Loading...
Loading...
A real-time, filterable stream of every action in your workspace. Track who did what, when, and to which resource. Filter by actor, action type, or resource.
Human-initiated actions from dashboard, API, or SDK.
AI agent actions including policy evaluations and automated decisions.
Platform-generated events such as scheduled tasks and automated enforcement.
Every feed entry includes a standardized action type for consistent filtering and analysis across your workspace.
created
updated
deleted
approved
denied
triggered
resolved
escalated
Every activity event is attributed to an actor with a standardized structure including metadata, resource references, and workspace context.
// Activity event structure
{
"id": "019event-a1b2c3d4-e5f6-7890",
"timestamp": "2026-02-14T10:30:00.000Z",
"actor": {
"type": "Agent", // "User" | "Agent" | "System"
"id": "01956abc-...",
"name": "content-guardian-v3",
"trustScore": 97
},
"action": "content.scanned",
"resource": {
"type": "ContentItem",
"id": "019content-...",
"name": "quarterly-report.pdf"
},
"metadata": {
"scanDurationMs": 342,
"fingerprintGenerated": true,
"matchesFound": 0
},
"workspaceId": "019ws-..."
}Actions follow a resource.verb naming convention. DRD defines action types across six domains.
| Domain | Action | Description |
|---|---|---|
| Content | content.uploaded | New content item ingested into the pipeline |
| Content | content.scanned | Content scan completed with fingerprint results |
| Content | content.flagged | Content flagged for policy violation or match |
| Policy | policy.created | New policy rule created in the engine |
| Policy | policy.evaluated | Policy rule evaluated against an event |
| Policy | policy.violated | Policy violation detected and recorded |
| Trust | trust.updated | Agent trust score recalculated |
| Trust | trust.degraded | Trust score dropped below threshold |
| Enforcement | enforcement.issued | Enforcement action (takedown, suspend, warn) issued |
| Enforcement | enforcement.resolved | Enforcement action resolved or appealed |
| Agent | agent.registered | New agent registered in the workspace |
| Agent | agent.heartbeat | Agent heartbeat received |
| System | system.backup | Automated backup completed |
| System | system.threshold | System threshold exceeded |
The activity feed supports multi-dimensional filtering. Combine filters to build precise views of your workspace activity.
actorType=Agentaction=content.*from=2026-02-01T00:00:00Z&to=2026-02-14T23:59:59ZagentId=01956abc-...severity=critical,highresourceType=ContentItemGET /api/v1/activity?actorType=Agent&action=content.*&severity=high&limit=50
{
"ok": true,
"data": {
"events": [
{
"id": "019event-...",
"timestamp": "2026-02-14T10:30:00Z",
"actor": { "type": "Agent", "id": "01956abc-...", "name": "content-guardian-v3" },
"action": "content.flagged",
"severity": "high",
"resource": { "type": "ContentItem", "id": "019content-..." },
"metadata": { "reason": "copyright_match", "confidence": 0.96 }
}
],
"cursor": "eyJsYXN0SWQiOiIwMTll...",
"hasMore": true
}
}Subscribe to the activity feed in real-time using Server-Sent Events (SSE). The streaming API supports the same filters as the REST endpoint.
// Connect to real-time activity stream
import { DRD } from "@drd.io/sdk";
const drd = new DRD({ apiKey: "drd_live_sk_..." });
const stream = drd.activity.stream({
actorTypes: ["Agent", "System"],
actions: ["content.*", "enforcement.*"],
severity: ["critical", "high"],
});
stream.on("event", (event) => {
console.log(`[${event.actor.type}] ${event.action}`, event);
});
stream.on("error", (err) => {
console.error("Stream error:", err);
// SDK automatically reconnects with exponential backoff
});
// Alternatively, use raw SSE
const es = new EventSource(
"https://api.drd.io/api/v1/activity/stream?actorType=Agent&action=content.*",
{ headers: { "Authorization": "Bearer drd_live_sk_..." } }
);
es.onmessage = (event) => {
const data = JSON.parse(event.data);
console.log(data);
};The SDK handles backpressure automatically. If the client falls behind, events are buffered server-side for up to 5 minutes. Reconnection uses exponential backoff with jitter starting at 1 second and maxing at 30 seconds. The Last-Event-ID header ensures no events are missed during reconnection.
The activity feed uses cursor-based pagination for consistent results even as new events stream in. Each response includes an opaque cursor for the next page.
// Paginate through historical events
let cursor: string | undefined;
let allEvents = [];
do {
const response = await drd.activity.list({
action: "enforcement.*",
limit: 100,
cursor,
});
allEvents.push(...response.events);
cursor = response.hasMore ? response.cursor : undefined;
} while (cursor);
console.log(`Fetched ${allEvents.length} enforcement events`);| Parameter | Type | Default | Description |
|---|---|---|---|
| limit | number | 25 | Events per page (max 500) |
| cursor | string | -- | Opaque cursor from previous response |
| order | string | desc | Sort order: asc or desc by timestamp |
| from | ISO 8601 | -- | Start of time range |
| to | ISO 8601 | -- | End of time range |
Forward activity events to external systems via webhooks. Configure filters so you only receive the events you care about.
POST /api/v1/activity/webhooks
{
"name": "Security events to SIEM",
"url": "https://siem.acme.com/ingest/drd",
"secret": "whsec_your_signing_secret",
"filters": {
"actorTypes": ["Agent"],
"actions": ["enforcement.*", "trust.degraded", "policy.violated"],
"severity": ["critical", "high"]
},
"retryPolicy": {
"maxRetries": 5,
"backoffMs": 1000
},
"batchSize": 10,
"batchWindowMs": 5000
}
// Response
{
"ok": true,
"data": {
"id": "019webhook-...",
"status": "active",
"signingKeyId": "019key-..."
}
}import { DRD } from '@drd/sdk';
const drd = new DRD({ apiKey: process.env.DRD_API_KEY });
// List recent activity
const feed = await drd.activityFeed.list({ limit: 50 });
// Filter by resource
const policyFeed = await drd.activityFeed.getByResource({
resourceType: 'policy',
resourceId: 'policy_abc123',
});
// Filter by actor
const agentFeed = await drd.activityFeed.getByActor({
actorId: 'agent_abc123',
});