Audit Logs & Compliance for AI Agents
Every action your AI agent takes is logged, searchable, and exportable. Built for SOC2, HIPAA, and GDPR compliance requirements.
The Problem: AI Without Accountability
When your team uses ChatGPT, there is no record of what was asked, what data was shared, or what the AI produced. When someone self-hosts OpenClaw without audit logging, the same problem exists. The agent browses the web, runs code, processes data — and there is no trail.
For personal use, this might be fine. For any business — and especially for regulated industries — it is not. Compliance frameworks require evidence that you know what systems do, who used them, and what happened. An AI agent without audit logs is a compliance black hole.
The question auditors ask is not "do you use AI?" It is "can you prove what your AI did?" Without logs, the answer is no.
What Gets Logged
KiwiClaw's audit system captures every meaningful action with timestamps, user attribution, and context:
- User queries — Every message sent to the agent, including the channel it came from (Slack, Discord, web chat, etc.) and who sent it.
- Agent responses — Every response the agent produced, including intermediate reasoning steps and tool calls.
- Web searches — Every search query the agent executed, which search engine was used, and what results it received.
- Code execution — Every code snippet the agent ran in the sandbox, the output produced, and any errors encountered.
- File access — Every file the agent read, wrote, or processed, including document uploads and downloads.
- Skill invocations — Every time a skill was called, what parameters were passed, and what results were returned.
- Configuration changes — Every change to the agent's system prompt, skills, channel connections, or settings — including who made the change.
- Authentication events — Logins, role changes, team member additions and removals.
Search, Filter, Export
Logs are not useful if you cannot find what you need. KiwiClaw's audit interface supports:
Full-text search — Search across all log entries for specific terms, user names, or content. Find every time the agent mentioned a specific client, accessed a particular document, or ran a certain type of query.
Filters — Filter by date range, action type (query, response, code execution, config change), user, channel, and severity. Narrow down thousands of entries to exactly what you need.
Export — Export filtered log sets in JSON or CSV format. Feed them into your SIEM, attach them to compliance reports, or use them for incident investigations. Exports preserve all metadata including timestamps, user IDs, and action details.
Compliance Framework Mapping
KiwiClaw's audit logs are designed to satisfy specific control requirements:
- SOC2 CC7.2 — The entity monitors system components and the operation of those components for anomalies. Audit logs provide the monitoring evidence.
- SOC2 CC7.3 — The entity evaluates security events to determine whether they constitute incidents. Searchable logs enable incident evaluation.
- HIPAA Security Rule — Audit controls (45 CFR 164.312(b)) require mechanisms to record and examine activity in systems containing PHI. Our logs satisfy this control.
- GDPR Article 30 — Records of processing activities. Audit logs document what data the agent processed, when, and for what purpose.
Retention and Security
Audit logs are stored separately from agent data in a tamper-evident append-only store. Logs cannot be modified or deleted by team members, including Admins. Retention periods are configurable on Enterprise plans — default is 90 days, with options for 1 year or longer.
Logs are encrypted at rest and in transit. Access to raw log data is restricted to authorized personnel via RBAC (Admin and Viewer roles).
FAQ
What does the audit log capture?
The audit log records every agent action with timestamps: user queries, agent responses, web searches performed, code executed, files accessed, skills invoked, configuration changes, login events, and role assignments. Each entry includes who triggered the action, what the agent did, and when it happened.
Can I export audit logs?
Yes. Audit logs can be exported in JSON and CSV formats for use in compliance reports, incident investigations, or integration with your existing SIEM or logging infrastructure. Exports can be filtered by date range, action type, and user.
Which compliance frameworks do audit logs support?
KiwiClaw's audit logs are designed to support SOC2 (Trust Services Criteria CC7.2, CC7.3), HIPAA (audit controls under the Security Rule), and GDPR (data processing records under Article 30). The logs provide the evidence trail that auditors require for these frameworks.