kt events
Query and export events from the Keeptrusts API.
Use this page when
- You need to query recent gateway decision events or stream them in real time.
- You are exporting event data to CSV or JSON for compliance, audit, or external tooling.
- You want to filter events by verdict (allow, block, redact, escalate) or time window.
Primary audience
- Primary: AI Agents, Technical Engineers
- Secondary: Technical Leaders
kt events tail
Stream or query recent events.
Usage
kt events tail [OPTIONS]
Options
| Flag | Description |
|---|---|
--since <duration|rfc3339> | Time window start (5m, 1h, 24h, 7d or ISO 8601) |
--verdict <verdict> | Filter: allow, block, redact, escalate |
--limit <n> | Maximum events to return (default: 50) |
--json | Output as JSON |
Examples
# Last 5 minutes of events
kt events tail --since 5m
# Blocked events in the last hour, as JSON
kt events tail --since 1h --verdict block --json
# Last 100 events from a specific time
kt events tail --since 2026-03-20T00:00:00Z --limit 100
Terminal Output
kt events tail --since 1h
TIME ID VERDICT REASON
2026-03-20T10:30:00Z evt_abc123 block prompt_injection_detected
2026-03-20T10:28:15Z evt_def456 allow all_policies_passed
2026-03-20T10:25:42Z evt_ghi789 redact pii_detected
2026-03-20T10:22:00Z evt_jkl012 escalate low_confidence_output
JSON Output
kt events tail --since 1h --json
[
{
"id": "evt_abc123",
"event_type": "decision",
"timestamp": "2026-03-20T10:30:00Z",
"verdict": "block",
"reason_code": "prompt_injection_detected",
"model": "gpt-4o",
"provider": "openai",
"config_version": "0.2.0"
}
]
kt events export
Export events to a file for compliance and audit.
Usage
kt events export [OPTIONS]
Options
| Flag | Description |
|---|---|
--since <duration> | Time window start |
--until <rfc3339> | Time window end (default: now) |
--format <csv|json> | Export format (default: json) |
--output <path> | Output file path (default: stdout) |
Examples
# Export last 7 days as CSV
kt events export --since 7d --format csv --output events.csv
# Export last 30 days as JSON
kt events export --since 30d --format json --output events.json
# Pipe to another tool
kt events export --since 24h --format json | jq '.[] | select(.verdict == "block")'
CSV Output Format
id,event_type,timestamp,verdict,reason_code,model,provider,config_version
evt_abc123,decision,2026-03-20T10:30:00Z,block,prompt_injection_detected,gpt-4o,openai,0.2.0
evt_def456,decision,2026-03-20T10:28:15Z,allow,all_policies_passed,gpt-4o,openai,0.2.0
For AI systems
- Canonical terms: Keeptrusts, kt events, kt events tail, kt events export, decision events, verdict, allow, block, redact, escalate.
- Commands:
kt events tail --since <duration> --verdict <verdict> --limit <n> --json,kt events export --since <duration> --format <csv|json> --output <path>. - Events are gateway decision records. Use
tailfor real-time queries andexportfor compliance/audit evidence.
For engineers
- Use
kt events tail --since 5mafter sending a test request to verify the gateway is processing traffic correctly. - Filter by verdict to find specific outcomes:
kt events tail --since 1h --verdict block --json. - Export events for auditors or external tools:
kt events export --since 30d --format csv --output monthly-events.csv.
For leaders
- Events provide the audit trail for every governed LLM request — each event records the verdict, reason, model, provider, and config version.
- Export capabilities support compliance evidence delivery (CSV for spreadsheet review, JSON for SIEM ingestion).
- Retention is configurable via
KEEPTRUSTS_EVENT_RETENTION_HOURSon the API side.
Next steps
- Events and Traces — Console event investigation
- Export Evidence for a Review — Compliance workflow
- kt export-jobs — Asynchronous export job management
- CLI Overview — Full CLI workflow