Skip to main content
Security and compliance teams can use this guide to answer: what did Duvo do, on whose behalf, and when? It covers what Duvo records, where to find that data in the product, how to export it for your SIEM or compliance tooling, and what is not yet captured so you can plan compensating controls.

What Gets Recorded

Duvo records activity in four event families.

Actor events

Changes to who can access Duvo and how they authenticate:
EventWhat is captured
User loginUser, timestamp, identity provider
User invited to team or organizationInviting user, invitee, role assigned, timestamp
Role changedActing user, target user, old role, new role, timestamp
Connection added or removedUser, connection type, team, timestamp
Login or secret created or rotatedUser, secret name (never the value), assignment scope, timestamp
API key created or revokedCreating user, key name, timestamp

Builder events

Changes to automation configuration:
EventWhat is captured
Assignment createdUser, assignment name, team, timestamp
SOP editedUser, assignment, version number, timestamp
Assignment publishedUser, assignment, version promoted, timestamp
Schedule enabled or disabledUser, assignment, interval, timestamp
Trigger added or removedUser, assignment, trigger type, timestamp
Assignment duplicatedUser, source assignment, new assignment, timestamp
Assignment deletedUser, assignment, timestamp

Job events

Activity during each Job execution:
EventWhat is captured
Job startedUser or trigger type, assignment, run ID, timestamp
Tool call madeTool name, connection, run ID, timestamp
Human-in-the-Loop request createdAssignee, run ID, request title, timestamp
HITL request approved or rejectedReviewer, decision, run ID, timestamp
Job completedRun ID, status, duration, timestamp
Job stopped manuallyUser, run ID, timestamp

Admin events

Organizational-level changes:
EventWhat is captured
Team createdUser, team name, organization, timestamp
User removed from team or organizationActing admin, removed user, timestamp
Owner or Admin role assignedActing user, target user, new role, timestamp
Billing plan changedAdmin, old plan, new plan, timestamp

Finding Audit Data in the Product

Jobs List

Past Jobs (left sidebar) is the primary place to review job-level activity. Every Job across all assignments appears here with its status, trigger source, creating user, and timestamps. Admins and Managers see the Created by column, which shows which team member started each Job. Use the filter bar to narrow by:
  • Assignment — activity for a specific automation
  • Status — Failed, Completed, Running, or Stopped jobs
  • Created by — activity from a specific team member (Admin and Manager only)
  • Trigger — jobs started manually, by schedule, by API, or by event trigger

Team Insights

Team Insights (sidebar, under Team) shows aggregated activity: run counts, completion rates, active assignments, and usage trends over time. Use this to spot sudden drops in activity or failure rate spikes across the whole team.

Human-in-the-Loop activity

All HITL approval requests, responses, and outcomes are recorded as part of the Job’s message thread. Open any Job that included a HITL step to see who approved or rejected the request, when, and with what context.

Exporting Audit Data

From the Jobs List

To export job-level activity:
  1. Open Past Jobs from the sidebar.
  2. Apply filters (assignment, date range, status, created by).
  3. Click Export in the top-right corner.
  4. Choose CSV or JSON.
Each export row contains: assignment name, run ID, status, trigger type, created-by user, start time, end time, and duration. The run ID can then be used to retrieve the full message log via the API (see below). Download sample exports to inspect the exact field names and format:

Via the Public API

Use the API to retrieve job history and build a custom audit export pipeline. List recent runs for your team: 
curl -X GET "https://api.duvo.ai/v2/teams/{teamId}/runs?limit=100&sort_by=created_at&sort_order=desc" \
  -H "Authorization: Bearer dv_your_api_key"
Filter parameters:
ParameterDescription
limitNumber of runs per page (1–100, default 20)
offsetNumber of runs to skip for pagination
agent_idScope to a specific assignment
statusFilter by run status (completed, failed, running, stopped)
sourceFilter by how the run was started (api, schedule, manual, etc.)
Get status for a specific Job: 
curl -X GET "https://api.duvo.ai/v2/runs/{run_id}" \
  -H "Authorization: Bearer dv_your_api_key"
Get the full execution log for one Job: 
curl -X GET "https://api.duvo.ai/v2/runs/{run_id}/messages?limit=100" \
  -H "Authorization: Bearer dv_your_api_key"
The messages endpoint returns every step the assignment took — tool calls, model responses, HITL requests, and final output — in chronological order.

Integrating with a SIEM or Observability Tool

Duvo does not currently have a native push connector for SIEM tools (Splunk, Datadog, Elasticsearch, etc.). The supported approach is a pull-based pipeline using the public API.

Building a polling pipeline

  1. Schedule a polling script (a cron job, Lambda, or Cloud Run job) that calls GET /teams/{teamId}/runs with sort_order=asc and an offset cursor to page through new Jobs since your last poll.
  2. For each Job, call GET /runs/{run_id}/messages to get the full execution log.
  3. Transform and forward the results to your SIEM using its HTTP ingestion endpoint — for example, Splunk HTTP Event Collector (HEC) or the Datadog Logs API.
GET /runs/{run_id} returns a JSON object like this: 
{
  "run_id": "550e8400-e29b-41d4-a716-446655440000",
  "assignment_id": "7c9e6679-7425-40de-944b-e07fc1f90ae7",
  "assignment_name": "Invoice Processing",
  "status": "completed",
  "trigger": "schedule",
  "created_by": "user@example.com",
  "started_at": "2026-05-18T09:00:00.000Z",
  "completed_at": "2026-05-18T09:03:42.000Z",
  "duration_seconds": 222
}
For the full API reference, see Running Assignments via API.

Retention and Access Control

Who can view audit data

RoleJob historyCreated by columnRun DebuggerTeam InsightsAPI access
MemberOwn jobs onlyNoNoNoOwn jobs only
ManagerAll team jobsYesNoYesAll team jobs
AdminAll team jobsYesYesYesAll team jobs
OwnerAll team jobsYesYesYesAll team jobs
Organization Admins, Owners, and Executives have access to every team’s data within the organization. For a full breakdown of role capabilities, see Team Roles and Permissions and Organization Roles and Permissions.

Data retention

Job history and audit data is retained for the duration of your subscription. Contact security@duvo.ai if you need a full data export or have questions about retention windows under your plan.

Known Gaps

Be aware of these limitations when planning compensating controls.
What you may expectCurrent stateWorkaround
Native SIEM push (Splunk HEC, Datadog)Not available — pull onlySchedule a polling script that forwards runs to your SIEM (see above)
Dedicated audit log API endpointNot available — use the runs APIUse GET /teams/{teamId}/runs with message logs for per-run detail
Actor and builder event exportIn-product only — not yet exportable via APIContact security@duvo.ai for a data extract
Per-step tool timingNot exposed via the APIOverall Job duration is available via GET /runs/{run_id}
Per-step cost breakdownNot exposed via the APIUse Team Insights for aggregated cost trends
OpenTelemetry trace IDs in API responsesNot currently exposedUse run_id as the stable correlation key in your SIEM
Signed or tamper-evident log exportNot currently supportedSupplement with your SIEM’s ingestion integrity controls