The questions audit logs must answer
Which agent acted? Who owned it? What repository and branch was it operating on? What files were read or changed? What commands ran? What network requests were made? What secrets were detected or redacted? What approvals happened? What was blocked?
Without these answers, AI agent activity becomes a blind spot in SOC 2 evidence, enterprise questionnaires, incident response, and internal security reviews.
Event types
Session events
Session started, session ended, runtime mode, owner, repo, branch, agent provider, and risk tier.
Resource events
File read, write, delete, terminal command, Git operation, tool call, API call, network request, and cloud/database action.
Security events
Secret detected, redaction applied, sensitive data access, policy decision, alert, denial, approval requested, approval granted, and termination.
Report events
Session summary, blocked count, allowed count, files changed, sensitive paths touched, and PR audit evidence.
Do not log raw secrets
Audit should never become the second leak. Raw API keys, private keys, database URLs, OAuth secrets, cloud credentials, and SaaS tokens should be replaced before persistence. Store the secret type, location metadata, redaction marker, and policy decision.
Evidence buyers care about
- Registered AI agents and owners.
- Default-deny policy for production and secrets.
- Logs showing blocked secret reads and destructive commands.
- Approval logs for auth, payment, infra, CI/CD, and production changes.
- PR audit reports tied to agent sessions.
- Retention settings for team, business, and enterprise plans.