Activity Monitor
See everything your AI agent does in real-time. Every file write, command execution, API call, and deployment is logged and categorized. Know exactly what is happening, when, and how risky it is.
The Activity Feed
Open the Activity tab in your workspace dashboard. You see a live feed of agent actions:
| Column | What It Shows |
|---|---|
| Time | When the action happened |
| Category | What type of action (file write, command, API call, etc.) |
| Risk | Low, medium, high, or critical |
| Details | What specifically happened — file path, command text, API endpoint |
| Session | Which conversation the action belongs to |
The feed updates in real-time. As your agent works, you see each action appear instantly.
Action Categories
The Activity Monitor classifies every agent action into one of these categories:
| Category | Examples |
|---|---|
| File Write | Creating, editing, or overwriting files |
| File Delete | Removing files or directories |
| Command Execution | Running shell commands, scripts |
| API Call | Calling external APIs, webhooks |
| Package Install | Installing npm packages, dependencies |
| Config Change | Modifying configuration files |
| Deploy | Deploying code, pushing to production |
| Message Send | Sending messages via Slack, email, etc. |
| Data Access | Reading databases, accessing stored data |
| Credential Use | Using API keys, tokens, secrets |
| Other | Actions that do not fit the above categories |
Risk Levels
Each action is assigned a risk level:
| Level | Color | Meaning |
|---|---|---|
| Low | Green | Read operations, safe queries, no side effects |
| Medium | Yellow | File writes, config changes, standard operations |
| High | Orange | External API calls, package installs, deployments |
| Critical | Red | Deletions, production changes, credential usage |
Risk levels are determined automatically based on the action category and context. You can also set up Approval rules to require manual approval for high and critical actions.
Session Timeline
Click on any session to see the full timeline of actions in that conversation. This gives you a step-by-step view of what your agent did from start to finish:
09:41:02 [low] File Read → src/index.ts
09:41:03 [low] File Read → src/utils.ts
09:41:05 [medium] File Write → src/utils.ts (added helper function)
09:41:08 [medium] Command Exec → npm run test
09:41:15 [low] File Read → test results
09:41:17 [medium] File Write → src/index.ts (imported helper)
09:41:20 [medium] Command Exec → npm run build
09:41:25 [high] Deploy → pushed to stagingThis is especially useful for reviewing what happened in a completed session or auditing a team member’s agent usage.
Filtering
Filter the activity feed by:
- Category — show only file operations, or only commands, etc.
- Risk Level — show only high and critical actions
- Time Range — last 10 minutes, last hour, last 24 hours
- Session — show actions from a specific conversation
- Team Member — show actions from a specific person (on team plans)
Stats Dashboard
At the top of the Activity page, you see aggregate statistics:
- Total actions in the selected time range
- Breakdown by category — which types of actions are most common
- Breakdown by risk level — how many low, medium, high, critical actions
- Pending approvals — how many approval requests are waiting for your decision
Team Activity
On team plans, the Activity Monitor shows actions from all team members. You can:
- See who did what and when
- Filter by team member
- Compare usage patterns across the team
- Identify which team members trigger the most high-risk actions
Retention
Activity data is retained based on your plan:
| Plan | Retention |
|---|---|
| Free | 24 hours |
| Starter | 7 days |
| Pro | 7 days |
| Business | 30 days |
| Enterprise | Custom |
After the retention period, activity data is automatically deleted.
Next Steps
- Approvals — require manual approval for high-risk actions
- Team Access — monitor your whole team’s agent activity
- Connect OpenClaw — activity monitoring starts automatically once connected