List agent audit logs
Returns agent statement audit entries for the project, newest first, with optional credential, event, decision, source and date-range filters.
JWT issued by Better Auth. Verified via JWKS.
In: header
Path Parameters
Unique project identifier (prefixed, e.g. prj_xxx).
Query Parameters
Filter to a single agent credential.
Filter to a single event type (e.g. blocked, masked, query).
Coarse outcome filter that groups events. allow = query; block = blocked, budget_exhausted, auth_failed, credential_expired; mask = masked; truncate = truncated.
Filter by statement origin (wire, mcp, or control).
Return entries at or after this timestamp (inclusive lower bound).
Return entries strictly older than this timestamp (cursor / upper bound).
Return entries strictly older than this timestamp (keyset pagination cursor).
Maximum number of items to return (1-100, default 20).
Response Body
application/json
application/json
application/json
application/json
application/json
application/json
curl -X GET "https://example.com/v1/projects/string/audit-logs"{ "entries": [ { "id": "aud_01h455vb4pex5vsknk084sn02q", "project_id": "string", "credential_id": "string", "region": "string", "event": "string", "sql": "string", "normalized_sql": "string", "query_hash": "string", "statement_kind": "string", "decision_rule": "string", "reason": "string", "rows_returned": 0, "bytes_out": 0, "latency_ms": 0, "cache_status": "string", "client_ip": "string", "session_id": "string", "source": "string", "ts": "2019-08-24T14:15:22Z" } ], "next_page_token": "string"}{ "error": { "code": "string", "message": "string" }}{ "error": { "code": "string", "message": "string" }}{ "error": { "code": "string", "message": "string" }}{ "error": { "code": "string", "message": "string" }}{ "error": { "code": "string", "message": "string" }}