2026-05-015 min
JSONL audit logs for AI agents (and why your security team will love you)
Every brocco run appends one JSONL file. You can grep it, diff it, and hand it to your security team. Here is why that beats every alternative.
AI audit log,agent run JSONL,compliance AI
Why JSONL
Long-form copy in progress. The outline below is what this section will cover. Open the dashboard to see brocco run the patterns described here.
- One event per line
- Append-only
- Greppable
- Diffable across runs
Schema
Long-form copy in progress. The outline below is what this section will cover. Open the dashboard to see brocco run the patterns described here.
- ts, agent, step, type, payload
- Tool calls + results inline
How to ship it to your SIEM
Long-form copy in progress. The outline below is what this section will cover. Open the dashboard to see brocco run the patterns described here.
- Vector
- Datadog
- Splunk forwarder
Try it for yourself
Run the workflow in this article inside /app. Demo mode runs without a key; bring your Anthropic key for live Claude calls.