Every time your agent calls an MCP tool, Aegis writes an immutable record of that action to the audit trail. The record captures the tool called, the decision Aegis made, the outcome, how long the action took, and how severe the potential impact was. You cannot delete or modify these records, the audit trail is append-only by design.Documentation Index
Fetch the complete documentation index at: https://docs.runaegis.co/llms.txt
Use this file to discover all available pages before exploring further.
What the audit trail records
Each entry in the audit trail corresponds to one MCP tool call made during an agent session. The following fields are captured:| Field | Description |
|---|---|
agent_name | The name of the agent that initiated the action |
tool_name | The MCP tool that was called (e.g. create_pull_request, push_files) |
action_summary | A plain-language description of what the agent attempted |
decision | The policy outcome: ALLOW, DENY, REWRITE, or REQUIRE_APPROVAL |
target_repo | The GitHub repository the action targeted |
target_branch | The branch targeted, if applicable |
execution_time | How long the action took to evaluate and execute, in milliseconds |
blast_radius | The assessed impact severity: Low, Medium, High, or Critical |
policy | The policy verdict, pass when all checks passed, or an enforced state when a policy intervened |
timestamp | When the action occurred |
session_id | The session the action belonged to |
Audit records are immutable. Once written, they cannot be edited or deleted from the dashboard or via the API.
Browsing audit events
Open Dashboard > Audit Trail to view the full event log. Events are displayed in reverse chronological order, paginated at 50 records per page.Filtering by date range
Use the date range picker at the top of the page to narrow the log to a specific window. The picker defaults to the last 7 days. You can select any custom range.Expanding a row
Click any row in the table to expand it and view the full action summary and the raw tool arguments passed by the agent.Paginating through events
Use the Prev and Next buttons below the table to move between pages. Each page shows up to 50 events.Understanding blast radius
Theblast_radius field gives you a quick signal of how impactful an action would have been if it had executed without any intervention:
Low
Low
Read-only operations or small, scoped writes with minimal downstream effect.
Medium
Medium
Writes that affect a bounded set of files or resources in a non-critical path.
High
High
Writes that could affect production systems, shared infrastructure, or multiple repositories.
Critical
Critical
Actions with broad or irreversible impact, for example, force-pushing to a protected branch or modifying secrets.
Exporting audit data
You can export the audit trail for a selected date range in two formats.- JSON export
- PDF export
Click Export JSON on the Audit Trail page to download all events within the current date range as a structured JSON file. The export includes metadata such as the export timestamp and total record count.The file is named
aegis-audit-YYYY-MM-DD.json and contains the full event payload for each action.Retention settings
You can configure how long audit records are kept in Settings > Audit. The available retention options are:| Option | Records kept for |
|---|---|
| 90 days | Rolling 90-day window; older records are purged automatically |
| 1 year | Rolling 12-month window |
| Forever | Records are never automatically deleted |