Audit
Immutable record of governance decisions and agent actions, plus signed evidence bundles for compliance.
Audit
The Audit surface (at /dashboard/audit, under the Prove chapter) is an immutable, append-only record of every governance decision and agent action in your project. When a policy blocks a call, a budget holds it, an approval resolves, or arguments are redacted, that outcome lands here and cannot be altered after the fact. This makes Audit the surface you reach for during compliance reviews, incident postmortems, and any moment you need to prove what your agents did and what stopped them.
Audit has two in-page tabs: Log and Export. Day-to-day span browsing and search now live on the Runs surface (/dashboard/traces); Audit focuses on the governance record and the evidence you generate from it.
The legacy /dashboard/audit/export route now redirects to the Export tab (?view=export). Update any bookmarks to /dashboard/audit.
Log tab
The Log tab opens on a verb-summary header that counts decisions by outcome: blocked, held, redacted, allowed, and errored. The counts give you the shape of the record at a glance before you drill in.
Below the header, four filters narrow the rows:
- All shows every recorded decision and action.
- Blocked shows actions a policy stopped.
- Approvals shows actions that went through a human gate.
- Budget shows actions a budget ceiling held.
Each row that involved redacted arguments carries a per-row badge so you can see at a glance which entries had sensitive arguments masked. The Log tab also offers client-side Export JSON and Export NDJSON buttons for quick, unsigned dumps of the filtered rows.
When a row represents an actionable violation, a fix this affordance deep-links straight into the Policies create form, so you can turn an observed action into an enforced rule without leaving the audit context.
Export tab
The Export tab generates cryptographically signed (Ed25519) audit evidence bundles. You can scope a bundle to a single trace or to a time window, then download it in one or more formats.
Formats by tier
Export formats are tier-gated:
| Format | Available on |
|---|---|
| JSON | Free and above |
| CSV | Free and above |
| PDF compliance report | Team and above |
| OTLP/JSON | Business and above |
| Splunk HEC JSONL | Business and above |
| Datadog Logs JSONL | Business and above |
The PDF compliance report is rendered server-side with Typst and is capped at 1000 events per report. The OTLP/JSON, Splunk HEC JSONL, and Datadog Logs JSONL formats let you forward signed evidence into your existing observability and SIEM pipelines.
Package history
A history table lists the packages you have generated. For each package it shows the created timestamp, the scope (single trace or time window), the formats included, a SHA-256 prefix, the expiry, and a per-format download link. Expired packages are no longer downloadable; regenerate from the same scope when you need them again.
Verify a bundle externally
Because every bundle is Ed25519-signed, anyone can confirm it has not been tampered with, without trusting JamJet. Verify a downloaded bundle with the jamjet-cloud audit-verify command:
jamjet-cloud audit-verify ./audit-bundle.zipThe command checks the signature against the bundle contents and reports whether the evidence is intact.
Quota and retention
Export quota and retention are tier-scoped. On the free tier you get 5 exports with 7-day retention; higher tiers get more. Generate and download the bundles you need to keep before they expire, since expired packages drop out of the history table.