Audit what your AI coding agent did
An agent ran for an hour while you were away. What did it actually touch? Scrolling back through a terminal won't tell you, and it never covered the file system anyway. Dejima keeps a real record, so the answer is a command, not a guess.
What gets recorded
Every privileged crossing an island makes goes through a broker, and the broker writes it down. A folder granted, a file read in or out, a capability invoked, an access denied: each one becomes an entry in an append-only ledger that lives outside any container, where an agent can't reach it.
The agents' own chatter and the code they wrote aren't the point here. The point is the boundary: every time something crossed between an island and your machine, there's a line for it.
Read the ledger
Start with everything, most recent first.
dejima audit
Then narrow it. The flags compose, so you can ask precise questions.
dejima audit --type port # only host-file crossings
dejima audit --island myproject # only one island
dejima audit --type api --decision denied # what got blocked
dejima audit -n 50 # the 50 most recent entries
dejima audit --since 2026-06-28T09:00:00Z # since a point in time
"What did the agent in myproject read from my disk today?" is now a one-line question with an answer you can trust.
Verify nothing was altered
A log you can quietly edit isn't evidence. This one is hash-chained: each entry carries a hash of the one before it, so removing, reordering, or changing any entry breaks the chain. Check the whole thing.
dejima audit --verify
If it passes, the record is intact from the first entry to the last. If someone tampered with it, the verification fails at the broken link.
Export it
When you need a record outside the tool, for a client, an auditor, or your own files, export it.
dejima audit --export csv -o audit.csv # also: jsonl, json
You can also read the same ledger through the GET /v1/audit API for a dashboard, or browse it in the TUI's audit pane by pressing A.
Why "prove," not "hope." Most setups leave you trusting that an agent stayed in its lane. Because every host crossing is brokered, the ledger is complete by construction: if an agent reached your files, there's an entry, and if there's no entry, it didn't. The verification step means you can hand that record to someone who doesn't take your word for it.
Common questions
How do I see what an AI agent did?
Dejima writes every brokered crossing, such as host-file access and capability calls, to an append-only audit ledger. Run dejima audit to read it, filter by island or type, and dejima audit --verify to confirm the record hasn't been altered.
Can the audit log be tampered with?
The ledger is hash-chained: each entry depends on the one before it, so a reordered or missing entry breaks the chain. dejima audit --verify checks the whole chain, and the log lives outside any container, where an agent can't reach it.
Can I export the audit log for compliance?
Yes. dejima audit --export csv -o audit.csv writes the record as CSV, JSON, or JSONL for a compliance file. You can also read it through the GET /v1/audit API or the TUI's audit pane.
Have an AI walk you through it
Paste this into your own AI and it'll guide you through it, adapted to your setup.
Install Dejima and run your first island →
Related: Scope an agent to one folder · Dejima for teams · all guides
