What the audit trail records
Each entry in the audit trail corresponds to one MCP tool call made during an agent session. The following fields are captured:Audit records are immutable. Once written, they cannot be edited or deleted from the dashboard or via the API.
Browsing audit events
Open Dashboard > Audit Trail to view the full event log. Events are displayed in reverse chronological order, paginated at 50 records per page.Filtering by date range
Use the date range picker at the top of the page to narrow the log to a specific window. The picker defaults to the last 7 days. You can select any custom range.Expanding a row
Click any row in the table to expand it and view the full action summary and the raw tool arguments passed by the agent.Paginating through events
Use the Prev and Next buttons below the table to move between pages. Each page shows up to 50 events.Understanding blast radius
Theblast_radius field gives you a quick signal of how impactful an action would have been if it had executed without any intervention:
Low
Low
Read-only operations or small, scoped writes with minimal downstream effect.
Medium
Medium
Writes that affect a bounded set of files or resources in a non-critical path.
High
High
Writes that could affect production systems, shared infrastructure, or multiple repositories.
Critical
Critical
Actions with broad or irreversible impact, for example, force-pushing to a protected branch or modifying secrets.
Exporting audit data
You can export the audit trail for a selected date range in two formats.- JSON export
- PDF export
Click Export JSON on the Audit Trail page to download all events within the current date range as a structured JSON file. The export includes metadata such as the export timestamp and total record count.The file is named
aegis-audit-YYYY-MM-DD.json and contains the full event payload for each action.