Audit Logging
The gateway maintains an immutable record of every AI interaction. Audit logs capture who asked what, which model responded, how many tokens were used, what it cost, and whether DLP flagged anything. This provides the complete trail IT and compliance teams need for governance and regulatory reporting.
What's Logged
Every audit log entry includes the following fields:
| Field | Description | Example |
|---|---|---|
| User | The authenticated user who initiated the request | jane@acme.com |
| Action | The type of action performed | chat.completion, skill.run, automation.execute |
| Resource | The resource involved (chat, skill, assistant, engine) | chat:conv_abc123 |
| Model | The AI model that processed the request | claude-4-sonnet |
| Tokens (input) | Number of input tokens sent to the model | 1,245 |
| Tokens (output) | Number of output tokens generated by the model | 832 |
| Cost | Estimated cost based on configured model rates | $0.0142 |
| DLP Result | Whether DLP patterns were detected and what action was taken | clean, redacted:credit_card, blocked:ssn |
| IP Address | The IP address of the requesting client | 203.0.113.42 |
| User Agent | The client application identifier | Workjet Desktop/1.2.0 |
| Timestamp | When the request was processed (UTC) | 2026-04-14T09:32:15Z |
Action Types
The audit log records these action types:
login— User authentication eventschat.completion— Chat message sent and response receivedskill.run— Skill executedautomation.execute— Engine or assistant rancreate— Resource created (skill, assistant, engine, etc.)update— Resource updateddelete— Resource deletedexport— Data exportedinvite— User invited to the organization
Filtering Logs
Audit logs can be filtered by multiple criteria to find specific entries:
- Action type: Filter by login, create, update, delete, export, invite, or chat events
- User: Filter by specific user email
- Date range: Show logs within a specific time period
- Model: Filter by the AI model used
- DLP result: Show only flagged or clean entries
Logs are displayed in a paginated table in the Portal, with columns for user, timestamp, action, resource, and IP address.
Exporting Logs
Audit logs can be exported for compliance reporting, external analysis, or archival:
- CSV export: Download filtered logs as a CSV file
- JSON export: Download as structured JSON for programmatic processing
Exports include all fields from the log entries and respect any active filters.
Storage: Audit logs are stored in Cloudflare R2 for durable, low-cost archival. Logs are immutable once written — they cannot be edited or deleted.
Compliance Use Cases
Audit logging supports several compliance requirements:
- SOC 2: Demonstrate access control and monitoring of AI interactions
- HIPAA: Track access to AI-processed health information and DLP enforcement
- GDPR: Document data processing activities and DLP redaction of personal data
- Internal audits: Provide evidence of AI governance policies in action
- Incident response: Trace specific interactions when investigating security events
Retention
Audit logs are retained for the duration of your subscription. Enterprise customers can configure custom retention periods. Logs stored in R2 are durable and available for export at any time during the retention window.
Next Steps
- Set up DLP policies to generate meaningful DLP audit entries
- Configure cost controls to track spend alongside usage
- View audit logs in the Portal