Documentation Index
Fetch the complete documentation index at: https://docs.duvo.ai/llms.txt
Use this file to discover all available pages before exploring further.
Security and compliance teams can use this guide to answer: what did Duvo do, on whose behalf, and when? It covers what Duvo records, where to find that data in the product, how to export it for your SIEM or compliance tooling, and what is not yet captured so you can plan compensating controls.
What Gets Recorded
Duvo records activity in four event families.
Actor events
Changes to who can access Duvo and how they authenticate:
| Event | What is captured |
|---|
| User login | User, timestamp, identity provider |
| User invited to team or organization | Inviting user, invitee, role assigned, timestamp |
| Role changed | Acting user, target user, old role, new role, timestamp |
| Connection added or removed | User, connection type, team, timestamp |
| Login or secret created or rotated | User, secret name (never the value), assignment scope, timestamp |
| API key created or revoked | Creating user, key name, timestamp |
Builder events
Changes to automation configuration:
| Event | What is captured |
|---|
| Assignment created | User, assignment name, team, timestamp |
| SOP edited | User, assignment, version number, timestamp |
| Assignment published | User, assignment, version promoted, timestamp |
| Schedule enabled or disabled | User, assignment, interval, timestamp |
| Trigger added or removed | User, assignment, trigger type, timestamp |
| Assignment duplicated | User, source assignment, new assignment, timestamp |
| Assignment deleted | User, assignment, timestamp |
Job events
Activity during each Job execution:
| Event | What is captured |
|---|
| Job started | User or trigger type, assignment, run ID, timestamp |
| Tool call made | Tool name, connection, run ID, timestamp |
| Human-in-the-Loop request created | Assignee, run ID, request title, timestamp |
| HITL request approved or rejected | Reviewer, decision, run ID, timestamp |
| Job completed | Run ID, status, duration, timestamp |
| Job stopped manually | User, run ID, timestamp |
Admin events
Organizational-level changes:
| Event | What is captured |
|---|
| Team created | User, team name, organization, timestamp |
| User removed from team or organization | Acting admin, removed user, timestamp |
| Owner or Admin role assigned | Acting user, target user, new role, timestamp |
| Billing plan changed | Admin, old plan, new plan, timestamp |
Finding Audit Data in the Product
Jobs List
Past Jobs (left sidebar) is the primary place to review job-level activity. Every Job across all assignments appears here with its status, trigger source, creating user, and timestamps.
Admins and Managers see the Created by column, which shows which team member started each Job. Use the filter bar to narrow by:
- Assignment — activity for a specific automation
- Status — Failed, Completed, Running, or Stopped jobs
- Created by — activity from a specific team member (Admin and Manager only)
- Trigger — jobs started manually, by schedule, by API, or by event trigger
Team Insights
Team Insights (sidebar, under Team) shows aggregated activity: run counts, completion rates, active assignments, and usage trends over time. Use this to spot sudden drops in activity or failure rate spikes across the whole team.
Human-in-the-Loop activity
All HITL approval requests, responses, and outcomes are recorded as part of the Job’s message thread. Open any Job that included a HITL step to see who approved or rejected the request, when, and with what context.
Exporting Audit Data
From the Jobs List
To export job-level activity:
- Open Past Jobs from the sidebar.
- Apply filters (assignment, date range, status, created by).
- Click Export in the top-right corner.
- Choose CSV or JSON.
Each export row contains: assignment name, run ID, status, trigger type, created-by user, start time, end time, and duration. The run ID can then be used to retrieve the full message log via the API (see below).
Download sample exports to inspect the exact field names and format:
Via the Public API
Use the API to retrieve job history and build a custom audit export pipeline.
List recent runs for your team:
curl -X GET "https://api.duvo.ai/v1/runs?limit=100&sort_by=created_at&sort_order=desc" \
-H "Authorization: Bearer dv_your_api_key"
| Parameter | Description |
|---|
limit | Number of runs per page (1–100, default 20) |
offset | Number of runs to skip for pagination |
agent_id | Scope to a specific assignment |
status | Filter by run status (completed, failed, running, stopped) |
source | Filter by how the run was started (api, schedule, manual, etc.) |
curl -X GET "https://api.duvo.ai/v1/runs/{run_id}" \
-H "Authorization: Bearer dv_your_api_key"
curl -X GET "https://api.duvo.ai/v1/runs/{run_id}/messages?limit=100" \
-H "Authorization: Bearer dv_your_api_key"
Duvo does not currently have a native push connector for SIEM tools (Splunk, Datadog, Elasticsearch, etc.). The supported approach is a pull-based pipeline using the public API.
Building a polling pipeline
- Schedule a polling script (a cron job, Lambda, or Cloud Run job) that calls
GET /v1/runs with sort_order=asc and an offset cursor to page through new Jobs since your last poll.
- For each Job, call
GET /v1/runs/{run_id}/messages to get the full execution log.
- Transform and forward the results to your SIEM using its HTTP ingestion endpoint — for example, Splunk HTTP Event Collector (HEC) or the Datadog Logs API.
GET /v1/runs/{run_id} returns a JSON object like this:
{
"run_id": "550e8400-e29b-41d4-a716-446655440000",
"assignment_id": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
"assignment_name": "Invoice Processing",
"status": "completed",
"trigger": "schedule",
"created_by": "user@example.com",
"started_at": "2026-05-18T09:00:00.000Z",
"completed_at": "2026-05-18T09:03:42.000Z",
"duration_seconds": 222
}
Retention and Access Control
Who can view audit data
| Role | Job history | Created by column | Run Debugger | Team Insights | API access |
|---|
| Member | Own jobs only | No | No | No | Own jobs only |
| Manager | All team jobs | Yes | No | Yes | All team jobs |
| Admin | All team jobs | Yes | Yes | Yes | All team jobs |
| Owner | All team jobs | Yes | Yes | Yes | All team jobs |
Data retention
Job history and audit data is retained for the duration of your subscription. Contact security@duvo.ai if you need a full data export or have questions about retention windows under your plan.
Known Gaps
Be aware of these limitations when planning compensating controls.
| What you may expect | Current state | Workaround |
|---|
| Native SIEM push (Splunk HEC, Datadog) | Not available — pull only | Schedule a polling script that forwards runs to your SIEM (see above) |
| Dedicated audit log API endpoint | Not available — use the runs API | Use GET /v1/runs with message logs for per-run detail |
| Actor and builder event export | In-product only — not yet exportable via API | Contact security@duvo.ai for a data extract |
| Per-step tool timing | Not exposed via the API | Overall Job duration is available via GET /v1/runs/{run_id} |
| Per-step cost breakdown | Not exposed via the API | Use Team Insights for aggregated cost trends |
| OpenTelemetry trace IDs in API responses | Not currently exposed | Use run_id as the stable correlation key in your SIEM |
| Signed or tamper-evident log export | Not currently supported | Supplement with your SIEM’s ingestion integrity controls |
