Skip to main content

THE AUDIT SYSTEM

When an AI agent operates a Swamp repo, it runs dozens of commands in minutes. Some are swamp commands. Some are direct CLI calls to tools like aws, terraform, or kubectl. The human who returns to the repo needs a single answer: what happened while I was away? The audit system exists to provide that answer — a chronological timeline of every command, regardless of origin.

Two sources of truth

Swamp commands are recorded automatically. Every swamp model method run, swamp workflow run, or swamp data query invocation writes an audit entry with a timestamp, session ID, and the full command string. No configuration required.

Direct CLI commands are a harder problem. A Swamp workflow might run swamp model method run deploy, but the model's method internally calls aws ec2 run-instances. Without capturing that second command, the audit timeline has a gap. Audit hooks close the gap by recording CLI commands executed within the repo directory. The result is a unified timeline where both layers are visible: the Swamp command that initiated the work and the underlying tool invocations it produced.

Why hooks are tool-specific

Each AI coding tool intercepts shell commands through a different mechanism. Claude Code uses hooks defined in its settings file. Cursor uses shell integration. Other tools have their own extension points. A single generic approach would miss commands or double-count them depending on the tool's execution model.

swamp repo init --tool <tool> configures the correct hook for the active tool. swamp doctor audit verifies the hook is installed and functioning. The tradeoff is explicit: rather than attempting a fragile universal solution, Swamp maintains per-tool integrations that each work reliably.

Sessions isolate concurrent actors

Each terminal session or agent run receives a session ID. The audit timeline can be filtered by session, which matters when multiple agents or humans work in the same repo at the same time. Without session filtering, interleaved commands from different actors would produce an unreadable timeline. With it, you can isolate exactly what one agent did during one run.

What audit deliberately omits

The audit system records commands, not outcomes. It does not capture exit codes, stdout, stderr, or which resources a command created or destroyed. This is a deliberate design boundary. Recording outcomes would require parsing tool-specific output formats, handling streaming output, and storing potentially large payloads — all of which would make the system expensive and fragile.

For execution outcomes, Swamp has purpose-built tools: swamp model method history shows what a method produced, and swamp workflow history shows the result of each workflow step. The audit timeline complements these by answering a different question: not "what was the result?" but "what was attempted?"

This separation keeps audit lightweight and always-on. Every command is recorded with minimal overhead, so the timeline is never incomplete. The more expensive work of tracking outcomes stays in the systems that already do it well.

For a broader view of how these primitives compose, see How Swamp Works.