Understanding the Stow Activity Log: What Gets Recorded and Why
You can't manage what you can't see. Stow's Activity Log gives you complete visibility into every AI action — without ever storing the content of those actions.
Your AI agent might make dozens of tool calls per session — reading emails, checking Slack, querying databases, drafting responses. The Activity Log is the authoritative record of every one of those actions: what was attempted, what was allowed, what was blocked, and when. It answers "what did my AI do?" without storing what it saw or said.
What Every Log Entry Contains
The Four Statuses Explained
executed
The request passed policy evaluation and the Risk Engine, and the operation was carried out against the target service. Normal successful operation.
pending_approval
The request matched an operation set to 'Approval Required.' It's paused in your approval queue, waiting for you to confirm or deny.
denied
The operation is blocked by your policy — either explicitly set to 'Off' or rejected from the approval queue. The request never reached the service API.
failed
The request passed policy but encountered an error when calling the service API. Usually indicates a credential issue or a service-side problem.
What the Log Deliberately Omits
The Activity Log records what happened, not what was in the payload. This is the Zero-Retention guarantee in practice:
- Email bodies and subjects — not stored
- Slack message content — not stored
- Document text from Drive or Notion — not stored
- Database query results — not stored
- API keys and OAuth tokens — never stored in plain text; truncated to a masked prefix in any references
You can see that Claude read 12 emails at 2:34 PM. You cannot see which emails or what they contained. That's the intentional trade-off.
Using the Log for Incident Response
If something unexpected happens — an action you didn't authorize, a service behaving strangely — the Activity Log is your first stop. Here's what to look for:
Unexpected executed entries
Check the risk score. Low score + unusual tool suggests a legitimate but unexpected AI action. High score + unusual tool suggests something worth investigating.
Surge in request volume
Filter by agent and time range. A burst of requests from a specific agent in a short window could indicate runaway agent behavior or a loop.
Failed entries for a service
Usually means expired credentials. Navigate to the service in Connected Services and re-authenticate.
Network signals mismatch
If the ASN or country differs from your expected location, check if your secret has been compromised. Rotate immediately if in doubt.
Filtering and Searching the Log
The Activity Log supports filtering by agent, status, service, and time range. If you're investigating a specific session or time window, filtering by agent + timestamp is usually the fastest way to isolate the relevant entries.
All entries are retained for your review period. The log grows continuously — there's no automatic truncation. Over time, patterns in your log will show you how your AI agent actually behaves in practice, which is often more informative than the permissions you thought you set.
The Log as a Training Tool
Beyond security, the Activity Log is useful for understanding your AI agent's behavior. Patterns in tool call frequency reveal which capabilities your agent actually uses. A high ratio of pending_approval entries for a specific operation suggests you've set that permission too conservatively. Zero entries for a specific tool means that capability isn't being used and you might not need to maintain that service connection.
Stow Security Team
April 19, 2026