Audit trail#
Every action in LumenFlow is recorded in an immutable audit trail. Nothing happens in the dark.
What's logged#
| Field | Description |
|---|---|
| Timestamp | When the action occurred (UTC) |
| Action type | What Sidekick did (send email, create event, etc.) |
| Initiator | Who requested the action |
| Approver | Who approved it (or "auto" for rule-based) |
| Governance rule | Which rule triggered the approval decision |
| Input data | The data sent to the action |
| Output data | The result returned |
| Token usage | Tokens consumed (prompt + completion) |
| Cost | Estimated dollar cost |
| Model | Which LLM model was used |
Accessing the audit trail#
Dashboard#
Navigate to Observe → Activity for a searchable, filterable view of all audit entries.
API#
The audit trail is also accessible via the LumenFlow API for programmatic access and integration with your existing tools.
Export#
Export the current evidence set and audit history from the workspace trust surfaces when you need to hand records to reviewers or compliance stakeholders.
Retention#
| Plan | Retention |
|---|---|
| Free | 7 days |
| Team | 90 days |
| Enterprise | 365 days |
Compliance frameworks#
LumenFlow's audit trail supports requirements for:
- SOC 2 — access logging, change management
- GDPR — data processing records, right to explanation
- HIPAA — action logging, access controls (with BAA)
info Audit entries cannot be modified or deleted. This is by design — the trail is the ground truth for all AI activity.