Audit log
Wholisphere logs every action the agent takes on the user’s behalf. The log is append-only, per-org-isolated, and exportable as JSON for compliance review or SIEM ingest.
What’s logged
For each event:
id— unique event IDorg_id— your organizationuser_id— the dashboard user (if applicable; null for agent actions on behalf of visitors)api_key_id— the API key that authorized the call (if applicable)ts— ISO-8601 timestampkind— event type (see below)details— JSON blob with event-specific datatrace_id— for cross-system correlation
Event kinds
| Kind | When |
|---|---|
capability.invoked | A capability handler was triggered (read aloud, describe, voice click, etc.) |
capability.completed | The capability ran to completion |
capability.failed | The capability errored |
agent.click | The agent clicked an element |
agent.navigate | The agent navigated to a URL |
agent.input | The agent typed into an input |
cache.invalidated | A cache invalidation request landed |
settings.changed | A user changed a preference |
Retention
| Tier | Hot in D1 | Cold in R2 |
|---|---|---|
| Free / Pro | 30 days | — |
| Platform | 12 months | 5 years |
Hot tier supports point queries via the dashboard + API. Cold tier is bulk-exported as JSONL via a scheduled worker (Platform plans).
Export
From the dashboard’s Audit log page, click Download JSON. Or via API:
curl https://api.wholisphere.ai/v1/orgs/$ORG_ID/audit?limit=500 \ -H "cookie: whs_session=$SESSION"SIEM ingest
Platform plans support real-time push to:
- Splunk via HEC
- Datadog via Logs API
- Generic webhook (POSTs JSONL batches every 60s)
Configure in Settings → Integrations → SIEM.
Why this matters
If your org is sued for accessibility (and any retailer / fintech / healthcare / SaaS company eventually is), the question becomes “what did your accessibility solution actually do?” Most answers are speculative. With Wholisphere your answer is a JSON file: this user, on this URL, at this time, was given access to this content via this action. Lawyers and auditors love that.