packages/docs/rest/diagnostics.md
The diagnostics API provides access to runtime logs, the agent event stream, the security audit log, and browser extension relay status. The security audit endpoint supports both one-shot queries and SSE streaming for real-time monitoring.
Get buffered log entries with optional filtering. Returns up to the last 200 entries matching the filters.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
source | string | No | Filter by log source (e.g., "eliza-api", "runtime") |
level | string | No | Filter by log level (e.g., "info", "warn", "error", "debug") |
tag | string | No | Filter by tag |
since | number | No | Unix ms timestamp — only return entries at or after this time |
Response
{
"entries": [
{
"timestamp": 1718000000000,
"level": "info",
"source": "eliza-api",
"tags": ["startup"],
"message": "API server started on port 2138"
}
],
"sources": ["eliza-api", "runtime", "plugin-anthropic"],
"tags": ["startup", "auth", "knowledge"]
}
Get buffered agent events (autonomy loop events and heartbeats). Use after to receive only new events since a known event ID for efficient polling.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
after | string | No | Event ID — returns only events after this ID (cursor-based pagination) |
limit | integer | No | Maximum events to return (min: 1, max: 1000, default: 200) |
runId | string | No | Filter events by autonomy run ID |
fromSeq | integer | No | Filter events with sequence number at or above this value (min: 0). Returns 400 if non-numeric. |
Response
{
"events": [
{
"type": "agent_event",
"version": 1,
"eventId": "evt-001",
"ts": 1718000000000,
"runId": "run-abc",
"seq": 12,
"payload": { "action": "thinking_started" }
}
],
"latestEventId": "evt-001",
"totalBuffered": 47,
"replayed": true
}
Query the security audit log. Supports filtering by event type and severity. Set stream=1 or include Accept: text/event-stream to receive events via Server-Sent Events.
Query Parameters
| Parameter | Type | Required | Description |
|---|---|---|---|
type | string | No | Filter by audit event type. Valid values: sandbox_mode_transition, secret_token_replacement_outbound, secret_sanitization_inbound, privileged_capability_invocation, policy_decision, signing_request_submitted, signing_request_rejected, signing_request_approved, plugin_fallback_attempt, security_kill_switch, sandbox_lifecycle, fetch_proxy_error. Returns 400 if invalid. |
severity | string | No | Filter by severity: "info", "warn", "error", "critical". Returns 400 if invalid. |
since | string | No | Unix ms timestamp or ISO 8601 string — only return entries after this time |
limit | integer | No | Maximum entries (min: 1, max: 1000, default: 200) |
stream | string | No | Set to "1", "true", "yes", or "on" to enable SSE streaming. Alternatively, set the Accept: text/event-stream header. |
Response (one-shot)
{
"entries": [
{
"timestamp": "2024-06-10T12:00:00.000Z",
"type": "policy_decision",
"summary": "Shell command blocked by policy",
"metadata": { "command": "rm -rf /" },
"severity": "warn",
"traceId": "trace-abc-123"
}
],
"totalBuffered": 152,
"replayed": true
}
Response (SSE stream)
The first SSE event is a snapshot with existing entries. Subsequent events are entry events for new audit log entries in real time.
event: snapshot
data: {"type":"snapshot","entries":[...],"totalBuffered":152}
event: entry
data: {"type":"entry","entry":{"type":"policy_decision","severity":"warn",...}}
Check browser extension relay status and extension path. Used to determine whether the Eliza browser extension is connected and loadable.
Response
{
"relayReachable": true,
"relayPort": 18792,
"extensionPath": "/path/to/chrome-extension"
}
| Field | Type | Description |
|---|---|---|
relayReachable | boolean | Whether the extension relay server is reachable at relayPort |
relayPort | integer | Port the relay is expected on (default: 18792) |
extensionPath | string | null | Filesystem path to the bundled Chrome extension, or null if not found |