AI makes mistakes! Undisk makes recovery instant: every write is versioned, every file is reversible.
See it heal →

What it does

Query the workspace’s tamper-evident audit trail. Every file mutation is recorded with hash-chain integrity. Use ‘list’ to browse recent entries, ‘export’ for full JSON/NDJSON dumps (ideal for compliance evidence packages), and ‘verify’ to validate hash-chain integrity. Supports filtering by agent, time range, operation type, and file path. Read-only — does not modify the workspace.

Required scope

audit:read

Parameters

ParameterTypeRequiredDescription
actionstringYesOperation to perform Values: list, export, verify.
startTimestringNoFilter entries after this ISO 8601 timestamp (e.g., ‘2025-01-15T00:00:00Z’).
endTimestringNoFilter entries before this ISO 8601 timestamp.
agentIdstringNoFilter to entries from a specific agent.
operationTypestringNoFilter to a specific operation (e.g., ‘write’, ‘delete’, ‘move’, ‘restore’, ‘create’, ‘append’).
filePathstringNoFilter to entries affecting a specific file path.
toolNamestringNoFilter to entries triggered by a specific MCP tool (e.g., ‘write_file’, ‘delete_file’, ‘upload_session’). Distinct from operationType which is the storage-level operation.
limitnumberNoMaximum entries to return for ‘list’ action (default: 100, max: 1000). Not used for ‘export’ or ‘verify’.
formatstringNoExport format: ‘json’ (default) or ‘ndjson’ (newline-delimited JSON). Only used with ‘export’ action. Values: json, ndjson.
fromSeqnumberNoStarting sequence number for ‘verify’ action. Omit to verify from the beginning.
toSeqnumberNoEnding sequence number for ‘verify’ action. Omit to verify to the end.