Skip to main content

Overview

Every attention event captured by OnlookAI is signed with an HMAC using your SIGNING_SECRET. The chain of signatures makes the log tamper-evident — any modification to a past event invalidates all subsequent signatures.

Verifying a session

import { attune } from '@onlook/attune'

const audit = await attune.verify({
  sessionId: 'sess_8xK2mP9q',
  from: '2026-01-01',
  to: '2026-04-28',
})

if (audit.valid) {
  exportToSIEM(audit)
}

Event schema

Each event in the audit log contains: 
{
  "id": "evt_7hD1cM3s",
  "sessionId": "sess_8xK2mP9q",
  "type": "FACE_DETECTED",
  "score": 88,
  "timestamp": "2026-04-28T14:32:01Z",
  "signature": "sha256:a3f9..."
}

SIEM export

See SIEM Export for exporting audit logs to Splunk, Microsoft Sentinel, or any CEF-compatible destination.