Tamper-proof audit trail of every agent action with rollback capabilities
The Action Journal page (JournalPage) provides a comprehensive audit trail of all agent actions across the system. Every tool call, side effect, and external interaction is logged with full context including the agent identity, tool name, action type, reversibility status, and timestamp. The journal supports organization-scoped filtering and rollback of reversible actions.
Not all actions can be undone. The journal marks each entry as reversible (✅) or non-reversible (❌):
| Reversible | Non-Reversible |
|---|---|
| Creating a record (can be deleted) | Sent emails (cannot be unsent) |
| Updating a field (can be reverted) | SMS messages |
| Moving files (can be moved back) | Social media posts (once public) |
| Toggling settings | Financial transactions (once settled) |
| Assigning resources | Deleted data (if not soft-deleted) |
Each journal entry has an actionType displayed as a badge tag. Common types include tool calls, API requests, file operations, message sends, and data modifications.
| Status | Badge | Description |
|---|---|---|
| Active | Active | Action was executed and is in effect |
| Rolled Back | Rolled Back | Action was reversed by an admin |
Three summary statistics are displayed above the journal table, loaded from /api/engine/journal/stats/default:
| Stat | Description |
|---|---|
| Total Actions | Total number of tool calls and side effects recorded across all agents |
| Reversible | Actions that can be undone via rollback |
| Rolled Back | Actions that have been reversed. A high count may indicate agents need tighter permissions or better instructions |
The main table displays the last 50 journal entries with the following columns:
| Column | Description |
|---|---|
| Time | When the action was executed (localized timestamp) |
| Agent | Agent badge with avatar and name (resolved from agent data) |
| Tool | The tool or function that was called (toolName or toolId) |
| Type | Action type badge (e.g., "api-call", "file-write", "email-send") |
| Reversible | ✅ if the action can be rolled back, ❌ if not |
| Status | Green "Active" or yellow "Rolled Back" badge |
| Actions | Rollback button (only shown for reversible, non-rolled-back entries) |
Rollback reverses a previously executed action. The rollback mechanism is action-specific — for example, rolling back a record creation deletes the record; rolling back a field update restores the previous value.
POST /api/engine/journal/{entryId}/rollback
Content-Type: application/json
{}The response includes:
success: true — Rollback completed, entry status changes to "Rolled Back"success: false — Rollback failed with an error message explaining why| Endpoint | Method | Description |
|---|---|---|
/api/engine/journal | GET | List journal entries (supports ?orgId=, ?limit=) |
/api/engine/journal/stats/default | GET | Get summary statistics (total, reversible, rolled back) |
/api/engine/journal/{id}/rollback | POST | Roll back a specific action |
The journal is automatically populated — no configuration is required to start logging. However, you can influence what gets logged by configuring agent permissions:
Check: (1) The org context switcher — you may be filtering to an org with no agents. (2) The agents are actually running and making tool calls. (3) The engine service is connected and logging correctly.
The action may no longer be reversible due to system state changes. For example, if a created record was already modified or deleted by another process. Check the error message for specifics.
The agent data may not have loaded. Refresh the page. If the agent was deleted, only the ID will be available.
Stats come from /journal/stats/default which covers all entries, while the table only shows the last 50. The stats reflect the complete history.