Skip to main content
Every time your agent calls an MCP tool, Aegis writes an immutable record of that action to the audit trail. The record captures the tool called, the decision Aegis made, the outcome, how long the action took, and how severe the potential impact was. You cannot delete or modify these records, the audit trail is append-only by design.

What the audit trail records

Each entry in the audit trail corresponds to one MCP tool call made during an agent session. The following fields are captured:
Audit records are immutable. Once written, they cannot be edited or deleted from the dashboard or via the API.

Browsing audit events

Open Dashboard > Audit Trail to view the full event log. Events are displayed in reverse chronological order, paginated at 50 records per page.

Filtering by date range

Use the date range picker at the top of the page to narrow the log to a specific window. The picker defaults to the last 7 days. You can select any custom range.

Expanding a row

Click any row in the table to expand it and view the full action summary and the raw tool arguments passed by the agent.

Paginating through events

Use the Prev and Next buttons below the table to move between pages. Each page shows up to 50 events.

Understanding blast radius

The blast_radius field gives you a quick signal of how impactful an action would have been if it had executed without any intervention:
Read-only operations or small, scoped writes with minimal downstream effect.
Writes that affect a bounded set of files or resources in a non-critical path.
Writes that could affect production systems, shared infrastructure, or multiple repositories.
Actions with broad or irreversible impact, for example, force-pushing to a protected branch or modifying secrets.

Exporting audit data

You can export the audit trail for a selected date range in two formats.
Click Export JSON on the Audit Trail page to download all events within the current date range as a structured JSON file. The export includes metadata such as the export timestamp and total record count.The file is named aegis-audit-YYYY-MM-DD.json and contains the full event payload for each action.

Retention settings

You can configure how long audit records are kept in Settings > Audit. The available retention options are:
Switching from a longer retention period to a shorter one may result in older records being deleted. Review your retention setting before changing it.