Authenticated API
ACP (AI Cost & Performance) endpoints require a valid JWT Bearer token. Accessible via the API gateway.
Audit Logging & Security Events
Complete audit trail of all ACP operations plus security event tracking for monitoring and incident response.
Audit Logs
List Audit Logs
GET /acp/audit-logs?agent_id=agent_abc123&action=tool_execution&start_date=2026-01-01
Query Parameters:
| Parameter | Type | Description |
|---|---|---|
agent_id | string | Filter by agent |
action | string | Filter by action type |
user_id | string | Filter by user (for manual actions) |
start_date | string | Start of date range (ISO 8601) |
end_date | string | End of date range (ISO 8601) |
limit | integer | Results per page (default: 100) |
offset | integer | Pagination offset |
Action Types:
| Action | Description |
|---|---|
agent_registered | New agent created |
agent_status_changed | Agent status updated |
permission_granted | Permission added |
permission_revoked | Permission removed |
tool_enabled | Tool enabled for agent |
tool_disabled | Tool disabled for agent |
tool_execution | Agent executed a tool |
approval_requested | HITL approval created |
approval_granted | Approval approved |
approval_denied | Approval denied |
Response (200 OK):
{
"audit_logs": [
{
"log_id": "log_abc123",
"timestamp": "2026-01-19T14:30:00Z",
"agent_id": "agent_abc123",
"agent_name": "restaurant-assistant",
"action": "tool_execution",
"tool": "create_order",
"user_id": null,
"tenant_id": "tenant_xyz",
"details": {
"input": {"items": ["item_1", "item_2"]},
"output": {"order_id": "order_123"},
"duration_ms": 245
},
"ip_address": "10.0.1.50",
"success": true
}
],
"total": 1542,
"limit": 100,
"offset": 0
}
Security Events
Track security-relevant events for monitoring and response.
List Security Events
GET /acp/security-events?severity=high&acknowledged=false
Query Parameters:
| Parameter | Type | Description |
|---|---|---|
severity | string | Filter: info, warning, high, critical |
acknowledged | boolean | Filter by acknowledgment status |
agent_id | string | Filter by agent |
event_type | string | Filter by event type |
start_date | string | Start of date range |
end_date | string | End of date range |
Event Types:
| Event Type | Severity | Description |
|---|---|---|
permission_escalation_attempt | high | Agent tried to exceed permissions |
rate_limit_exceeded | warning | Agent hit rate limits |
tool_access_denied | warning | Agent tried to use disabled tool |
unusual_pattern_detected | high | Anomalous behavior detected |
approval_timeout | info | Approval request expired |
repeated_failures | warning | Multiple consecutive failures |
data_exfiltration_attempt | critical | Suspected data extraction |
Response (200 OK):
{
"security_events": [
{
"event_id": "evt_sec123",
"timestamp": "2026-01-19T14:30:00Z",
"event_type": "permission_escalation_attempt",
"severity": "high",
"agent_id": "agent_abc123",
"agent_name": "restaurant-assistant",
"description": "Agent attempted to access admin capability without permission",
"details": {
"attempted_capability": "system_admin",
"current_permissions": ["order_management", "inventory_queries"]
},
"acknowledged": false,
"acknowledged_by": null,
"acknowledged_at": null
}
],
"total": 5,
"unacknowledged_count": 3
}
Acknowledge Security Event
POST /acp/security-events/{event_id}/acknowledge
Content-Type: application/json
Request Body:
{
"notes": "Reviewed. Agent configuration updated to prevent recurrence.",
"resolution": "config_updated"
}
Response (200 OK):
{
"event_id": "evt_sec123",
"acknowledged": true,
"acknowledged_by": "user_admin456",
"acknowledged_at": "2026-01-19T15:00:00Z",
"notes": "Reviewed. Agent configuration updated to prevent recurrence.",
"resolution": "config_updated"
}
Related Pages
- HITL Approvals - Approval workflows tracked in audit logs
- Agent Management - Agent lifecycle events
- Overview - ACP Integration overview