Activity is the audit log. Every request through a latch lands here, allowed or denied, with the filter that decided and why.
A denial that leaves no trace is not a security control, it is a mystery. This is the trace.
What a row tells you
Method, path, decision, latch, mount, and timing. Click one for the full drill-down:
- The filter trace. Every filter in the pipeline and what it decided, in order, including the one that denied.
- The mount that matched, on a multi-mount latch.
- Timing, split between policy evaluation and the upstream call.
- Request and response bodies, but only if you enabled body logging on the latch. Off by default, because a credential proxy that logs everything by default is a liability.
Export
Export downloads the current view as CSV, so you can take an audit trail to someone who does not have a Latch login.
The protection flow
For a latch that evaluates in an enclave, the drill-down shows the full path a request took: agent identity, then the REX enclave, then the attestation, then the upstream. That chain is the evidence that the policy you wrote is the policy that ran.
Related
- Simulate: the same trace, before a request is real.
- The pipeline: what the trace is tracing.