The standalone records its own trace events. Enterprise adds a separate, append-only audit log of administrative actions across the fleet: who logged in, who edited which guardrail, who rotated which secret. The log is tamper-evident and exportable for compliance review.Documentation Index
Fetch the complete documentation index at: https://docs.idun-group.com/llms.txt
Use this file to discover all available pages before exploring further.
What gets logged
- Authentication events: sign-in, sign-out, failed attempts, IdP-side revocations.
- Configuration writes: every agent, guardrail, MCP server, observability provider, integration, and prompt mutation, with diff and actor.
- Role and permission changes: every grant, revoke, role definition edit.
- Secret access: API keys read or rotated through the admin surface.
- Data export: traces, logs, or analytics exported off the platform.
Capabilities
- Append-only storage with cryptographic chaining so retroactive edits are detectable.
- Retention policies per record type, defaulting to seven years on the audit stream.
- Export to SIEM: stream to Splunk, Datadog, or any HTTP/Webhook consumer.
Next steps
Enterprise SSO
Authenticated identity is the actor field for every log entry.
Multi-agent management
See where audit events come from across the fleet.