Pushary
Blog
Guides

What an AI agent audit log should capture for teams and compliance

A useful AI agent audit log records the action, arguments, decision, who approved it, and which surface. Here is what to capture, and the honest limits.

AG
Aadil Ghani
Founder, Pushary
Jun 27, 20265 min read
Share

A useful AI agent audit log captures five things for every action: what the agent did, the exact arguments it ran with, the decision (approved, denied, or auto-approved), who made that decision, and which surface they made it from. Without all five, you have a stream of events but no accountability. You can see that something happened. You cannot answer who let it happen, or why.

That gap matters most when an agent has write access. A read that lists a directory is noise. A git push --force, a database migration, an external message, or a spend is a decision someone should own. The audit log is where that ownership gets recorded.

Key takeaways

  • A complete agent audit record needs the action, its arguments, the decision, the approver, and the surface the answer came from.
  • Arguments and a what-changed view turn "the agent ran Bash" into a record you can actually review later.
  • Pushary is GDPR-aligned and self-assessed. There is no SOC2 or ISO certification, and that is stated plainly, not buried.

The five fields that make a record worth keeping

Most logging stops at the event name. "Agent invoked Bash." That tells you almost nothing. Here is what an audit record needs to be useful months later, when nobody remembers the session.

The action. The tool the agent used: a shell command, a file write, an API call. The category of thing that happened.

The arguments. The part that carries the actual risk. Bash is not a unit of risk. cat README.md and rm -rf are the same tool with very different outcomes. A log that records only the tool name cannot tell a teammate, or an auditor, which one ran. Pushary records the structured tool-action metadata, so the argument is in the receipt, not lost.

The decision. Approved, denied, or auto-approved by a rule. A deny is as important as an approve. If someone stopped the agent, that is a signal worth keeping. Pushary also lets you deny with feedback, so the reason travels back to the agent and into the record.

Who approved it. This is the field that turns a log into an accountability trail. A decision with no name attached is just an event. Put a name on it and you have someone who can answer for what happened.

Which surface. Pushary records an answer-source for every decision: phone, web, or Slack. The same person approving from a locked phone at the gym and approving from a reviewed pull request at their desk are two different postures. The surface is part of the context.

Why arguments and a what-changed view matter

A record you cannot interpret later is not much of a record. Two things make an agent audit log readable after the fact.

Arguments give you the specifics. Reviewing a list of "Bash, Bash, Edit, Bash" tells you nothing. Reviewing "git status, npm test, edit src/auth.ts, git push origin main" tells you the shape of the session. Pushary keeps a per-session receipt with the structured metadata, so a session reads like a story instead of a count.

A what-changed view answers the question people actually ask: what is different now. Pushary's audit includes that view, plus exportable history and a Team digest, so a lead can review what the fleet did without replaying every prompt. The full behavior is documented in the audit log docs, and the product overview lives on the audit trail page.

An audit trail is also what makes auto-approval safe. When a read-only command is approved by a rule instead of by you, the action still lands in the log with its arguments and the rule that fired. Automating a decision is fine. Just don't lose the record of it.

Where the data comes from

The records are not guesses about what an agent might do. They are built from what agents actually do. Pushary's read-only safe floor, the set of commands it auto-approves without interrupting you, was decided from 1,721 real production questions: the actual stream of things agents stopped to ask about. That same event stream is what populates the audit log. The list of permission policies controls which actions ask, and every outcome is recorded.

The honest limit on compliance

Here is the part most vendors soften. Pushary is GDPR-aligned and self-assessed. We follow GDPR principles for the data we hold, and we say so in our Terms and Privacy policy. We do not hold a SOC2 report or an ISO 27001 certificate, and we do not claim one. An audit log is a strong control. It is not a certification, and pretending otherwise would be dishonest.

So if your compliance team needs a SOC2 attestation to check a box, Pushary's audit trail is evidence you can produce, not a seal you can forward. It records who approved what, with what arguments, from which surface. That is genuinely useful for an internal review or an incident reconstruction. It is not a substitute for an external audit you may separately need.

Two more honest edges. Enforced gating, the kind that can actually block a tool, needs a hook to gate at, so it works on the CLI agents (Claude Code, Codex, Gemini CLI, Cursor, Hermes). The Claude Desktop connector can notify and ask but cannot block, because Desktop exposes no hook. And on iOS the cross-origin deep link is broken, so the phone uses a pending-questions inbox to answer rather than a tap-through link. Both are recorded the same way in the log; the difference is in how the approval reaches you.

Common questions

Does an audit log replace SOC2?

No. An audit log is an internal control that records decisions and actions. SOC2 is an external attestation about your organization's controls, performed by an auditor. Pushary's log is good evidence for a review, and it is self-assessed and GDPR-aligned, but it is not a certification.

Who is recorded as the approver?

The person who answered the question, along with the surface they answered from: phone, web, or Slack. Auto-approvals from a rule are recorded as such, with the rule that fired, so a silent approval is still attributable.

Can I export the history?

Yes. Pushary keeps exportable history plus a Team digest and a weekly recap, so you can pull the record out for a review instead of reading it one prompt at a time. The fields available are in the audit log docs.

A log that records the action, the arguments, the decision, the approver, and the surface is the difference between knowing an agent ran and knowing who is accountable for what it did. That record is part of every agent plan. See what Pushary covers for AI agents, or start with the quickstart.

AG
Aadil Ghani
Founder, Pushary

Building Pushary so an AI agent can reach you on your phone and wait for a yes before it does something you would not want.

XWebsite

Read next

Guides

Who is accountable when an AI agent makes a mistake?

An agent has no accountability of its own. The human who ran it owns the outcome, which is why a record of who approved what matters.

Jun 25, 20264 min readAadil Ghani
Guides

How to run multiple AI agents at once without losing track

The workflow and the board for running concurrent agent sessions without losing track of which one needs you.

Jun 22, 20264 min readAadil Ghani
Guides

AI agent control glossary: HITL, MCP, permission gates, kill switch, audit trail

Each term gets a one-line definition first, then context and a short example. Built so you can lift any single entry.

Jun 21, 20265 min readAadil Ghani

Get a push the moment your agent needs you

Approvals, done alerts, and a kill switch for Claude Code, Codex, Cursor, and the rest. It takes a couple of minutes to set up.