Audit log
Every authenticated call into mcp.clawnify.com and every clawnify.execute run on your agent’s runtime leaves an audit log entry. The log is per-org, append-only, and exportable.
What’s captured
At the gateway:
| Field | What it tells you |
|---|---|
ts | When the call happened (ISO 8601). |
request_id | Unique per call; ties the gateway entry to the runtime entry. |
user_id | Who initiated the call. |
caller | agent (your own agent), user (a person via dashboard / external MCP client), or system. |
server_id | Which runtime, when applicable. |
tool | Which MCP tool was invoked. |
duration_ms | How long the gateway took. |
is_error | Whether the call returned an error. |
At the runtime (additional fields for clawnify.execute):
| Field | What it tells you |
|---|---|
execution_id | The specific code-mode run. |
exit_code | Process exit code. |
duration_ms | Total runtime, including startup. |
timed_out | True if the call hit its wall-clock timeout. |
stdout_size_bytes / stderr_size_bytes | Output volume (not the content itself). |
code_size_bytes | Input source length (not the code itself). |
What’s NOT captured
The audit log does not record:
- The text of the code you ran (only its size + hash).
- The stdout / stderr content (only sizes).
- The arguments you passed to a tool call (only the tool name).
If you want full request payloads, write them yourself inside your app. The platform audit is intentionally PII-light.
Export
We can ship your org’s complete audit log on request. The export is JSONL, one entry per line, scoped to your org, signed for integrity. Get in touch at clawnify.com to schedule one.
Use cases
- Cost tracking. Count
clawnify.executecalls per day to project spend. - Anomaly detection. Watch for spikes in
is_error: trueor unusualcallermixes. - Compliance. Demonstrate “who did what when” for audits.
- Debugging. Match a misbehaving agent session against the exact tool calls it made.