Latch / Docs
guides

Activity

Every decision, allowed or denied, with the filter that made it.

Activity is the audit log. Every request through a latch lands here, allowed or denied, with the filter that decided and why.

A denial that leaves no trace is not a security control, it is a mystery. This is the trace.

What a row tells you

Method, path, decision, latch, mount, and timing. Click one for the full drill-down:

  • The filter trace. Every filter in the pipeline and what it decided, in order, including the one that denied.
  • The mount that matched, on a multi-mount latch.
  • Timing, split between policy evaluation and the upstream call.
  • Request and response bodies, but only if you enabled body logging on the latch. Off by default, because a credential proxy that logs everything by default is a liability.

Export

Export downloads the current view as CSV, so you can take an audit trail to someone who does not have a Latch login.

The protection flow

For a latch that evaluates in an enclave, the drill-down shows the full path a request took: agent identity, then the REX enclave, then the attestation, then the upstream. That chain is the evidence that the policy you wrote is the policy that ran.