Audit Trail for AI Actions
Who this is for
Organization Owners and Admins who need to review what AI Pilot has done, investigate a specific action, or demonstrate accountability for infrastructure changes.
What you will complete
Understand where AI actions are logged, how to read the audit trail, and how to filter for specific AI-initiated operations.
Before you begin
- Owner or Admin role required to view audit logs.
- Go to Settings → Audit Log.
What the audit trail captures
Every AI Pilot action — proposed, approved, denied, or executed — is permanently logged. The audit trail records:
- Who initiated the action — the user who sent the AI prompt
- What the AI proposed — the action description from the approval card
- Who approved or denied — the user who clicked Allow or Deny (may differ from initiator)
- When it happened — exact timestamp in UTC
- Target — the server, site, or resource involved
- Result — Completed, Failed, Denied, or Expired
- Output — for executed actions, the execution result or error message
How to view the audit trail
- Go to Settings in the left sidebar.
- Click Audit Log.
- The audit log shows all organization actions, including both manual and AI-initiated operations.
- AI-initiated actions are clearly labeled as "AI Pilot" in the source column.
How to filter for AI actions only
- In the Audit Log, look for the Source or Type filter.
- Select AI Pilot to show only AI-initiated actions.
- You can further filter by:
- Date range (e.g., last 7 days, last 30 days)
- Server or site name
- Action type (backup, deployment, service restart, etc.)
- Result (Completed, Failed, Denied)
Reading an audit log entry
Each entry shows:
| Field | Example | Meaning |
|---|---|---|
| Time | 2026-05-29 14:32 UTC | When the action was logged |
| Source | AI Pilot | Action was proposed by AI, not a manual user click |
| Actor | admin@company.com | User whose session initiated the AI request |
| Approver | admin@company.com | User who clicked Allow (may be same as actor) |
| Action | Service Restart | What was done |
| Target | server-name / nginx | The resource that was affected |
| Result | Completed | Final status |
Step-by-step: investigate a specific AI action
- Go to Settings → Audit Log.
- Filter by Source: AI Pilot.
- Set the date range to the period you are investigating.
- Find the relevant entry by time, target server, or action type.
- Click the entry to expand full details:
- The AI's proposed action description
- The approval card decision (Approved by whom, at what time)
- The execution output (what the AI actually ran and the result)
- If the action failed, the output field shows the error message.
What success looks like
- Every AI-initiated action appears in the audit log within seconds of execution.
- You can identify who approved a specific AI action, even if the approver was different from the user who asked the AI.
- Denied actions appear with "Denied" status and the identity of the user who clicked Deny.
Common errors and fixes
"I do not see the Audit Log option in Settings" Cause: Your role may be Member or Viewer, which cannot access the audit log. Fix: Contact your organization Owner for access.
"I can see manual actions in the audit log but not AI actions" Cause: The Source filter may be active and set to a different value. Fix: Clear all filters in the Audit Log to show all sources.
"An AI action appears in the log but I did not approve it" Cause: Another admin in your organization approved the action. Fix: Check the Approver field on the log entry. You can identify exactly who clicked Allow.
"The audit log only shows 30 days of history" Cause: Default log retention is 30 days for most plans. Extended retention may be available. Fix: Contact support if you need longer retention for compliance purposes.
Safety notes
- The audit trail is immutable. Entries cannot be edited or deleted, even by Owners.
- All AI actions are logged, including read operations, proposals that were denied, and actions that timed out without approval.
- The audit trail is available for export as a reference for compliance audits.