Use case
Every AI agent action through Helix lands in an exportable per-identity audit log: which agent, which approver, which recipient, which provider, which timestamp. Built for the "what did the agent do as me last week" question regulated buyers ask.
Bind every action to an identity
Each Helix agent has exactly one sponsor (a human with a verified account) and exactly one approval policy. The audit log is keyed on the identity, so revoking it or rotating its scopes is reversible and traceable.
Capture the approval decision, not just the send
Approval queue entries record the agent's reasoning, the matched rule, the approver, and the time-to-decision. Approve, edit, and skip events are first-class — not derived from inbox state.
Export for SOC 2 and internal review
Pull audit events from the dashboard or the REST API. Records carry provider, message ID, identity, approver, and rule match — enough for SOC 2 evidence collection and internal incident reviews.
The most-cited blocker to letting AI act on a user's behalf is not capability — it is accountability. "Why did the agent take this action? Was the action authorised?" is the question every compliance officer and security reviewer asks. Native MCP server logging was designed for debugging, not for evidence collection; getting an audit trail out of a hand-rolled MCP server is non-trivial.
Helix bakes the audit trail in. Every send, every calendar write, every approval decision is captured with the agent identity, the sponsor, the matched approval rule, and the recipient or attendee list. The log is per-identity, so revocation cleanly bounds blast radius.
For SOC 2 evidence collection, exports include the rule match (or "fallback" when no rule fired), the approver, and a deterministic identity ID. For internal incident review, the audit timeline is enough to reconstruct what an agent did during any window without replaying the full message body.
Audit events are stored in the same Cloudflare D1 cluster as the rest of the Helix metadata. Message bodies stay in the upstream provider (Gmail / Microsoft) and are referenced by message ID — Helix does not duplicate the content of every email it sends.
The default retention is 12 months on the free tier and configurable up to seven years on paid plans. Retention policy is per-identity, not per-account, so a workspace can keep stricter retention on regulated identities.
Yes. Helix exposes outbound webhooks for audit events; point them at Datadog, Splunk, Panther, or any HTTPS endpoint. Webhook signing uses an HMAC shared with the subscription.
Next step
Ship this workflow: What the approval loop is, in plain English · Microsoft 365 and Outlook agent.
Newsletter
A 1-page playbook with the prompt, sources, and approval policy.
No spam. Unsubscribe in one click.