The activity log is the source of truth for what happened in your company. Every agent action, every delegation, every approval, every dollar spent, every workflow run leaves a line in the log. Nothing is ever deleted, only archived. If something goes wrong, this is where you look first.

What gets logged

The orchestrator writes a log event for every state transition, not every tool call. A tool call that happens inside a normal task run is part of the run’s structured output, not a top-level event. Top-level events include:
  • Agent hired, paused, retired
  • Team created, reorganized, merged
  • Workflow created, edited, invoked
  • Task created, assigned, started, paused, resumed, completed, failed, cancelled
  • Delegation (intra-team, cross-team, human handoff)
  • Approval requested, answered, expired
  • Budget soft breach, hard breach, catastrophic breach, top-up
  • Run started, ended, killed
  • Audit trail entry created, amended, purged
Each event has a timestamp, an actor (the agent or human responsible), a subject (the task, agent, or team it concerns), a category, and a structured payload.

Reading the log

The activity log lives at Dashboard → Activity. The default view is reverse chronological for the current day, filtered to the top three categories (tasks, approvals, budgets). The filters are at the top of the page and remember your last selection. A single row expands to show the full payload. For a task event, you see the task title, the agent, the run ID, the duration, the token spend, and a link to the checkpoint that captured the agent’s final state. There is no “clear” button. You cannot delete log entries. You can archive entries older than the retention window (default 90 days) which moves them to cold storage. Archived entries are still searchable but take a few seconds longer to fetch.

Searching

The search bar at the top of the activity page accepts structured queries: 
agent:designer category:approval status:denied since:7d
task:"Launch landing page" category:budget
actor:human (breach OR override)
Fields you can filter on:
  • agent, team, company
  • actor (the human or agent who caused the event)
  • category (task, approval, budget, run, delegation, audit)
  • status (started, completed, failed, cancelled, etc.)
  • since (relative: 1h, 7d, 30d; or absolute ISO date)
  • until (same formats as since)
  • task (task title or ID)
  • run (run ID)
Free text search matches against the event payload and the agent’s own written notes.

Exporting

You can export any filtered view as:
  • JSONL — one event per line, lossless, suitable for feeding into another system
  • CSV — flattened, suitable for spreadsheets
  • PDF — a formatted report, suitable for sharing with someone who does not have access to the dashboard
Exports are rate-limited (one per minute per user) to keep the database from getting hammered. A full-company export for a busy month can be a few megabytes.

The audit trail

The audit trail is a narrower, stricter subset of the activity log. It contains only the events that satisfy compliance requirements: approvals, budget breaches, credential accesses, deployments, and any action flagged as sensitive by the agent’s policy. Audit trail entries cannot be archived or purged without explicit sign-off by the company owner, and every view or export of the audit trail is itself logged. Use the audit trail when you need to answer the question “can we prove what happened?” and the activity log when you need to answer “what happened?”

Log retention

By default:
  • Activity log entries are kept hot for 90 days, then archived
  • Archived entries are kept for 2 years, then purged
  • Audit trail entries are kept indefinitely (override under Settings → Compliance)
You can change these thresholds per company but not per team. Retention is a company-wide policy.

Next