Appearance
Audit Logging
Every action in GateFlow MCP is logged for security, compliance, and debugging.
What's Logged
Tool Invocations
json
{
"timestamp": "2024-01-15T10:30:00Z",
"event_type": "tool_invocation",
"agent_id": "agent_support_bot",
"session_id": "sess_abc123",
"tool": "llm/chat",
"input": {
"model": "gpt-4o-mini",
"messages": [{"role": "user", "content": "..."}]
},
"output": {
"response_length": 256,
"tokens_used": 150
},
"latency_ms": 450,
"cost": 0.0012,
"status": "success"
}Permission Events
json
{
"timestamp": "2024-01-15T10:30:01Z",
"event_type": "permission_check",
"agent_id": "agent_support_bot",
"tool": "voice/transcribe",
"result": "denied",
"reason": "tool_not_in_allowlist"
}Agent Lifecycle
json
{
"timestamp": "2024-01-15T10:00:00Z",
"event_type": "agent_created",
"agent_id": "agent_support_bot",
"created_by": "user_admin",
"permissions": {
"tools": ["llm/chat", "retrieval/search"]
}
}Viewing Logs
Dashboard
Navigate to MCP → Agents → [Agent] → Audit Log
API
bash
curl https://api.gateflow.ai/v1/mcp/agents/agent_123/audit-log \
-H "Authorization: Bearer gw_prod_..." \
-G -d "limit=100" -d "event_type=tool_invocation"Filtering
bash
# By time range
curl "...?start=2024-01-15T00:00:00Z&end=2024-01-15T23:59:59Z"
# By event type
curl "...?event_type=permission_denied"
# By session
curl "...?session_id=sess_abc123"Log Retention
| Plan | Retention |
|---|---|
| Free | 7 days |
| Pro | 30 days |
| Enterprise | 90 days (configurable) |
Export
JSON Export
bash
curl https://api.gateflow.ai/v1/mcp/agents/agent_123/audit-log/export \
-H "Authorization: Bearer gw_prod_..." \
-G -d "format=json" -d "start=2024-01-01" \
-o audit_log.jsonCSV Export
bash
curl https://api.gateflow.ai/v1/mcp/agents/agent_123/audit-log/export \
-H "Authorization: Bearer gw_prod_..." \
-G -d "format=csv" -d "start=2024-01-01" \
-o audit_log.csvReal-time Streaming
Stream logs as they happen:
bash
curl -N https://api.gateflow.ai/v1/mcp/agents/agent_123/audit-log/stream \
-H "Authorization: Bearer gw_prod_..."Compliance
Audit logs support compliance requirements:
- HIPAA: PHI access tracking
- SOC 2: Security event logging
- GDPR: Data access records
Next Steps
- Cost Transparency - Track agent costs
- Error Handling - Debug agent issues