Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.maxicore.ai/llms.txt

Use this file to discover all available pages before exploring further.

Maxi AI Core records all significant actions in an append-only audit log. Every content mutation, license activation, AI provider key rotation, OAuth token event, email send, and data masking change leaves a permanent entry you can query at any time. Use the audit log to review what agents have done, investigate unexpected behavior, and verify that your security controls are working as expected.
Query the audit log regularly — not just when something goes wrong. Unexpected patterns (content created at unusual times, repeated token validation failures, unrecognized OAuth clients) are easier to catch early.

Querying events

Call maxi/get-audit-events to retrieve audit log entries. You can filter by category, specific event name, or a timestamp to narrow results. Parameters:
ParameterTypeDescription
categorystringFilter by event category (see categories below)
eventstringFilter by specific event name
sincestringReturn only events after this timestamp (Y-m-d H:i:s)

Example: all content mutations

{
  "category": "content"
}

Example: license events only

{
  "category": "license"
}

Example: events since a specific time

{
  "category": "oauth",
  "since": "2025-01-01 00:00:00"
}

Response format

Each audit log entry has the following fields:
FieldDescription
idUnique entry ID
tsTimestamp of the event
categoryEvent category (e.g. content, key, oauth)
eventSpecific event name (e.g. content_created, rotated)
actor_idWordPress user ID of the user who triggered the event
subjectThe object the event relates to (e.g. a post ID, a client ID)
contextAdditional structured data specific to the event type

Example response entry

{
  "id": 1042,
  "ts": "2025-05-10 14:23:07",
  "category": "content",
  "event": "content_created",
  "actor_id": 5,
  "subject": "post:312",
  "context": {
    "post_type": "post"
  }
}

Event categories

Records every change to posts, pages, and custom post types.
EventDescriptionContext fields
content_createdNew post or page createdpost_type
content_updatedPost or page updatedupdated_fields (array of changed field keys)
content_deletedPost or page deleted or trashedforce (true = permanent delete, false = trash)
content_duplicatedPost or page duplicatedsource_id (original post ID)
status_changedPost status changedfrom, to
content_scheduledPost scheduled for future publicationdate
author_changedPost author changedfrom, to (user IDs)
parent_changedPost parent changedfrom, to (post IDs)
{ "category": "content" }
Records all AI provider credential activity.
EventDescription
rotatedA provider key was successfully rotated
validation_failedA rotation attempt failed the live validation test
Both events include the provider name in context.
{ "category": "key" }
Records license activation and deactivation events.
EventDescription
activatedLicense activated successfully
activation_failedLicense activation attempt failed
deactivatedLicense deactivated
{ "category": "license" }
Records every stage of the OAuth 2.1 flow — client registration, authorization, token issuance, and revocation.
EventDescriptionContext fields
client_registeredA new OAuth client registered via DCRauth_method, redirect_uris_count, client_name, ip. Subject: client_id
code_issuedAuthorization code minteduser_id, scopes, resource, path
token_issuedAccess and refresh token pair issueduser_id, grant_type, scopes
token_refreshedToken pair rotated
token_revokedToken invalidatedtoken_type_hint
token_validation_failedBearer token rejectedreason. Subject: masked first-8 chars of token
{ "category": "oauth" }
Token validation failures with reason: unknown_or_expired_or_revoked are worth monitoring — repeated failures may indicate a misconfigured client or a stolen token replay attempt.
Records significant note lifecycle events.
{ "category": "notes" }
Records every WP-CLI command attempted via maxi/run-wp-cli, including rejected commands and the rejection reason.
{ "category": "wp_cli" }
Records every email sent via maxi/send-email. Includes recipient, subject, and from identity. The email body is not logged.
{ "category": "email" }
Records additions and removals from the GDPR data masking field list managed via maxi/manage-mask-fields.
{ "category": "data_masking" }
Records rule-related events, including blocked ability calls and rule sync operations.
{ "category": "rules" }

Audit log integrity

The audit log is append-only. Each entry is recorded with a tamper-evident hash incorporating prior entries — modifying historical records breaks the chain from that point forward. Query the log regularly and investigate any unexpected gaps or patterns in the recorded events.