Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

aasm audit

Query audit log entries and export tamper-evident compliance reports.

Synopsis

aasm audit <SUBCOMMAND> [OPTIONS]
SubcommandPurpose
listQuery audit log entries with filters.
exportExport audit data fetched from the gateway as CSV/JSON/JSONL.
verify-chainVerify the SHA-256 hash chain of a local JSONL audit file.
compliance-exportFull-fidelity compliance export of a local JSONL audit file.

All subcommands accept the global options.

Time filters. --since accepts a duration shorthand (30m, 2h, 1d) or an ISO 8601 timestamp; --until accepts an ISO 8601 timestamp.

aasm audit list

Query audit log entries from the gateway (GET /api/v1/logs) with optional filters, rendered as a table (or --output json|yaml). The result column is color-coded: allow=green, deny=red, pending=yellow.

FlagTypeDefaultDescription
--agent <AGENT>stringFilter by agent identifier.
--action <ACTION>stringFilter by action type (e.g. ToolCallIntercepted, PolicyViolation).
--result <RESULT>allow | deny | pendingFilter by policy decision result.
--since <SINCE>stringShow events after this duration or ISO 8601 timestamp.
--until <UNTIL>stringShow events before this ISO 8601 timestamp.
--limit <LIMIT>integer50Maximum number of entries to return.
--dry-run-onlyflagoffShow only observe-mode shadow events (dry_run: true). When off (default), shadow events are hidden so you see live enforcement decisions only.
 
aasm audit list --result deny --since 2h --limit 20

SEQ   TIMESTAMP             AGENT     EVENT             RESULT
142   2026-06-09T14:01:00Z  a1b2c3…   PolicyViolation   deny

aasm audit export

Export audit entries fetched from the gateway to CSV/JSON/JSONL, with optional compliance metadata headers. Writes to stdout unless --output-file is given.

FlagTypeDefaultDescription
--format <FORMAT>csv | json | jsonlrequiredExport file format. JSONL is preferred for SIEM ingestion.
--compliance <COMPLIANCE>eu-ai-act | soc2Prepend a compliance metadata header.
--output-file <OUTPUT_FILE>string(stdout)Write output to a file. (Named --output-file to avoid colliding with the global --output.)
--agent <AGENT>stringFilter by agent identifier.
--action <ACTION>stringFilter by action type.
--result <RESULT>allow | deny | pendingFilter by policy decision result.
--since <SINCE>stringShow events after this duration or ISO 8601 timestamp.
--until <UNTIL>stringShow events before this ISO 8601 timestamp.
--limit <LIMIT>integer1000Maximum number of entries to fetch.
 
aasm audit export --format jsonl --compliance soc2 --since 1d \
  --output-file audit-2026-06-09.jsonl

aasm audit verify-chain

Verify the SHA-256 hash chain of a local JSONL audit log file. Exits non-zero if the chain is broken (tamper evidence).

ArgumentTypeDescription
<PATH>pathPath to the JSONL audit log file to verify.
 
aasm audit verify-chain ./audit/session-7f3a.jsonl

✓ chain valid — 412 entries, genesis → entry 0xab12…

aasm audit compliance-export

Full-fidelity compliance export of a local JSONL audit file. Preserves the SHA-256 hash chain anchors, credential findings (kind + offset only — never the raw secret), and delegation lineage for SIEM ingestion and regulatory review.

FlagTypeDefaultDescription
--input <INPUT>pathrequiredPer-session audit JSONL file produced by the gateway.
--format <FORMAT>csv | json | jsonljsonlExport format. JSONL is preferred for SIEM/regulator ingestion.
--compliance <COMPLIANCE>eu-ai-act | soc2Prepend a compliance framework header.
--output-file <OUTPUT_FILE>path(stdout)Write output to a file.
--agent <AGENT>stringFilter by hex-encoded agent identifier (32 hex chars).
--event-type <EVENT_TYPE>stringFilter by audit event-type label (e.g. PolicyViolation).
--since <SINCE>stringInclude entries after this duration shorthand or ISO 8601 timestamp.
--until <UNTIL>stringInclude entries before this ISO 8601 timestamp.
 
aasm audit compliance-export --input ./audit/session-7f3a.jsonl \
  --format jsonl --compliance eu-ai-act --output-file compliance.jsonl

Last updated: 2026-06-11 by Chisanan232