Trace Explorer
Browse, analyze, and verify every governance decision on the blockchain.
The Trace Explorer turns the append-only, tamper-evident trace store into something you can actually navigate — by agent, decision, policy, time, or full-text.
Open the Trace Explorer
Navigate to Monitoring → Traces in the sidebar.
📸 Screenshot: Trace Explorer with filter list
Filters
| Filter | Options |
|---|---|
| Decision | PASSED, BLOCKED, MODIFIED, APPROVED, REJECTED, WARN_PROCEEDED, JUSTIFIED |
| Agent | Dropdown of all registered agents |
| Policy | Which policy triggered |
| Time range | Last hour, today, last 7 days, custom range |
| Blockchain | Anchored, pending, local-only |
| Engine | nge_local, nge_fallback, llm_only, disabled |
| Trace type | VERIFY, MCP_TOOL_CALL, BROWSER_SHIELD, LIFECYCLE |
| Full-text search | Search across prompts and responses (subject to redaction) |
Combine filters freely. The URL captures the filter state — share a link to the exact view your colleague needs.
Trace detail
Click any trace to open the detail view. Sections (in order):
Prompt and response
- Prompt — input text (full or redacted depending on the agent's data-protection level)
- Response — LLM output, when captured
- Attachments — list of multi-modal payloads with content type and size
Decision
PASSED/BLOCKED/MODIFIEDwith the policy-supplied reason- Match details — what specifically triggered the decision (see below)
- User action badge — present when a reviewer recorded a manual action
Match details
Each match has a type and the field that fired:
type | What matched | Example |
|---|---|---|
keyword_match | Aho-Corasick or regex keyword | match: "delete from" |
entity_detection | NGE NER hit | entity: SSN, confidence: 0.99 |
tool_call | MCP tool name + agent | tool: bash.execute, agent: cursor-prod |
rate_pattern | Per-agent burst or rate signal | 15 calls in 10s |
semantic_similarity | NLI similarity above threshold | intent: leak credentials, score: 0.82 |
Detection modes (Exact Match / Semantic / Auto) determine which of these can fire. See Detection Mode.
NGE analysis
When NGE was active (engine nge_local or nge_fallback):
- Engine badge — shows which engine produced the decision and whether the call escalated to LLM-assist
- Confidence bars — bars per NLI dimension (
injection,toxicity,off_topic,pii_density) with the threshold line drawn at the active sensitivity preset - Entity labels — color-coded inline highlights on the prompt:
PII,SECRET,INJECTION,TOXICITY - Stage timing — milliseconds per pipeline stage (Regex / Aho-Corasick / ONNX NER / NLI / LLM-Assist) — useful for diagnosing slow traces
Triggered policies
List of every policy evaluated against the trace, with green checkmark (passed) or red flag (triggered). Click a policy to jump to its editor.
User action badge
If a reviewer recorded an action on this trace (Browser Guard WARN, MCP approval, etc.), a colored badge surfaces it:
| Action | Color | Meaning |
|---|---|---|
WARN_PROCEEDED | Amber | User saw the warning and continued anyway — justification recorded |
JUSTIFIED | Blue | User provided a business justification (e.g. "internal demo") |
APPROVED | Green | Reviewer approved a queued request |
REJECTED | Red | Reviewer rejected a queued request |
REDIRECTED | Purple | User redirected to a sanctioned alternative |
Hover the badge to see the justification text and the responsible user.
Governance metadata
Timestamp, agent ID, ingestion path, latency, source IP (hashed), Idempotency-Key.
Blockchain status
Integrity hash, Merkle proof path, Flare transaction hash, block number, anchor age. Verify on Flare opens the public block explorer.
Verifying a trace on the blockchain
In the trace detail, click Verify on Flare. A new tab opens with the Flare block explorer; the transaction hash matches what Palveron stored. For programmatic verification (e.g. inside an auditor's tooling), use the unauthenticated POST /api/v1/verify-proof endpoint.
CSV export
Click Export → CSV to download the currently filtered traces. Useful for ad-hoc analysis or evidence packages. For bulk exports above the dashboard limit (5,000 rows), use GET /api/v1/export.