVED"},
        "decision_surface": {
            "explainability_artifact_hash": "sha256-of-artifact-shown",
            "human_decision": "APPROVE",
            "presentation_timestamp": "2026-03-20T14:00:00Z",
            "signoff_timestamp": "2026-03-20T14:00:03Z",
            "decision_complexity_tier": 2
        }
    }
).json()

# True if signoff was under the threshold for the complexity tier
print(receipt["velocity_flag_triggered"])

event with extended context

pass optional context fields to capture ai model provenance, infrastructure details, and compliance gate results.

receipt = requests.post(
    "https://api.syensystems.com/api/v1/events",
    headers=headers,
    json={
        "event_class": "EXECUTION",
        "event_type": "model.inference",
        "stream_id": "your-tenant-id:prod-us-east-1:model-runs",
        "payload": {"output": "APPROVED"},
        "context": {
            "trace_id": "abc-123",
            "model_version": "risk-engine-v2.1.0",
            "compliance_gate_result": "APPROVED",
            "pii_detected": False,
            "cloud_provider": "aws",
            "cloud_region": "us-east-1"
        }
    }
).json()

event with full context objects

for governed ai decisions, pass the optional context objects to satisfy all 10 proof elements. each object is independently optional. pass only the objects relevant to your event type.

receipt = requests.post(
    "https://api.syensystems.com/api/v1/events",
    headers=headers,
    json={
        "event_class": "EXECUTION",
        "event_type": "credit.decision.made",
        "stream_id": "your-tenant-id:prod-us-east-1:credit-decisions",
        "payload": {"applicant_id": "app-991", "decision": "APPROVED"},
        "policy_context": {
            "policy_id": "policy-credit-v3",
            "policy_version": "3.1.0",
            "framework_name": "NIST_AI_RMF",
            "requirement_id": "GOVERN-1.2",
            "policy_effect": "ALLOW",
            "exception_approved": False
        },
        "data_lineage": {
            "data_asset_id": "dataset-credit-bureau-2026-q1",
            "data_source_system": "snowflake",
            "contains_pii": True,
            "contains_financial": True,
            "consent_basis": "contractual_necessity",
            "data_classification": "confidential"
        },
        "ai_execution_context": {
            "model_provider": "anthropic",
            "model_name": "claude-sonnet-4-6",
            "model_version": "20250514",
            "prompt_hash": "sha256-of-prompt",
            "response_hash": "sha256-of-response",
            "agent_runtime": "langchain",
            "agent_decision_type": "recommendation",
            "agent_reversibility_flag": False,
            "inference_latency_ms": 340
        },
        "guardrail_context": {
            "kill_switch_checked": True,
            "kill_switch_result": "PASS",
            "approval_gate_result": "APPROVED",
            "sandbox_executed": False,
            "risk_score": 0.12,
            "override_invoked": False
        },
        "human_review_context": {
            "human_review_required": True,
            "review_decision": "APPROVE",
            "final_approver_id": "user-analyst-007",
            "review_latency_ms": 4200,
            "reviewer_role": "credit_analyst"
        },
        "outcome_context": {
            "decision_result": "APPROVED",
            "actual_action_taken": "credit.line.issued",
            "downstream_system_notified": "oracle-ebs",
            "rollback_possible": False,
            "financial_impact_usd": 25000.00
        }
    }
).json()

§06event classes

syen comply supports eleven event classes covering the full lifecycle of an ai-assisted workflow. EXECUTION and OUTCOME are required for initial integration.

class	use for	example event_type
`EXECUTION`	ai tool calls, model inference, human approvals	`credit.decision.made`
`OUTCOME`	final decisions: approved, blocked, escalated	`loan.approved`
`ACCESS`	session grants, privilege escalation	`session.granted`
`DATA`	query execution, dataset snapshots	`dataset.queried`
`INTENT`	policy definitions, rule updates	`policy.updated`
`ANALYSIS`	derived findings, drift detection	`policy.drift.detected`
`DETECTION`	security incident detection	`threat.detected`
`RESPONSE`	actions taken during incident	`system.isolated`
`CONTAINMENT`	containment actions	`threat.contained`
`ERADICATION`	threat removal confirmation	`malware.removed`
`RECOVERY`	system recovery confirmation	`service.restored`

§07verifying the chain

the verify endpoint confirms the chain has not been tampered with. run this after any bulk operation or on a schedule to confirm ongoing integrity.

result = requests.get(
    "https://api.syensystems.com/api/v1/verify",
    headers=headers,
    params={"stream_id": "your-tenant-id:prod-us-east-1:credit-decisions"}
).json()

if result["verified"]:
    print(f"Chain verified: {result['checked_count']} events")
else:
    print("Integrity failure detected. Contact sales@syensystems.com.")

