Skip to main content

Audit Logs

Every action in Conto, creating agents, executing payments, changing policies, and freezing accounts, is recorded in a database-enforced append-only audit log with SHA-256 hash chains for tamper detection in normal operation. Privileged database operations and backup restoration remain outside that guarantee until records are also anchored in externally controlled WORM storage.

What Gets Logged

Actions

Resources

Logs track actions on agents, wallets, transactions, policies, organization members, API and SDK keys, alerts, counterparties, approval workflows, payment and budget requests, billing, and supported x402 or MPP payment records.

Log Entry Fields

Customer audit responses and exports provide these fields for understanding and reconciling an event: resourceReference.id is present when the affected record has a supported customer reference, so you can reconcile an audit entry with API records or a support request. Authentication sessions and generic settings records intentionally return a null reference ID.

Change Detection

When a resource is updated, changes includes only documented customer fields such as status, name, role, limits, and alert resolution. Arbitrary metadata, network request details, authentication data, and unsupported state fields are not returned in audit responses or exports.

Tamper-Evident Hash Chain

Conto maintains a SHA-256 integrity chain for audit entries, so modifying an earlier entry causes a later verification check to fail. Owners and admins can verify chain integrity for a selected date range from Audit Logs in the signed-in dashboard. Response:
If tampering is detected, the response includes brokenAt with the ID of the first compromised entry.

Viewing Logs

Dashboard

Go to Audit Logs in the sidebar. Filter by:
  • Action type
  • Resource type
  • Actor (user or API key)
  • Date range
Agents that need their own audit trail can use the SDK route:

IP Attribution

Audit logs record the client IP address supplied by Conto’s trusted network boundary when one is available. This helps security investigations without requiring clients to send an IP field.