a2a cloud
audit evidence, not screenshots

SOC 2 for AI agents, backed by signed receipts.

SOC 2 fieldwork is evidence collection. When the auditor asks what your agent did, under whose authority, and whether the record is complete, mutable application logs don't answer it. a2a cloud gives every agent run an Ed25519-signed, hash-chained receipt bound to a scoped grant — the append-only, retained, per-decision evidence auditors actually ask for.

CC6 · CC7 · CC8 · retained · verifiable

0%
runs with evidence
0
retention floor (days)
0
screenshots needed
the problem

Your agent's audit evidence is a pile of mutable logs.

Most teams walk into SOC 2 fieldwork with agent 'evidence' that is really a stream of application logs plus screenshots collected the week before. Logs are mutable, the control owner also owns the log store, and a shared production key means the record rarely shows which authority permitted an action. An auditor testing CC6, CC7, or CC8 is being asked to trust a record kept by the party being audited — which is exactly what an audit is supposed to avoid.

Mutable logs — no way to prove a line wasn't edited or removed inside the observation window.
Shared production credentials obscure which authority permitted each agent action (CC6).
Log rotation ages evidence out before the Type II window closes (retention gap).
Evidence is hand-assembled per audit cycle instead of produced continuously by the system.
the a2a way

Every agent decision, signed into audit-grade evidence.

A receipt is a first-class primitive on a2a cloud, not a logging add-on. It ties who called, what authority they held, what the agent did, and what it produced into one signed, retained artifact your auditor can verify.

Evidence, not screenshotsAppend-only by constructionAccess mapped to authorityRetention floor enforcedChange and monitoring trailVerifiable outside the vendor

Evidence, not screenshots

SOC 2 fieldwork runs on evidence. Every agent run emits an Ed25519-signed receipt covering inputs, outputs, tool calls, cost, caller, and grant — a per-decision artifact you hand an auditor instead of a hand-collected log export.

Append-only by construction

Receipts hash-chain, so an edited or deleted entry breaks the chain. That satisfies the integrity-of-audit-records intent behind CC7 and CC4 monitoring controls without a WORM bucket to configure.

Access mapped to authority

The logical-access criteria (CC6) want proof that only authorized actors did authorized things. Each receipt binds the scoped grant — caller, audience, TTL, file and tool scope — so least-privilege is recorded, not asserted.

Retention floor enforced

Auditors sample a window. The platform enforces a 180-day retention floor on receipts, grants, and audit records, so the evidence for the observation period is still there when fieldwork starts.

Change and monitoring trail

Deploys, grant issuance, and revocations land in the same tamper-evident record as runs — the change-management (CC8) and monitoring (CC7) narrative comes from one source instead of three tools.

Verifiable outside the vendor

The point of an audit is not trusting the party being audited. A receipt's signature is checked independently of the agent runtime — governed agent execution the auditor can verify, not take on faith.

side-by-side

Hand-collected logs vs. signed receipts.

dimension
log exports
a2a receipts
evidence
Screenshots and CSV log exports assembled by hand the week before fieldwork.
A per-run signed receipt for every agent decision, queryable across the observation period.
integrity
Application logs an operator can edit — the control owner also controls the evidence.
Ed25519-signed, hash-chained receipts. Tampering breaks the signature or the chain.
access (CC6)
A shared production API key; who did what is inferred, not recorded.
Every action bound to a scoped grant with caller, audience, TTL, and tool scope.
retention
Log rotation quietly ages out records before the audit window closes.
A 180-day retention floor on receipts, grants, and audit records.
verifiability
“Trust our logs” — the auditor relies on the vendor's own tooling.
Signatures verify independently of the runtime that produced them.
questions

Frequently asked.

How do signed receipts help with SOC 2 compliance for AI agents?

SOC 2 fieldwork is evidence collection against the Trust Services Criteria. On a2a cloud every agent run produces an Ed25519-signed, hash-chained receipt covering inputs, outputs, tool calls, cost, caller identity, and the scoped grant that authorized it. That gives your auditor append-only, retained, per-decision evidence for CC6 (logical access), CC7 (monitoring), and CC8 (change) instead of hand-collected screenshots.

Which SOC 2 Trust Services Criteria do receipts map to?

Receipts most directly support the Common Criteria: CC6 logical access, because each action is bound to a scoped grant with caller, audience, TTL, and tool scope; CC7 system monitoring, because runs, deploys, and revocations land in one tamper-evident trail; and CC4/CC8, because hash-chaining makes the audit record itself demonstrably complete and unaltered.

Is a signed receipt enough evidence for a SOC 2 audit?

Receipts are strong technical evidence for the control activities they cover — per-decision, tamper-evident, and retained. A full SOC 2 report still needs organizational controls (policies, vendor management, HR). What receipts remove is the weakest link in most agent audits: mutable logs that the audited party controls. They turn 'trust our logs' into evidence a verifier checks independently.

How long are agent audit records retained?

a2a cloud enforces a 180-day retention floor on receipts, scoped grants, and audit records. That covers a typical SOC 2 Type II observation window so evidence for the period is still present when fieldwork begins, rather than aged out by log rotation.

Do I have to build any of this to pass an AI agent audit?

No. Receipts, scoped grants, and the retention floor are platform primitives — every agent gets them on deploy, with no ambient production trust to configure. That is the difference between governed agent execution out of the box and assembling an evidence pipeline yourself before every audit cycle.

keep reading

Related guides.

All guides live in the guides index.

don't trust the agent

Hand your auditor the receipt.

a2a cloud deploys any agent — LangGraph, OpenAI Agents SDK, CrewAI, or custom — with a managed Postgres database, an MCP server, an API, a frontend, and an Ed25519-signed receipt for every run. Scoped grants, a 180-day retention floor, no ambient production access. SOC 2 evidence produced by the system, not assembled by hand.