# Activity Monitor

> Real-time activity feed showing every action your AI agent takes, categorized by type and risk level.

See everything your AI agent does in real-time. Every file write, command execution, API call, and deployment is logged and categorized. Know exactly what is happening, when, and how risky it is.

---

## The Activity Feed

Open the **Activity** tab in your workspace dashboard. You see a live feed of agent actions:

| Column | What It Shows |
|--------|--------------|
| **Time** | When the action happened |
| **Category** | What type of action (file write, command, API call, etc.) |
| **Risk** | Low, medium, high, or critical |
| **Details** | What specifically happened — file path, command text, API endpoint |
| **Session** | Which conversation the action belongs to |

The feed updates in real-time. As your agent works, you see each action appear instantly.

---

## Action Categories

The Activity Monitor classifies every agent action into one of these categories:

| Category | Examples |
|----------|---------|
| **File Write** | Creating, editing, or overwriting files |
| **File Delete** | Removing files or directories |
| **Command Execution** | Running shell commands, scripts |
| **API Call** | Calling external APIs, webhooks |
| **Package Install** | Installing npm packages, dependencies |
| **Config Change** | Modifying configuration files |
| **Deploy** | Deploying code, pushing to production |
| **Message Send** | Sending messages via Slack, email, etc. |
| **Data Access** | Reading databases, accessing stored data |
| **Credential Use** | Using API keys, tokens, secrets |
| **Other** | Actions that do not fit the above categories |

---

## Risk Levels

Each action is assigned a risk level:

| Level | Color | Meaning |
|-------|-------|---------|
| **Low** | Green | Read operations, safe queries, no side effects |
| **Medium** | Yellow | File writes, config changes, standard operations |
| **High** | Orange | External API calls, package installs, deployments |
| **Critical** | Red | Deletions, production changes, credential usage |

Risk levels are determined automatically based on the action category and context. You can also set up [Approval rules](/agent-chat/approvals) to require manual approval for high and critical actions.

---

## Session Timeline

Click on any session to see the full timeline of actions in that conversation. This gives you a step-by-step view of what your agent did from start to finish:

```
09:41:02  [low]      File Read     → src/index.ts
09:41:03  [low]      File Read     → src/utils.ts
09:41:05  [medium]   File Write    → src/utils.ts (added helper function)
09:41:08  [medium]   Command Exec  → npm run test
09:41:15  [low]      File Read     → test results
09:41:17  [medium]   File Write    → src/index.ts (imported helper)
09:41:20  [medium]   Command Exec  → npm run build
09:41:25  [high]     Deploy        → pushed to staging
```

This is especially useful for reviewing what happened in a completed session or auditing a team member's agent usage.

---

## Filtering

Filter the activity feed by:

- **Category** — show only file operations, or only commands, etc.
- **Risk Level** — show only high and critical actions
- **Time Range** — last 10 minutes, last hour, last 24 hours
- **Session** — show actions from a specific conversation
- **Team Member** — show actions from a specific person (on team plans)

---

## Stats Dashboard

At the top of the Activity page, you see aggregate statistics:

- **Total actions** in the selected time range
- **Breakdown by category** — which types of actions are most common
- **Breakdown by risk level** — how many low, medium, high, critical actions
- **Pending approvals** — how many approval requests are waiting for your decision

---

## Team Activity

On team plans, the Activity Monitor shows actions from all team members. You can:

- See who did what and when
- Filter by team member
- Compare usage patterns across the team
- Identify which team members trigger the most high-risk actions

---

## Retention

Activity data is retained based on your plan:

| Plan | Retention |
|------|-----------|
| Free | 24 hours |
| Starter | 7 days |
| Pro | 7 days |
| Business | 30 days |
| Enterprise | Custom |

After the retention period, activity data is automatically deleted.

---

## Next Steps

- [Approvals](/agent-chat/approvals) — require manual approval for high-risk actions
- [Team Access](/agent-chat/team-access) — monitor your whole team's agent activity
- [Connect OpenClaw](/agent-chat/connect-openclaw) — activity monitoring starts automatically once connected