§08retrieving proof

for any event, retrieve the full non-repudiable proof package. this includes cryptographic signatures, chain linkage, and the human decision surface if present. payload data is never returned.

event_id = receipt["event_id"]

proof = requests.get(
    f"https://api.syensystems.com/api/v1/proof/{event_id}",
    headers=headers
).json()

# proof is available for independent verification
# contact sales@syensystems.com for auditor verification documentation

note: the complete proof verification procedure including independent openssl verification commands is provided to enterprise and federal customers under the technical onboarding package. contact sales@syensystems.com.

§09external timestamp anchoring

syen comply performs daily anchoring of the chain to an external fips-compliant trusted timestamp authority. the anchor record is retrievable via the api and independently verifiable by any authorized auditor.

anchor = requests.get(
    "https://api.syensystems.com/api/v1/anchor/2026-03-20",
    headers=headers
).json()

print(anchor["anchor_status"])      # complete
print(anchor["anchor_created_at"])

# independent verification documentation available to
# enterprise and federal customers on request

§10api reference

all endpoints require a bearer token from POST /api/v1/attest except GET /api/v1/health.

method	endpoint	description
`POST`	`/api/v1/attest`	establish session, receive bearer token
`POST`	`/api/v1/events`	ingest an audit event. accepts optional context objects: `policy_context`, `data_lineage`, `ai_execution_context`, `guardrail_context`, `human_review_context`, `outcome_context`. see §13.
`GET`	`/api/v1/proof/{event_id}`	retrieve cryptographic proof for an event
`GET`	`/api/v1/verify`	verify chain integrity for a stream
`GET`	`/api/v1/health`	system health and status
`GET`	`/api/v1/anchor/{date}`	external timestamp anchor record for a date

§11decision complexity tiers

when a human review is recorded, the velocity flag fires if the signoff was faster than the threshold for the tier. the event is always recorded regardless of the flag.

tier	name	flag threshold	use for
1	routine	< 500ms	low-stakes automated approvals
2	standard	< 2 seconds	standard business decisions (default)
3	high-risk	< 10 seconds	high-stakes or irreversible decisions

§12production deployment

syen comply deploys on kubernetes via helm chart. production deployment documentation including infrastructure requirements, kms configuration, and security hardening guidelines is provided to customers during technical onboarding.

contact sales@syensystems.com to begin the onboarding process. enterprise and federal customers receive dedicated deployment assistance.

§13context objects

the following six context objects may be passed as optional fields on any event POST. each object is independently optional. fields within each object are optional unless marked required.

policy_context

field	type	description
`policy_id`	`string`	identifier of the policy that governed this event
`policy_version`	`string`	semantic version of the policy at time of execution
`framework_name`	`string`	compliance framework — e.g. NIST_AI_RMF, SOC2, HIPAA
`requirement_id`	`string`	specific requirement within the framework — e.g. GOVERN-1.2
`policy_effect`	`string`	decision the policy produced — ALLOW, DENY, REQUIRE_REVIEW
`exception_approved`	`boolean`	whether a policy exception was approved for this event
`exception_approver_id`	`string`	identity of the exception approver if exception_approved is true

data_lineage

field	type	description
`data_asset_id`	`string`	identifier of the dataset or data asset used
`data_source_system`	`string`	source system — e.g. snowflake, cloudera, oracle-ebs
`contains_pii`	`boolean`	whether the data contains personally identifiable information
`contains_phi`	`boolean`	whether the data contains protected health information
`contains_financial`	`boolean`	whether the data contains financial account data
`consent_basis`	`string`	legal basis for data use — e.g. contractual_necessity, consent
`data_classification`	`string`	classification tier — e.g. public, internal, confidential, restricted
`retention_policy_id`	`string`	identifier of the retention policy governing this data
`lineage_upstream_ids`	`array of strings`	ids of upstream datasets this asset was derived from

ai_execution_context

field	type	description
`model_provider`	`string`	model provider — e.g. anthropic, openai, google, aws
`model_name`	`string`	model name — e.g. claude-sonnet-4-6, gpt-4o, gemini-1.5-pro
`model_version`	`string`	specific model version string
`prompt_hash`	`string`	sha-256 hash of the prompt sent to the model
`response_hash`	`string`	sha-256 hash of the model response
`agent_runtime`	`string`	agent framework — e.g. langchain, langgraph, custom
`agent_decision_type`	`string`	type of decision — recommendation, classification, generation
`agent_reversibility_flag`	`boolean`	whether the agent action can be reversed after execution
`retrieval_sources`	`array of strings`	source ids or uris used in rag retrieval
`tool_calls_made`	`array of strings`	names of tools the agent invoked during this execution
`inference_latency_ms`	`integer`	time in milliseconds from prompt submission to response receipt

