Agent logs
Inspect local audit records for brokered agent sessions
stashbase agent run writes a local, metadata-only JSONL audit log by default. Startup prints the audit session ID and local log path. Use stashbase agent logs to inspect recent broker decisions without opening those files directly.
What logs contain
Each event records the profile, broker action, destination host, secret name, response status, and duration. Logs never include secret values, placeholders, headers, bodies, URLs, or command arguments.
Common actions include injected, host_denied, unknown_placeholder, tls_trust_failed, upstream_timeout, upstream_connection_failed, and upstream_request_failed.
View recent events
stashbase agent logs
stashbase agent logs --session 5fd2...
stashbase agent logs --profile coding --action injected --host api.github.com
stashbase agent logs --action host_denied --since 1h
stashbase agent logs --followUse --json for a one-time JSON array. With --follow --json, each event is emitted as one JSON line.
Retention and privacy
Logs older than 30 days are removed automatically and local storage is capped at 1,000 session files. Disable persistence for one run with --audit-log false:
stashbase agent run --profile coding --audit-log false -- codexAudit records describe broker activity, not complete process activity. A tool that bypasses the proxy directly cannot be logged.