Using the CLI
Audit
Review LLM and network activity with the dvx CLI.
Audit
Every LLM call an agent makes and every network destination it reaches is recorded. dvx audit is how you review that history - for incident response, compliance, or just understanding what an agent has been doing.
LLM activity
dvx audit llm
dvx audit llm <id> # full detail for one request
Each entry is a single LLM request/response. Narrow the view with filters:
dvx audit llm --agent my-agent --since 1h
dvx audit llm --model claude-sonnet-4-6 --status 200 --limit 50
dvx audit llm --since 2026-06-01T00:00:00Z --until 2026-06-02T00:00:00Z
--agent- by agent name or ID--model- by model--status- by HTTP status code--since/--until- RFC3339 timestamps (or a duration like1hfor--since)--limit- cap the number of entries
Network activity
dvx audit network --agent my-agent
dvx audit network --outcome blocked
dvx audit network --hostname api.github.com
dvx audit network --has-findings # only entries where content inspection flagged something
--agent- by agent name or ID--outcome- e.g.allowed,blocked--hostname- by destination host--has-findings- only requests where inspection raised a finding
Add --json to either command to pipe results into other tools. Audit entries are retained as the durable record of agent behavior - approvals decisions (see Approvals) and policy actions show up here too.