Governed ability

Get activity log

aafm/get-activity-log Read only

Reads this plugin's own audit log: each row's ability name, status (started, success, error, denied), acting user id and login, the argument keys passed, and the timestamp. Most recent first. Response includes total (the count for the status filter). Never argument values or network addresses. Requires the manage-options capability.

How it is governed

The same model as every ability in the plugin, stated for this one.

  • Off until you enable it

    Like every ability, Get activity log ships switched off. You turn it on one at a time, and an update never widens access on its own.

  • Reads only

    It reads data and returns it to your client. Nothing on your site is created, changed, or removed.

  • Capability gated

    A connection only sees Get activity log if the user you connected can run it, and the plugin checks that capability again before it executes.

  • Every call audited

    The call is written to the log in your own database, denials included, with the argument keys but never the values.

See it in action

An illustrative run. Your real calls and data stay on your own site.

agent-abilities · audit Governed
You Get activity log on this site.
Run Running aafm/get-activity-log
Gate Allowed read capability confirmed
Audit aafm/get-activity-log · principal: editor · args: keys
Result Returns the data the agent asked for. Nothing on the site changes.

Try it with a prompt

Example requests you could paste to your agent.

  1. Show me the most recent entries in the plugin's activity log.
  2. List the last actions agents took, including any that were denied.
  3. Which ability calls errored recently, and who was the acting user?

These are illustrative example prompts. The agent runs them as the user you connected, checked against that user's capabilities and written to your audit log.

Frequently asked

Short answers for Get activity log.

Does the log include the actual data agents sent?

No. It records each row's ability name, status, acting user id and login, the argument keys, and the timestamp, but never argument values or network addresses.

Who can read the log?

It requires the manage-options capability. The log itself is how the plugin keeps every ability call auditable, whether it succeeded, errored, or was denied.

Back to all abilities

Governed by default, from the first call.

Get activity log is off until you enable it, scoped to the user you connect, and logged like everything else. Turn on only what you need.

Every ability off until you enable it, capability-gated on every call.