# Auditor Flow (Audit)

The **Auditor Flow** describes how a compliance reviewer verifies a project's bounty payouts using a viewing key.

## Flow Overview

> Receive viewing key → Scan history → Export

{% stepper %}
{% step %}

### Receive the Viewing Key

The project shares the viewing key off-chain:

* The key appears once on the project's payment success card
* It is a 32-byte secret encoded in base58
* The project may rotate keys per audit period

You receive the key via email, encrypted DM, or the project's compliance portal.
{% endstep %}

{% step %}

### Scan the Project's History

Visit `/audit` and paste the viewing key.

Click **Scan**:

* Tirai pulls pre-indexed encrypted notes from the Supabase-backed indexer cache (a Railway worker that continuously watches the Cloak program)
* Each note is trial-decrypted **locally in your browser** with the viewing key
* Successfully decrypted entries appear in the dashboard
  {% endstep %}

{% step %}
The scan typically takes 5–30 seconds depending on the project's payment volume.

<figure><img src="/files/a2s5hcTL0tUV7Ap7TtYR" alt="" width="563"><figcaption></figcaption></figure>
{% endstep %}

{% step %}

### Review the Ledger

The dashboard shows one row per matching payment:

* **Amount** — paid in SOL or SPL token
* **Date** — block timestamp of the deposit
* **Label** — human-readable description set at payment time
* **Status** — Pending, Claimed, or Expired
* **Deposit signature** — on-chain hash for verification

Use the search and filter controls to narrow the scan to specific date ranges or amounts.
{% endstep %}

{% step %}

### Export the Report

Click **Export** and choose a format:

* **CSV** — for spreadsheet analysis, tax filing, or accounting software ingestion
* **PDF** — for compliance reports, board presentations, or regulator submissions

Both formats preserve the same privacy boundary as the dashboard.
{% endstep %}
{% endstepper %}

## What You Cannot See

By design, the auditor flow does **not** expose:

* The destination wallet of any claimed payment
* The researcher's identity or contact details
* The withdrawal transaction signature
* Any link between a specific deposit and a specific researcher

These fields are **structurally absent** from the SDK output and from the wrapper type system. There is no flag, role, or admin override that can reveal them.

This is the core privacy guarantee of the Tirai audit model.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://moai-3.gitbook.io/tirai-frontier/how-tirai-works/auditor-flow-audit.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.