# Viewing-Key Audit

**Viewing-Key Audit** is the compliance layer of Tirai.

It allows auditors to see every payment a project has ever made — without compromising the privacy of any researcher who received those payments.

<figure><img src="/files/bYgDvWloNy2wSZehXUDC" alt="" width="563"><figcaption></figcaption></figure>

## How an Audit Works

{% stepper %}
{% step %}
The auditor receives a viewing key from the project off-chain (email, encrypted DM).
{% endstep %}

{% step %}
On `/audit`, they paste the key and click **Scan**.
{% endstep %}

{% step %}
The Tirai wrapper calls `scanAuditHistory(viewingKey)`, which:

* Reads pre-indexed UTXO commitments from the **Tirai indexer cache** (Railway worker that watches the Cloak program and persists encrypted notes to Supabase)
* Trial-decrypts every commitment locally in the auditor's browser using the viewing key
* Returns only the entries that successfully decrypt
* **Excludes destination wallets** from the result type

The indexer never sees plaintext data — it only caches encrypted on-chain notes for performance. Decryption always happens client-side with the viewing key, which never leaves the auditor's browser.
{% endstep %}
{% endstepper %}

## What the Audit Returns

The audit dashboard renders one row per matching payment:

* **Amount** — in lamports or token units
* **Date** — block timestamp of the deposit
* **Label** — the human-readable description set at deposit time
* **Status** — Pending, Claimed, or Expired
* **Transaction signature** — for on-chain verification of the deposit only

## What the Audit Excludes

The auditor cannot see:

* The destination wallet of any claimed payment
* The researcher's identity or contact details
* The withdrawal transaction signature
* Any data linking a specific deposit to a specific researcher

These fields are **structurally absent** from the SDK output.

## Export Formats

The audit dashboard supports two export formats:

* **CSV** — for spreadsheet analysis and tax filing
* **PDF** — for compliance reports and stakeholder distribution

Both formats preserve the same privacy boundary as the dashboard view.

## Per-Project Scoping

Each viewing key is scoped to one project's deposits.

Properties:

* A leaked key reveals only metadata (amount, date, label) — never destination wallets
* Keys can be rotated across audit periods (quarterly, annually)
* Multiple keys can co-exist, each scoped to a different time window

This makes viewing keys safe to share with external auditors and accountants.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://moai-3.gitbook.io/tirai-frontier/products/viewing-key-audit.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.