Audit Logs for AI Tool Use
When an AI agent runs autonomously, you need to know what it did. Not just the final output — every tool call, file access, and network request along the way.
The audit log
Runtime Guard's audit log captures:
- Timestamp: When the action occurred
- Event: What the agent attempted (command, file path, URL)
- Risk score: How dangerous the action is in context (0–100)
- Reason: Why the score was assigned
- Action taken: Blocked, approved, or allowed
Why logging matters
- Debugging: When something goes wrong, you can trace exactly what happened
- Accountability: Know which agent or plugin performed which action
- Compliance: Some workflows require evidence of what automated systems did
- Learning: Review logs to tune your policies over time
What a good audit trail looks like
A useful audit log is:
- Complete: Every action, not just blocked ones
- Structured: Machine-readable format (JSON) for analysis
- Exportable: You can download and process it externally
- Retention-configurable: Keep logs for as long as your workflow requires
Current status
Local audit logging ships in v0.2. Export (JSON/CSV) is planned for v0.3. See the full roadmap for details.
Preview the event timeline format: run a demo scan.
Try Runtime Guard
See runtime security in action or request early access.