The Audit page (/audit) is the complete, immutable record of everything that happened on the platform. Every workflow step, governance decision, registry change, agent execution, and system action is logged with full context. Events stream in via Dashboard API reactive subscriptions — new entries appear the moment they are written.
Event Log
The audit log is append-only by design. No delete or update mutations are exposed — once recorded, an event cannot be modified or removed. Each event shows:
| Field | Description |
|---|
| Category | Governance, execution, lifecycle, security, or configuration |
| Event type | Specific action (e.g., workflow_started, step_failed, policy_evaluated) |
| Resource | The affected resource with a link to its detail page |
| Actor | Who or what triggered the event (user or agent) |
| Timestamp | Precise time in both relative and absolute format |
| Detail payload | Full event data, expandable as formatted JSON |
Filtering
Combine filters for precision:
| Filter | Options |
|---|
| Category | Governance, execution, lifecycle, security, configuration — or All |
| Time range | 1h, 6h, 24h (default), 7d |
| Resource type | Workflow, step, agent, gateway, policy |
| Resource ID | Scope to a specific resource |
| Actor | Filter to a specific user or agent |
| Text search | Free-text across event type, step ID, actor, and detail payload |
Timeline View
Switch from the default table view to a chronological timeline visualization. Events display as cards on a vertical timeline with colored dots matching their category. Zoom into specific time windows to see the exact sequence of events.
The timeline view is particularly useful for incident investigation — seeing how events across categories interleave reveals patterns that a flat list obscures.
Run Audit
All events related to a specific workflow run, aggregated into a single timeline. Access this from the run detail page or by filtering the audit log to a run ID. The run audit shows the complete history:
- Launch — who started the run, with what inputs
- Governance decisions — every policy evaluation and gate outcome
- Step dispatches — which agent, which gateway, with what parameters
- Completions and failures — step outcomes with timing and cost
- Approvals — requests, resolutions, and escalations
This is the compliance view — everything that happened in one run, in order, with full detail.
Deep Linking
Click any entity reference in the log to navigate directly to the relevant resource:
| Click target | Navigation |
|---|
| Run ID | Opens the workflow run detail page |
| Agent ID | Opens the agent detail page |
| Step ID | Opens the step detail within the parent run |
| Actor | Filters the audit log to all recent actions by that actor |
#entity=run:abc123) for sharing direct references with other operators.
The append-only guarantee supports SOC 2 and incident response requirements. Data lifecycle is managed through retention policies with TTL-based cleanup — a controlled, auditable mechanism rather than arbitrary deletion.
