Agent Audit Log

When to use

You need a per-action record of what an agent did — for compliance, debugging, or dispute resolution.

Before you begin

The agent’s DID. You can read any agent’s audit log (the endpoint is authenticated but not principal-only).

API

$ curl "https://adid.dev/api/v1/agents/did:adi:0xA.../audit-log?limit=50&offset=0" \
>   -H "Authorization: Bearer $ACCESS_TOKEN"

(agent.go:232, router.go:139.)

Response:

1 {
2   "data":[
3     { "ts":"2026-04-26T11:00:00Z", "action":"verify",  "resource":"proof",      "ibct":"ibct-uuid-2", "outcome":"ok",   "txHash":null },
4     { "ts":"2026-04-26T11:01:30Z", "action":"sign",    "resource":"didcomm",    "ibct":"ibct-uuid-2", "outcome":"ok",   "txHash":null },
5     { "ts":"2026-04-26T11:02:14Z", "action":"delegate","resource":"sub-agent",  "ibct":"ibct-uuid-2", "outcome":"ok",   "txHash":"0xabcd..." }
6   ],
7   "total":3
8 }

Filtering

Query parameters: from, to, action, resource, outcome. Combine for forensic queries:

$ curl "https://adid.dev/api/v1/agents/did:adi:0xA.../audit-log?action=delegate&outcome=fail&from=2026-04-25" \
>   -H "Authorization: Bearer $ACCESS_TOKEN"

Verify

Cross-check selected entries against your runtime logs. Each entry’s ibct (jti) is reproducible across both sides of every action.

Export

Click Download CSV in the portal’s audit log viewer for a CSV export.

Troubleshooting

Symptom	Cause	Fix
Audit log empty	Agent has not yet acted	Trigger a tool call.
Action not appearing	Audit write failed	Check API logs; the audit handler logs failures with `audit_write_failed`.
Discrepancy with chain	Off-chain action	Not all actions emit chain events; off-chain ones are still recorded in the audit log.

💡 Tip — For long-running agents, set up a daily export job that writes the CSV to your archival store. The audit log endpoint paginates and supports from/to ranges, so cron-friendly extraction is straightforward.