# Audit ## What this is Audit is the place to verify run history and understand what happened after a Protege executed. Audit includes fleet-wide runs, Protege-specific history, run detail timelines, tool usage, logs, feedback, and analytics. ## When to use it Use Audit when: * Event Feed shows `ran` * You need to review outcomes * You need to explain or share what the Protege did ## What you need first * A Protege that has already been triggered ## Steps ### 1. Find the relevant run Start from the Protege or from Event Feed and open the run you want to inspect. Use the fleet view when you are comparing runs across Proteges. Use Protege audit when you are focused on one automation. ### 2. Review the outcome Look for: * Whether the run completed as expected * Whether the output matches the intended workflow * Whether the run result is clear enough for another teammate to review * Whether the run performed an external action or only read information * Which tools were used and whether logs explain the result ### 3. Use Audit as your proof point Audit is the best place to answer: * What happened? * Which Protege ran? * What was the result? * What action did it take? ### 4. Share feedback when needed If a run is confusing, wrong, or useful, use run feedback so the team has a durable note attached to the run. {% hint style="info" %} If you see the expected run in Audit, it means Hookshot moved beyond event intake and executed a workflow you can inspect. {% endhint %} ## How to verify ### You’re done when... * You can locate the run * You can describe the run outcome in one sentence * The outcome matches the event you saw in Event Feed * The action label and tool usage match what the Protege actually did ## Common failures * Searching Audit before confirming the event exists in Event Feed * Reviewing the wrong run after testing several events * Seeing a run but not checking whether it was scoped correctly * Treating a `No Action` run as a failure when the Protege intentionally read context without writing to another system ## Next step * [Event Feed](/event-feed.md) * [Troubleshooting](/event-feed/troubleshooting.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.tryprotege.com/event-feed/audit.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.