Skip to Content
Audit Log

Audit Log

Immutable, append-only records of every significant action — tool calls, approvals, policy evaluations, and auth events. Structured JSON, indexed in OpenSearch.

Event structure

{ "id": "evt_a1b2c3d4", "timestamp": "2026-05-24T14:30:00.000Z", "runId": "run_x1y2z3", "actor": { "type": "agent", "id": "agent_dev" }, "action": "tool_call", "resource": { "type": "mcp_tool", "name": "github.pulls.create" }, "result": "success", "cost": { "tokens": 1250, "usd": 0.0037 } }

Event types

TypeDescription
run.createdNew run triggered
run.completed / run.failedRun finished
tool_callAgent invoked an MCP tool
approval.requested / .granted / .rejectedApproval gate activity
policy.evaluated / policy.blockedGuardrail evaluation
auth.loginUser authenticated

Querying

# CLI cendriix audit --run run_a1b2c3d4 --from 7d --format json # API curl "https://api.cendriix.ai/v1/audit/logs?from=2026-05-01T00:00:00Z" \ -H "Authorization: Bearer <jwt>"

Retention

PlanDefaultMax
Starter30 days90 days
Growth90 days1 year
Enterprise1 year7 years

Export to S3, Splunk, or any SIEM via the API.

See also: CLI: cendriix audit, API: GET /audit/logs, RBAC & SSO

Last updated on