Skip to main content
The Executions page shows the audit log for your project — every tool call made through the gateway, with the policy decision and full context.

Browsing the log

Navigate to Executions in your project sidebar. Each entry shows:
ColumnDescription
ToolThe tool that was called
IdentityWhich agent made the call
DecisionAllow or Deny
ReasonWhy the decision was made (policy name or default action)
TimeWhen the call was made
DurationHow long the upstream call took (for allowed requests)

Filtering

Use filters to narrow the log:
  • Identity — show calls from a specific agent
  • Task — show calls within a specific task session
  • Tool — show calls to a specific tool
  • Decision — show only allows or only denies
  • Time range — show calls within a date range

Execution details

Click any entry to see the full evaluation context:

Request details

  • Tool name and arguments
  • Identity name and labels
  • Task name, labels, and context (if a task session was active)

Policy evaluation

Each policy rule shows:
  • The rule name and type (allow/deny)
  • The CEL expression
  • Whether it matched (true/false)
  • If it was the deciding factor

Upstream response

For allowed calls:
  • The response from the upstream tool server
  • Response time

Using the audit log

Debug a denied request

When an agent reports a tool call failed:
  1. Filter by the agent’s identity
  2. Find the denied entry
  3. Expand it to see which policy rule blocked the request
  4. Check the CEL expression against the actual context values
  5. Update the policy if the denial was unintended

Verify policy changes

After publishing a new policy release:
  1. Have an agent make test calls
  2. Check the executions log to confirm allow/deny decisions match expectations
  3. Look at the policy evaluation details to ensure the right rules are triggering

Compliance reporting

The audit log provides the data needed for compliance audits:
  • Who accessed what (identity)
  • What they were doing (task context)
  • When the access happened (timestamp)
  • Whether it was permitted (decision + policy rule)
Audit log retention depends on your plan: 24 hours (Free), 7 days (Startup), 30 days (Business), 1 year (Enterprise).

Next steps

Audit log concept

Understand what’s captured in audit records and why.

Write policies

Adjust policies based on what you see in the audit log.