guardrail_context

field	type	description
`kill_switch_checked`	`boolean`	whether a kill switch was evaluated before execution
`kill_switch_result`	`string`	result of kill switch check — PASS, BLOCK
`approval_gate_result`	`string`	result of any approval gate — APPROVED, DENIED, BYPASSED
`sandbox_executed`	`boolean`	whether the action ran in a sandbox environment first
`risk_score`	`float`	numeric risk score assigned at time of execution — 0.0 to 1.0
`override_invoked`	`boolean`	whether a human override was used to bypass a control
`override_approver_id`	`string`	identity of the person who authorized the override

human_review_context

field	type	description
`human_review_required`	`boolean`	whether human review was required for this event
`review_decision`	`string`	decision made by the reviewer — APPROVE, REJECT, ESCALATE
`final_approver_id`	`string`	identity of the final human approver
`review_latency_ms`	`integer`	time in milliseconds from review request to final decision
`review_interface`	`string`	interface used for review — e.g. servicenow, internal-portal
`reviewer_role`	`string`	role of the reviewer — e.g. credit_analyst, compliance_officer

outcome_context

field	type	description
`decision_result`	`string`	final decision — APPROVED, DENIED, ESCALATED, BLOCKED
`actual_action_taken`	`string`	specific action executed as a result — e.g. credit.line.issued
`downstream_system_notified`	`string`	system that received the outcome — e.g. oracle-ebs, servicenow
`rollback_possible`	`boolean`	whether this action can be reversed
`financial_impact_usd`	`float`	dollar value of the action if financially material

§14the 10 proof elements

syen comply is designed to satisfy 10 proof requirements that regulators, auditors, and courts apply to governed ai decisions. the table below maps each requirement to the api fields that must be present to satisfy it. an integration is considered complete when all 10 elements are populated for every governed event.

#	proof requirement	required fields
1	who acted	`agent_id, tenant_id, agent_code_hash`
2	what action	`event_type, event_class`
3	what policy applied	`policy_context.policy_id, policy_context.policy_version, policy_context.framework_name`
4	what data was involved	`data_lineage.data_asset_id, data_lineage.contains_pii, data_lineage.consent_basis`
5	what model or agent ran	`ai_execution_context.model_provider, ai_execution_context.model_name, ai_execution_context.prompt_hash`
6	what controls fired	`guardrail_context.kill_switch_checked, guardrail_context.approval_gate_result`
7	what outcome happened	`outcome_context.decision_result, outcome_context.actual_action_taken`
8	whether human reviewed	`human_review_context.human_review_required, human_review_context.review_decision`
9	compliance framework mapping	`policy_context.framework_name, policy_context.requirement_id`
10	record not altered	`automatic — cryptographic proof of integrity is applied to every event at time of ingestion and is independently verifiable. verification methodology and tooling are provided to enterprise and federal customers during technical onboarding.`

§15source system mapping

syen comply accepts event data from any upstream system via the /api/v1/events endpoint. the mappings below show which syen comply fields to populate from each source system category and which event_class to use.

identity and access

source systems · okta, sailpoint, microsoft entra, cyberark, saviynt, prove

agent_id — the authenticated user or service account identifier
event_class — ACCESS for session grants, privilege escalations, access reviews
human_review_context.final_approver_id — the identity that approved the access decision
guardrail_context.approval_gate_result — the access decision — APPROVED or DENIED
policy_context.policy_id — the access policy that governed the decision
data_lineage.data_source_system — set to the identity provider name

trigger · POST to /api/v1/events on every session grant, privilege escalation, mfa challenge result, or access review decision.

communications and archiving

source systems · global relay, smarsh, mimecast, proofpoint, arctera

event_class — DATA for communication capture events
data_lineage.data_asset_id — the archived message or thread identifier
data_lineage.data_source_system — set to the archiving platform name
data_lineage.contains_pii — set based on the communication content classification
payload — include communication type, channel, custodian identifiers
policy_context.policy_id — the supervision policy that flagged or cleared the communication

trigger · POST to /api/v1/events when a communication is flagged, escalated, placed on legal hold, or cleared by a supervision workflow.

fraud, aml, and investigations

source systems · nice actimize, feedzai, sardine, quantifind, featurespace, quantexa, fico falcon

event_class — DETECTION for alerts fired, ANALYSIS for risk scores, OUTCOME for final case disposition
guardrail_context.risk_score — the numeric risk score from the fraud or aml engine
guardrail_context.approval_gate_result — the case decision — APPROVED, DENIED, ESCALATED
human_review_context.review_decision — analyst disposition of the alert or case
human_review_context.final_approver_id — the investigator or analyst who closed the case
outcome_context.decision_result — final case outcome
outcome_context.financial_impact_usd — transaction value if financially material
ai_execution_context.model_provider — the fraud model provider
ai_execution_context.model_name — the specific detection model

trigger · POST on alert creation, case status change, analyst review, and final case disposition.

