Every operation. Reconstructable.

Shipped today: GET /v1/audit/log returns per-tenant entries reconstructed live from invocations, compile_jobs, observations, and stripe_events. Filter by ?since=<iso>, page with ?limit=N, export as ?format=jsonl or ?format=csv. Target architecture: a single durable audit_events table with HMAC-chained signatures so any tamper detection happens in O(1) instead of cross-table reconstruction.

Sign in to view your log

Your audit log is gated by your API key. Sign in or get an API key and the live entries land here.

Recent operations

What gets logged · live + target

Reconstructed live from invocations, compile_jobs, observations, and stripe_events scoped to your tenant. The durable audit_events table with single normalised schema and HMAC chain is target architecture.

Operation	Endpoint	Recorded fields
Capture	`POST /v1/capture/{anthropic,openai}`	tenant, namespace, model, input_hash, output_hash, latency_us, ts. Never the upstream API key.
Label export	`GET /v1/labels/synthesize-corpus`	tenant, namespace, format, row_count, ts
Distill job	`POST /v1/specialists/auto-distill`	tenant, namespace, base_model, target_size, job_id, ts
Compile	`POST /v1/compile`	tenant, task, model, recipe_hash, manifest_hash, signature, ts
Plan change	`POST /v1/account/change-plan` + Stripe webhook	tenant, prev_plan, new_plan, stripe_event_id, ts
Key rotation	`POST /v1/account/rotate-key`	tenant, prev_key_prefix, new_key_prefix, ts. Never full keys.

One entry, walked

{
  "op": "capture.anthropic",
  "tenant": "tenant_4f2e...",
  "namespace": "support-replies",
  "model": "claude-opus-4-7",
  "input_hash": "sha256:7c1f...a8e2",
  "output_hash": "sha256:2b94...d0e1",
  "latency_us": 1842318,
  "ts": "2026-05-09T14:22:08.118Z",
  "receipt": "hmac-sha256:e91c...4f72"
}

The receipt field is an HMAC over the entry under a per-tenant key derived from your RECIPE_RECEIPT_SECRET. Tampering with any field breaks the chain; kolm inspect --verify-receipt rejects.

What we don't log

Your upstream API key. The x-upstream-api-key header is forwarded once and dropped. Never persisted.
Your full prompt or response text. We hash for clustering and dedupe; the raw text lives in observations only if you opt in (and is yours to delete via /v1/observations/purge).
Cross-tenant data. Your audit log is scoped to your tenant id. There is no path that returns another tenant's entries.

Honest disclosure

The /v1/audit/log endpoint reconstructs entries on the fly from the source tables listed above. JSON, JSONL, and CSV export work today. The unified durable audit_events write path is target architecture: one normalised row per operation, signed in an HMAC chain so tamper detection happens in O(1) rather than via cross-table reconstruction. Subscribe to the roadmap for ship dates on the durable path.