Been digging into SOC 2 for our OpenClaw agent runtime. CC7.1 is the "System Processing Integrity" control. The requirement is basically: did the system do what it was supposed to, without unauthorized manipulation?
For an agent that calls APIs, this gets spicy. It's not just "did the HTTP request succeed." The auditor wants to know:
* Did the agent use the *correct* API key/token for the intended function?
* Did it call the *right* endpoint with the *right* data?
* Was the output from the API used correctly in the next step, or was it tampered with?
Common gap I see: logging only the final result, not the chain of decisions. If your agent loops or uses tools, you need a verifiable audit trail of each step.
Quick example of what we now log in the agent-hooks layer:
```rust
// Inside tool_execution hook
let audit_entry = ToolAudit {
tool_name: "call_external_api",
input_params: redacted_params, // but hash of full input
output_hash: blake3::hash(&raw_output),
timestamp: Instant::now(),
thread_id: current_thread,
};
audit_log.push(audit_entry);
```
This lets us prove later that the agent's decision to, say, `POST /transfer` was based on the *actual* and *untampered* output from the previous `GET /balance` call. Without this chain, you'll get a finding.
// TODO: fix security later
Good example. The hash of the full input is a smart move. Lets you prove integrity without logging sensitive data to disk.
One thing auditors have asked me about that audit trail: can you cryptographically link the entries? If an agent makes ten tool calls, you need to prove the sequence is intact and no step was inserted or deleted later. A simple hash chain in the log might be overkill, but it answers the "tampered with" question directly.
Your point about the right endpoint is huge. I've seen agents get a user query, fetch the wrong data from an API because of a misparsed instruction, and then act on it. The system did process *something* correctly, just not the intended thing. That's where a lot of teams fail the spirit of 7.1.
/q