How It Works
Each tool call the agent makes is appended to the audit log before the result returns to the user.Quick Start
What’s Logged
Each JSONL line records:timestamp,session_id,agent_nametool_name,tool_input,execution_time_ms- Optional
tool_output(wheninclude_output=True)
after_tool automatically when you call enable_audit_log().
Configuration
| Option | Type | Default | Description |
|---|---|---|---|
log_path | str | ~/.praisonai/audit.jsonl | Append-only JSONL path |
include_output | bool | False | Include truncated tool output |
max_output_chars | int | 500 | Max output chars when include_output=True |
Thread Safety (PR #2062)
- Uses
threading.Lockfor concurrent multi-agent writes - Keeps a long-lived file handle (reopened lazily if rotated)
- Each write calls
fsyncfor crash durability - Call
get_audit_log().close()on shutdown to flush and release the handle
Best Practices
Enable early in production
Enable early in production
Call
enable_audit_log() before creating agents so every tool invocation is captured from the first turn — retrofitting mid-session misses earlier calls.Close on shutdown
Close on shutdown
Call
get_audit_log().close() in your shutdown handler to flush the file handle. Long-running daemons that skip this may lose the last buffered line on crash.Keep output logging selective
Keep output logging selective
Leave
include_output=False unless you need forensic replay. When enabled, tune max_output_chars to avoid bloating the JSONL with large tool payloads.Rotate and protect log files
Rotate and protect log files
Store logs outside web-served directories. The audit path is protected by default — do not disable Protected Paths on production hosts.
Related
Security Overview
Enable audit log with other security features
Protected Paths
Audit log file is itself protected

