Skip to content

Audit Logs

The Audit Logs page shows every tool call every agent in your workspace has made. Records are permanent and cannot be edited or deleted - this is your tamper-proof execution history.

Log view

The default view is a table of all executions, sorted newest first. Each row shows:

  • When the call was made
  • Which agent made it
  • Which tool was called
  • Whether it succeeded or failed
  • How long it took
  • Which policy authorized it

Click any row to expand it and see the full details: the exact inputs the agent provided, the instruction that triggered the call, any error message, and which data fields were hidden from the log by redaction rules.

Filtering

Use the filters at the top to narrow results by agent or by time range. This is useful when investigating a specific agent's behavior during a particular period.

Trace view

Switch to trace view when you want to see a complete picture of a multi-agent workflow - all the calls that happened as part of one connected session.

How traces work

When an agent connects and starts making calls, KeyRunner groups all of those calls together under a shared session identifier. If that agent delegates work to other agents (a common pattern in multi-agent systems), those child agents' calls are included in the same group.

The trace view shows this as a timeline: the first call at the top, subsequent calls below it, with child agent calls indented under their parent. Each call shows its tool name, agent, duration, and whether it succeeded or failed.

What to use traces for

Debugging a failure - If an agent workflow broke, find the session in trace view to see exactly which call in the chain failed and at what point.

Understanding how a workflow ran - See the sequence of tool calls an agent made, how long each step took, and which agents were involved.

Compliance and audit - Produce a complete record of everything that happened in a single agent session, including all agents involved and all tools called.

Records are immutable

Audit log entries are written once when an execution completes and cannot be changed. This ensures the history you see is exactly what happened, and can be trusted for security reviews and compliance reporting.

Released under the MIT License.