Actions You Don't Log
Every tool call, every permission check, complete audit trail. Visibility you didn't build.
On this page
AI agents make decisions and take actions. Without logging, you're flying blind. What did the agent do? Why? When? On whose behalf? In production, you need answers.
SystemPrompt logs everything. Every tool call, every permission check, every action. Complete visibility without building logging infrastructure.
The Problem
Comprehensive audit logging requires:
- Event capture: Intercepting all relevant actions
- Structured data: Consistent, queryable log format
- Storage: Log aggregation, retention, archival
- Query interface: Finding specific events
- Performance: Logging without slowing down operations
- Compliance: Meeting regulatory requirements
Most teams add logging as an afterthought. Incomplete coverage. Inconsistent formats. Missing context.
The Solution
SystemPrompt provides comprehensive audit logging:
Automatic Event Capture
Every significant action is logged:
- Agent messages and responses
- MCP tool calls and results
- Authentication events
- Permission checks
- File operations
- Content changes
- API requests
No instrumentation code required. Logging is built into the platform.
Structured Log Format
Logs are structured and queryable:
{
"timestamp": "2026-01-27T10:30:00Z",
"event_type": "mcp.tool_call",
"agent_id": "assistant",
"user_id": "user_123",
"tenant_id": "tenant_456",
"tool": "create_content",
"server": "content-server",
"duration_ms": 234,
"status": "success",
"metadata": {
"content_id": "post_789",
"title": "New Blog Post"
}
}
Query Interface
Find the events you need:
# View recent logs
systemprompt infra logs
# Filter by agent
systemprompt infra logs --agent assistant --limit 50
# Filter by event type
systemprompt infra logs --type mcp.tool_call
# Filter by user
systemprompt infra logs --user user_123
# Filter by time range
systemprompt infra logs --since "2026-01-27T00:00:00Z"
Analytics Integration
Logs feed into analytics:
# View agent performance
systemprompt analytics agents show assistant
# Content engagement metrics
systemprompt analytics content stats
# System-wide metrics
systemprompt analytics overview
Why This Matters
Debugging AI Behavior
When something goes wrong:
# Find what agent did before the error
systemprompt infra logs --agent assistant --before "2026-01-27T10:35:00Z"
# Trace a specific request
systemprompt infra logs --request-id "req_abc123"
# See all actions for a user
systemprompt infra logs --user user_123 --type mcp.tool_call
Security Monitoring
Detect suspicious activity:
- Failed authentication attempts
- Permission denied events
- Unusual tool call patterns
- Cross-tenant access attempts (which should never succeed)
# View auth failures
systemprompt infra logs --type auth.failed
# View permission denials
systemprompt infra logs --type permission.denied
Compliance Requirements
Audit logs help with:
- SOC 2: Access logging, change tracking
- GDPR: Processing records, data access logs
- HIPAA: Access audit trails
- Enterprise audits: Who did what, when
Logs are retained according to your configuration and can be exported for compliance review.
Cost Tracking
Understand AI usage:
# Agent usage by user
systemprompt analytics agents usage --by user
# Token consumption
systemprompt analytics ai tokens --period month
# MCP tool call frequency
systemprompt analytics mcp calls --period week
What You Skip
| Without SystemPrompt | With SystemPrompt |
|---|---|
| Logging instrumentation | Automatic |
| Log aggregation | Built in |
| Query interface | CLI and API |
| Retention policies | Configurable |
| Analytics dashboard | Included |
| Compliance exports | Supported |
Log Categories
Agent Events
agent.message - User message to agent
agent.response - Agent response
agent.error - Agent error or failure
MCP Events
mcp.tool_call - Tool invocation
mcp.tool_result - Tool response
mcp.auth_check - Authentication verification
Auth Events
auth.login - User login
auth.logout - User logout
auth.token_issued - Access token created
auth.failed - Authentication failure
Permission Events
permission.check - Permission verification
permission.denied - Access denied
permission.granted - Access granted
Getting Started
Logging is enabled by default. To view logs:
# Recent logs
systemprompt infra logs
# Follow logs in real-time
systemprompt infra logs --follow
# Export for analysis
systemprompt infra logs --format json > logs.json
Configure retention and export:
# services/logging/config.yaml
logging:
retention_days: 90
export:
enabled: true
format: json
destination: s3://your-bucket/logs
See the Logging Reference for detailed configuration options.