Viewport daemon, relay, and hosted runtime are available in alpha. Surfaces may change.
VIEWPORT
For teams

Audit log

What Viewport records for runs, approvals, provider actions, and team administration.

Viewport records decision and execution evidence so a team can answer:

what triggered this
what policy applied
who approved it
what the worker did
what provider side effects happened
what it cost or used

For the current launch path, treat the audit log as operational evidence for early partners. Do not describe it as SOC 2 evidence, tamper-proof audit, or a full enterprise export system until those programs are complete.

What Is Logged

SurfaceExamples
Workspace and team administrationworkspace created, member invited, team membership changed.
Pairing and runnersmachine/worker paired, runner revoked, worker status changes.
GitOps syncsync source created, route/policy synced, validation failed.
Workflow run lifecyclerun queued, claimed, blocked, resumed, completed, failed.
Plan and approval decisionsplan proposed, request changes, approved, rejected.
Provider side effectsGitHub PR proposal/execution, Slack completion receipt.
Security denialswrong workspace, missing reviewer tag, missing credential, stale claim.

Each event should include enough metadata to identify the workspace, team, run, node, actor, timestamp, and denial/receipt code without storing raw secrets.

Run Evidence

A launch-quality run detail should show:

  • matched route and policy source;
  • policy hash or composed workflow version;
  • worker claim and lease/cleanup state;
  • plan node and gate decision;
  • approver, decision, message, and timestamp;
  • provider action receipt with external URL or permalink;
  • usage and cost when the adapter reports them;
  • redacted failure details when something fails.

The run detail is usually the fastest audit surface during onboarding. Use the audit log when you need a chronological view across runs and team changes. For a guided first-run inspection, see Read run detail. For the storage boundary between live session frames, workflow run receipts, transcript excerpts, logs, and artifacts, see Trust and privacy.

What Must Not Be Logged

Do not put these in screenshots, support packets, or proof files:

  • raw provider tokens;
  • Slack bot/user OAuth tokens;
  • GitHub installation access tokens;
  • worker private keys;
  • pairing codes that have not expired;
  • bootstrap, claim, or lease tokens;
  • model API keys;
  • private repo bodies unless your team explicitly approved that capture.

The product should redact known token-like values in runtime sync and provider failure details. If you see one of the values above in UI, logs, or exported evidence, treat it as a security bug.

Retention And Export

Retention and export are still early-partner surfaces:

  • run detail and audit rows are available in the hosted app;
  • support can help collect scoped evidence for a launch partner;
  • broad self-serve audit export, long-term retention controls, SIEM streaming, and legal/compliance retention policy are enterprise work.

If your rollout needs formal retention or export guarantees, keep that requirement in the launch plan and do not treat the current gated proof as enterprise-ready.

Common Investigations

Who approved this plan?

Open the run detail or plan review item. The approval row should show the actor, decision, timestamp, and reviewer context.

Why did the worker not claim the run?

Check the run readiness/claim denial and then Runner won't claim work. Hosted Viewport, not local vpd, decides whether a worker may claim.

Did Slack/GitHub actually receive the side effect?

Open the provider receipt on run detail. It should include a Slack permalink, GitHub PR URL, or provider reference when the provider returned one.

Did request changes run implementation anyway?

It should not. Request changes should keep implementation queued until the revised plan is approved. See Approval or plan revision is stuck.

Where To Go Next

On this page