data and analytics

source systems · snowflake, cloudera, teradata

event_class — DATA for query execution and dataset access
data_lineage.data_asset_id — the dataset, table, or view identifier
data_lineage.data_source_system — set to the platform name
data_lineage.contains_pii — set based on dataset classification
data_lineage.contains_financial — set based on dataset classification
data_lineage.lineage_upstream_ids — upstream dataset identifiers if this dataset is derived
data_lineage.data_classification — the data tier from your governance catalog
payload — include query hash, row count accessed, requesting service identity

trigger · POST on every governed dataset query, export, or transformation that feeds a downstream ai decision or compliance-relevant workflow.

ai execution

source systems · azure openai, aws bedrock, gemini api, langchain, langsmith

event_class — EXECUTION for model inference events
ai_execution_context.model_provider — the model provider
ai_execution_context.model_name — the specific model
ai_execution_context.model_version — the model version string
ai_execution_context.prompt_hash — sha-256 hash of the prompt — do not send the prompt itself
ai_execution_context.response_hash — sha-256 hash of the response — do not send the response itself
ai_execution_context.agent_runtime — the agent framework if applicable
ai_execution_context.tool_calls_made — names of any tools the agent invoked
ai_execution_context.retrieval_sources — source ids used in rag retrieval
ai_execution_context.inference_latency_ms — latency in milliseconds
policy_context.policy_id — the ai governance policy governing this inference

trigger · POST on every model inference that feeds a governed business decision. hash the prompt and response locally before sending. never send raw prompt or response content to the syen comply api.

appsec and code quality

source systems · veracode, sonarqube, checkmarx, mend, deepsource

event_class — INTENT for policy and scan configuration changes, ANALYSIS for scan results
agent_code_hash — sha-256 hash of the artifact that was scanned
policy_context.policy_id — the appsec policy that governs this artifact
guardrail_context.approval_gate_result — the gate decision — APPROVED, DENIED, REQUIRES_REMEDIATION
payload — include scan tool name, finding count by severity, artifact identifier

trigger · POST on scan completion and on gate decision — approved to deploy or blocked pending remediation.

workflow and itsm

source systems · servicenow, pagerduty

event_class — RESPONSE for actions taken during incidents, INTENT for change requests
payload — include ticket or incident identifier, assigned team, priority level
human_review_context.final_approver_id — the approver of the change or incident action
human_review_context.review_decision — APPROVE or REJECT
guardrail_context.approval_gate_result — change advisory board result if applicable
outcome_context.actual_action_taken — the specific configuration change or remediation applied
outcome_context.downstream_system_notified — the system that received the change

trigger · POST on change approval, incident escalation, production change execution, and incident closure.

endpoint and device

source systems · crowdstrike, jamf pro, microsoft intune

event_class — DETECTION for endpoint threats, ACCESS for device compliance checks
data_lineage.data_source_system — set to the endpoint platform name
guardrail_context.risk_score — device risk score from the endpoint platform
guardrail_context.approval_gate_result — PASS or BLOCK based on device compliance state
payload — include device identifier, os version, compliance policy result, detection type if applicable

trigger · POST on device compliance check failures, threat detections, and policy enforcement actions that gate application or data access.

finance and ap/ar

source systems · blackline, sap ariba, coupa, oracle ebs, tipalti, highradius

event_class — EXECUTION for payment and approval actions, OUTCOME for final financial decisions
outcome_context.financial_impact_usd — dollar value of the transaction
outcome_context.actual_action_taken — the specific financial action — e.g. payment.issued, credit.line.approved, invoice.written.off
outcome_context.downstream_system_notified — receiving system — e.g. oracle-ebs, bank-api
human_review_context.final_approver_id — the finance approver identity
human_review_context.review_decision — APPROVE or REJECT
policy_context.policy_id — the financial controls policy governing this transaction
data_lineage.data_source_system — set to the finance platform name

trigger · POST on payment approval, write-off approval, credit decision, vendor onboarding approval, and any transaction that requires an audit trail for sox, gaap, or regulatory examination.

§16support

email: sales@syensystems.com
aws marketplace: support available via listing page
azure marketplace: support available via listing page
enterprise and federal: dedicated technical account management

syen systems llc · sales@syensystems.com

integration guide · v1.2 · april 2026

integrations → support →