Skip to main content
Every time an operator acts on a memory — correcting it, redacting it, reclassifying it, reverting it, or deleting it — AtomicMemory records that action in an append-only receipt chain where each entry is cryptographically linked to the one before it. This makes the audit log tamper-evident: if any historical record is altered or removed, the chain validity check will fail. The audit actor is the authenticated session user at the time of the action — it cannot be forged or overwritten after the fact.

Admin Audit Log (/audit)

The Admin Audit Log in the governance GUI is the primary surface for reviewing operator history. It presents a chronological list of all governance actions taken against memories in your workspace. Each row in the log shows:
FieldDescription
TimestampWhen the action was recorded
ActorThe authenticated user who performed the action
Action typecorrect, redact, reclassify, revert, hard_delete, or delete_by_scope
Memory IDThe target memory (links to the Memory Inspector)
Before / afterContent-free diff of the mutation (sensitive content is not surfaced in the log view)
At the top of the log, a chain_valid banner indicates whether the receipt chain is intact. If the banner shows a validity failure, the chain has been tampered with or a record has been removed outside of normal operation — this should be treated as a security incident. An observability stat strip below the banner shows aggregate counts: total actions, actions by type, and the number of distinct actors over the selected time window.
Rows in the audit log are content-free by design. The before/after diff shows that a mutation occurred and records its type, but does not surface the actual memory content in the log view. This prevents sensitive content from being inadvertently exposed during routine audit reviews.

Audit Reader (Langflow, enterprise)

If you are building governance workflows in Langflow, the Audit Reader component lets you query the operator action log from inside a flow. It is useful for building oversight dashboards, incident investigation flows, or compliance reporting pipelines.
The Audit Reader sources its admin key exclusively from the ATOMICMEMORY_LANGFLOW_ADMIN_API_KEY environment variable. Never pass the admin key through a flow input field — doing so risks logging it to Langflow’s execution history. Set the environment variable on your Langflow deployment and leave the key field in the component configuration empty.
The Audit Reader supports filtering by:
  • Time range
  • Actor (specific user)
  • Action type
  • Memory ID

Workflow Events (/events)

The Workflow Events surface provides a real-time typed feed of memory operations — not just operator actions, but the full lifecycle of writes, retrievals, mutations, and conflict detections. This is useful for integration monitoring and for understanding the operational rhythm of your memory system.

Event feed

The event feed shows recent events with their type, timestamp, correlation ID, and delivery state. Clicking any event expands the full payload. Events that share a correlation_id can be traced across surfaces using the cross-surface incident trace view at /trace/[correlationId].

Delivery subscriptions

The delivery-subscription card on the Events page lets you configure webhook delivery for memory events.
1

Choose a transport

Select https (webhook) or pubsub (Google Cloud Pub/Sub) as the delivery transport.
2

Set your endpoint

Provide the URL or topic path that should receive events.
3

Configure signing

Set a signing secret so your endpoint can verify that payloads originate from AtomicMemory. The signature is sent as a header on each delivery.
4

Set retry policy

Configure the retry window and backoff strategy for failed deliveries. The delivery state for each event is shown in the per-event row in the feed.

Best practices

Use a dedicated admin account for all governance operations — corrections, redactions, and deletions. When the audit log shows a named human operator as the actor on every hard delete and a service account such as agent-worker as the actor on every ingest, it is immediately clear which actions were human-initiated and which were automated. Mixed actors make incident investigations harder.
Set up a webhook subscription for hard_delete and delete_by_scope events to an external SIEM or alerting system. Because these actions are irreversible, out-of-band notification gives you an independent signal if a deletion occurs that was not expected.
CORE_ADMIN_API_KEY must never appear in client-side code, browser environments, framework adapter configuration, or application logs. Rotate it immediately if you suspect it has been exposed. All operator actions taken with a compromised key will be attributed to whatever session user was authenticated at the time — review the audit log for unexpected actions if a rotation is triggered.

Reading the receipt chain via API

You can verify the chain validity and read audit entries directly from the Core API using the admin key. 
curl -s http://localhost:17350/v1/governance/audit/chain-status \
  -H "Authorization: Bearer $CORE_ADMIN_API_KEY"