Skip to main content

Monitoring IDE AI Usage

When IDE assistants route through the Keeptrusts gateway, use the same public evidence path as application traffic: preserve request IDs, query runtime Events with kt events or GET /v1/events with required since, and create exports when another team needs a durable artifact. History adds captured session context only when history capture is enabled and the configured capture mode and platform retention policy make that context available.

Start with live event visibility

Use kt events tail while developers reproduce the IDE workflow you care about.

# Recent IDE-related event activity
kt events tail --since 10m

# Follow new events as they arrive
kt events tail --since 10m --follow

# Focus on blocked decisions
kt events tail --since 10m --event-type decision --verdict blocked --json

# Focus on one gateway
kt events tail --since 30m --gateway-id gw_123 --json

Use the JSON form when another tool or script needs the event payload.

Move from events to request review

Use the live tail for confirmation, then move to the customer-facing review surfaces:

  • Use the matching kt events tail result or Events API response for the request outcome, reason code, configuration version, and delivered policy details.
  • Use History only when capture is enabled and you need the session metadata or content permitted by the capture mode and platform retention policy.
  • Use Trail when you need chronology or evidence packaging.
  • Use Inbox when the request created an escalation or approval item.

Do not rely on Notifications for ordinary IDE policy decisions, gateway health, configuration reloads, export completion, or budget thresholds. The current notification producers cover specific workflows such as escalation lifecycle, disposable-token lifecycle, conversation sharing, and managed broadcasts; see Notifications.

Export evidence for audits or handoff

For small or immediate exports, use kt events export directly:

# Last 7 days as CSV
kt events export --since 7d --format csv > ide-events-7d.csv

# Last 24 hours as structured JSON
kt events export --since 24h --format json > ide-events-24h.json

For longer-running or handoff-oriented exports, use asynchronous export jobs:

kt export-jobs create --since 30d --format csv
kt export-jobs list --json
kt export-jobs download --job-id <job-id> > ide-audit.csv

What to watch for

QuestionPublic surface
Is the gateway receiving IDE traffic right now?kt events tail
Which requests were blocked or redacted?kt events tail --verdict ... and the matching request IDs; add History only for capture-enabled session context
Do I need a durable artifact for another team?kt events export or kt export-jobs
Do I need cost or budget context for follow-up?kt spend and Unified Access Budgets

Practical guidance

  • Keep the live tail narrow with --since, --event-type, --verdict, and --gateway-id.
  • Export only the window you actually need so reviewers do not receive oversized evidence bundles.
  • Pair every export with the request IDs, escalation IDs, or incident references that explain why it was generated.
  • Prefer kt events, the Events API, public exports, and capture-enabled History over undocumented dashboard filters or internal analytics surfaces.

Next steps