The activity resource is the API over the activity log. Every state transition, every decision, every approval, every cost breach lands in this log, and this endpoint is how you search and export it. The log is append-only. There is no POST, no DELETE, no PATCH through this API. The orchestrator writes entries; you read them.

Endpoints

MethodPathPurpose
GET/v1/companies/{cid}/activitySearch activity
GET/v1/companies/{cid}/activity/{id}Get one entry
GET/v1/companies/{cid}/activity/exportExport filtered results
GET/v1/companies/{cid}/auditThe narrower audit trail

The activity entry

{
  "id": "act_a1b2c3",
  "companyId": "cmp_d4e5f6",
  "category": "approval",
  "action": "approval.approved",
  "actor": "user:alice",
  "subject": { "type": "approval", "id": "apr_g7h8i9" },
  "related": {
    "taskId": "iss_j0k1l2",
    "agentId": "agt_m3n4o5",
    "runId": "run_p6q7r8"
  },
  "payload": {
    "approval": {
      "action": "publish blog post",
      "cost": { "usd": 0 }
    },
    "note": "ship it"
  },
  "at": "2026-04-11T10:42:17Z"
}
Every entry has:
  • category — high-level group (task, approval, budget, run, delegation, audit)
  • action — the specific event within the category (task.started, approval.denied, budget.breach.hard)
  • actor — who caused it; user:<id> for humans, agent:<id> for agents, system:<component> for the orchestrator
  • subject — the primary object the event is about
  • related — other objects the event refers to, so you can join entries on a task or a run
  • payload — category-specific details

Searching

curl -s "http://localhost:3100/v1/companies/cmp_d4e5f6/activity?category=approval&status=denied&since=7d" \
  -H "Authorization: Bearer $CA_API_TOKEN"
Query parameters:
  • q — free text, matches payload and actor notes
  • category — one or more categories, comma separated
  • action — exact action string (e.g., task.started)
  • actor — exact or prefix match (user: matches all humans)
  • subject.type, subject.id — filter by subject
  • related.taskId, related.agentId, related.runId — join shortcuts
  • since, until — time range (ISO or relative)
  • cursor, limit — pagination
Search is backed by Postgres full-text search on the payload column plus indexed lookups on the metadata columns. Queries with a tight time range and a category are fast even on large companies; open-ended queries can be slow and are rate-limited.

Get one entry

curl -s http://localhost:3100/v1/companies/cmp_d4e5f6/activity/act_a1b2c3 \
  -H "Authorization: Bearer $CA_API_TOKEN"
Returns the entry with the full payload. For most categories, getting a specific entry adds no information beyond what search returned; for a few (detailed approvals, budget breach snapshots), it does.

Export

curl -s "http://localhost:3100/v1/companies/cmp_d4e5f6/activity/export?format=jsonl&since=2026-04-01" \
  -H "Authorization: Bearer $CA_API_TOKEN" \
  -o activity-april.jsonl
Formats:
  • jsonl — one entry per line, lossless
  • csv — flattened, suitable for spreadsheets
  • pdf — a formatted report
Exports are rate-limited (one per minute per token). A full month of activity for a busy company is a few megabytes.

The audit trail

/v1/companies/{cid}/audit is a narrower, stricter subset of the activity log. It contains only the events that satisfy compliance requirements:
  • All approvals (approved, denied, edited, expired)
  • All budget breaches
  • All credential creation, rotation, and deletion
  • All deployments and prod-touching actions
  • Any action flagged as sensitive by the agent’s policy
curl -s "http://localhost:3100/v1/companies/cmp_d4e5f6/audit?since=30d" \
  -H "Authorization: Bearer $CA_API_TOKEN"
Audit entries cannot be archived or purged without explicit sign-off by the company owner, and every export of the audit trail is itself logged as an audit entry.

Retention

Activity log retention is configured at the company level. By default:
  • Hot storage: 90 days
  • Archived: 2 years
  • Audit trail: indefinite
Archived entries are still searchable but the query takes a few seconds longer to fetch. You can configure retention under Settings → Compliance on the dashboard; there is no API for retention settings yet.

Webhooks

You can stream any category of the activity log as webhooks, which is how you wire Company Agents into Slack, PagerDuty, or a custom observability stack. Configure webhook filters at Settings → Webhooks:
  • Match by category, action, or actor prefix
  • Optional payload transformer (JSONPath or jq expression)
  • Delivery retry with exponential backoff
Payloads have the same shape as the activity entries above.

Next