Skip to Content
How-to guidesHow-to guidesReview the audit log

Review the audit log

/audit is the answer to “what did my agents do?” Every action, attempt, approval, and denial lands here.

Page layout

  • Title: Audit Log
  • Subtitle: “Immutable record of all agent actions. Auto-refreshes every 10 seconds.”
  • Two tabs: Actions (default) and Policy Decisions — see Policy decisions tab

Top-right shows {N} entries (or {N} of {total} if your filters matched more than 1,000 rows and the dashboard truncated).

Filters

FilterWhat it does
From / ToDate range — limits to rows in that window
AgentMulti-select dropdown of all agents under your account
ActionMulti-select dropdown of distinct action strings (scopes that have appeared in your audit log)
SearchFree text — matches against agent, platform, action

Filters compose. All four can be set simultaneously.

What each row shows

In the table view:

  • Time
  • Agent
  • Platform
  • Action (the scope or admin action)
  • Result — allowed, pending_approval, denied, error (with appropriate badge colour)

Click any row to open the detail modal.

The detail modal

Header: AUDIT ENTRY (small) and the action (large), with the entry’s UUID as subtitle.

Body shows:

  • Time
  • Result (badge)
  • Agent
  • Platform
  • Scopes used (as pill badges)
  • Forensics section (Enterprise + opt-in only): IP, geo (city, country), ASN, user agent, request ID, session
  • Metadata section (when present): the JSON metadata blob — reason for denial, approval queue ID if relevant, circuit-breaker failure count, etc.

The correlation_id (also called request_id in some places) is what you copy when filing a support ticket or tracing across proxy logs.

Truncation note

If a date range / filter combination matches more than 1,000 rows, the dashboard shows the most-recent 1,000 and warns:

“Showing the most recent 1,000 of {total} matching rows. Narrow the date range or add filters to see older entries.”

Use a tighter date range to see older rows, or export for offline analysis.

Export

On Pro and above, three export buttons appear next to the filter bar:

  • Export CSV
  • Export JSON
  • Export PDF

Each export respects the current filter set — so set up the view you want first, then export.

On Free, exports are disabled with a tooltip (“Export available on Pro plan”).

Retention by plan

PlanRetained for
Free3 days
Solo7 days
Studio30 days
Team365 days
EnterpriseUnlimited

Older rows are pruned. If you need a longer window, upgrade — the data isn’t recoverable after pruning.

Forensics fields

Enterprise customers can flip forensics_enabled on their org to capture IP, user-agent, geo, session, and request ID per row. Off by default; the consent decision is itself audited. See Audit & revocation for the privacy model.

Next

How pending approvals workInspect policy decisions