What Gets Recorded
Duvo records activity in four event families.Actor events
Changes to who can access Duvo and how they authenticate:Builder events
Changes to automation configuration:Run events
Activity during each Run execution:Admin events
Organizational-level changes:Finding Audit Data in the Product
Runs List
Past Runs (left sidebar) is the primary place to review run-level activity. Every Run across all agents appears here with its status, trigger source, creating user, and timestamps. Admins and Managers see the Created by column, which shows which team member started each Run. Use the filter bar to narrow by:- Agent — activity for a specific automation
- Status — Failed, Completed, Running, or Stopped runs
- Created by — activity from a specific team member (Admin and Manager only)
- Trigger — runs started manually, by schedule, by API, or by event trigger
Team Insights
Team Insights (sidebar, under Team) shows aggregated activity: run counts, completion rates, active agents, and usage trends over time. Use this to spot sudden drops in activity or failure rate spikes across the whole team.Human-in-the-Loop activity
All HITL approval requests, responses, and outcomes are recorded as part of the Run’s message thread. Open any Run that included a HITL step to see who approved or rejected the request, when, and with what context.Exporting Audit Data
From the Runs List
To export run-level activity:Open Past Runs
Open Past Runs from the sidebar.
Apply filters
Apply filters (agent, date range, status, created by).
Click Export
Click Export in the top-right corner.
Choose a format
Choose CSV or JSON.
Via the Public API
Use the API to retrieve run history and build a custom audit export pipeline. List recent runs for your team:
Get status for a specific Run:
Integrating with a SIEM or Observability Tool
Duvo does not currently have a native push connector for SIEM tools (Splunk, Datadog, Elasticsearch, etc.). The supported approach is a pull-based pipeline using the public API.Building a polling pipeline
Schedule a polling script
Schedule a polling script (a cron job, Lambda, or Cloud Run job) that calls
GET /teams/{teamId}/runs with sort_order=asc and an offset cursor to page through new Runs since your last poll.Fetch each Run's execution log
For each Run, call
GET /runs/{run_id}/messages to get the full execution log.Forward to your SIEM
Transform and forward the results to your SIEM using its HTTP ingestion endpoint — for example, Splunk HTTP Event Collector (HEC) or the Datadog Logs API.
GET /runs/{run_id} returns a JSON object like this:
Retention and Access Control
Who can view audit data
Organization Admins, Owners, and Executives have access to every team’s data within the organization.
For a full breakdown of role capabilities, see Team Roles and Permissions and Organization Roles and Permissions.
Data retention
Run history and audit data is retained for the duration of your subscription. Contact security@duvo.ai if you need a full data export or have questions about retention windows under your plan.Known Gaps
Be aware of these limitations when planning compensating controls.Related
Guardrails for High-Risk Automations
Risk tiers, HITL patterns, and kill switches for sensitive agents
Runs List
Filtering and monitoring all Runs across your team
Running Agents via API
API reference for starting runs, polling status, and retrieving messages
Team Roles and Permissions
Team-level roles and what each can see
Organization Roles and Permissions
Org-level access and which roles have cross-team visibility
Security & Privacy
Platform-level security controls, SOC 2, and data handling