AIE Audit Log (Change Log)
The AIE Audit Log tracks every significant change made to an AI Employee, providing a chronological record of who changed what and when. Use the audit log to troubleshoot unexpected behavior, satisfy compliance requirements, and maintain accountability across your team.
What Gets Logged
The audit log captures changes across the AI Employee lifecycle:
| Category | Example Events |
|---|---|
| Workflow changes | Workflow canvas edits, node additions/removals, connection changes |
| Configuration updates | AI Employee settings changes, integration configuration changes, model parameter adjustments |
| Persona modifications | Name changes, status changes (enabled/disabled), description updates |
| Import operations | AI Employee import started, completed, or failed (see Export & Import) |
Each log entry contains:
- Event type -- The specific action performed.
- Event category -- The broad category (workflow, configuration, persona, etc.).
- Summary -- A human-readable description of the change.
- Details -- Structured data with the specifics of the change (JSON format).
- Actor -- The user who performed the action (null for system-initiated events).
- Timestamp -- When the event occurred.
- Reference ID -- An optional link to a related entity (e.g., workflow ID, import request ID).
Viewing the Audit Log
Access Requirements
Viewing the audit log requires the CAN_VIEW_PERSONA permission. At the Workspace level, this means:
- Workspace Admin can view audit logs for all AI Employees.
- AI Employee Admin and AI Employee Manager can view audit logs for their specific AI Employee.
Tenant isolation is enforced -- you can only view audit logs for AI Employees within your own tenant.
API Access
The audit log is available through two interfaces:
| Interface | Endpoint | Format |
|---|---|---|
| REST (OTEL format) | GET /personas/{persona_id}/changelog/otel | OpenTelemetry log records with attributes |
| gRPC | ListPersonaAuditLog | Protobuf PersonaAuditEntry messages |
REST (OTEL) Endpoint
The REST endpoint returns audit log entries formatted as OpenTelemetry log records, making it compatible with observability pipelines.
Request parameters:
| Parameter | Type | Default | Description |
|---|---|---|---|
limit | integer | 100 | Number of entries to return (1--1000). |
page_token | string | null | Cursor for the next page of results. |
Response fields:
log_records-- Array of OTEL log records, each containingtime_unix_nano,body.string_value(the summary), andattributes(event type, category, actor, details).next_page_token-- Pass this value aspage_tokenin the next request to fetch the next page. Empty string when no more pages exist.
gRPC Endpoint
The ListPersonaAuditLog RPC returns strongly-typed PersonaAuditEntry messages.
Request fields:
| Field | Type | Description |
|---|---|---|
persona_id | string | The AI Employee ID to query. |
page_size | int32 | Entries per page (default 20, max 1000). |
page_token | string | Cursor for pagination. |
Pagination
The audit log uses cursor-based pagination. Each response includes a next_page_token (base64-encoded). Pass this token in the subsequent request to retrieve the next page. When the token is empty, you have reached the end of the log.
Entries are always returned in reverse chronological order (newest first).
Recording Events
Audit events are recorded automatically by the platform when changes occur. External services can also record events via the RecordPersonaAuditEvent gRPC endpoint. Required fields for recording:
persona_id-- The AI Employee being modified.tenant_id-- Must match the authenticated user's tenant.event_type-- The action type.event_category-- The category of the change.summary-- Human-readable summary.
Optional fields include details (structured JSON data), actor_user_id, and reference_id.
Related Pages
- Governance, Access & Permissions -- Permission requirements for audit log access.
- AI Employee Export & Import -- Import operations are logged in the audit log.