The system maintains two complementary audit trails: real-time operational logs streamed over Server-Sent Events (SSE) fromDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/gcapella0/agente-inteligente-expedientes/llms.txt
Use this file to discover all available pages before exploring further.
operational.log, and a structured event history written to both audit.jsonl (JSONL file) and the MongoDB auditoria collection. The file-based trail is designed for export and long-term retention; the MongoDB trail supports per-docente and per-document queries.
GET /logs/stream
Stream new log lines in real time using Server-Sent Events. Authentication: JWT passed as a query parameter?token=<jwt> (EventSource in browsers does not support custom headers).
Response content type: text/event-stream
Query parameters
Valid JWT. Passed as a query parameter because the browser
EventSource API does not allow custom headers.Filter events to a specific agent. Accepted values:
watcher | ocr | classifier | storage | api. When omitted, events from all agents are returned.Filter events by log level (case-insensitive). Accepted values:
INFO | WARNING | ERROR. When omitted, all levels are forwarded.Event format
Each event has typelog and a JSON payload:
keepalive event is sent every 15 seconds when no new lines are available, to prevent proxies from closing the connection:
Browser usage
Response headers
| Header | Value |
|---|---|
Content-Type | text/event-stream |
Cache-Control | no-cache |
X-Accel-Buffering | no (disables nginx response buffering) |
Content-Encoding | identity (disables gzip so chunks flush immediately) |
The stream tails
operational.log from the end of file at connection time — you will only receive lines written after you connect. The embedded dashboard (/ui/index.html) uses this endpoint to display a live log panel showing the most recent events. If operational.log does not yet exist, the server holds the connection open and sends keepalive events until the file is created.GET /logs/descargar
Download the full audit trail as a JSONL file attachment. Authentication:Authorization: Bearer <token> required.
Response
Returns aStreamingResponse with:
- Content-Type:
application/json - Content-Disposition:
attachment; filename="audit-YYYY-MM-DD.jsonl"(date of the download request)
serialize=True sink and has the following top-level structure:
JSONL field reference
All audit-specific data is stored underrecord.extra:
| Path | Description |
|---|---|
record.time.repr | ISO 8601 timestamp with timezone |
record.level.name | Log level, always "INFO" for audit events |
record.message | Human-readable summary: "[{agente}] {accion}: {resultado}" |
record.extra.agent | Agent or subsystem that produced the event |
record.extra.cedula | Docente identifier, when applicable (null otherwise) |
record.extra.documento_tipo | Document type, when applicable (null otherwise) |
record.extra.archivo | Source filename, when applicable (null otherwise) |
record.extra.detalle | Free-text context or error message (null otherwise) |
record.extra.timestamp_utc | ISO 8601 UTC event time from audit_log() |
Log rotation
| Parameter | Default |
|---|---|
| Max file size | 50 MB (configurable via AUDIT_ROTATION) |
| Retention | 90 days (configurable via AUDIT_RETENTION) |
404 Not Found if no audit events have been written yet (file does not exist).
GET /admin/auditoria/expediente/{cedula}
Retrieve structured audit events for a specific docente’s dossier from MongoDB. Authentication: Admin role required (Authorization: Bearer <admin-token>). Returns 403 Forbidden for non-admin tokens.
Path parameters
The docente’s national ID (cédula). Must match an existing docente record or a
404 is returned.Query parameters
Look-back window in days. Minimum
1, maximum 90. Events older than now - dias are excluded.Response 200 OK
Returns up to 100 events, sorted by timestamp descending (newest first).
ISO 8601 event timestamp.
Event type string (see common event types below).
The authenticated user (
sub claim from JWT) or "sistema" for agent-generated events.Event-specific context payload. Contents vary by
tipo_evento.Outcome string, e.g.
"exitoso", "error", "ok".Error responses
| Status | Condition |
|---|---|
403 Forbidden | Token is valid but the user does not have the admin role. |
404 Not Found | No docente with the given cedula exists. |
GET /admin/auditoria/documento/{documento_id}
Retrieve the full change history for a specific document. Authentication: Admin role required.Path parameters
MongoDB ObjectId of the document (as a hex string). No date limit is applied — all events for this document are returned.
Response 200 OK
Audit event types
Audit events are written by all four pipeline agents and by the API itself via theaudit_log() function in src/core/logger.py.
| Event type | Producer | Description |
|---|---|---|
clasificado | classifier | Document classified by LLM |
documento_insertado | storage | Document record persisted to MongoDB |
archivo_movido | storage | Source file relocated to processed folder |
ocr_completado | ocr | OCR extraction finished for a file |
docente_creado | storage | New docente record created |
chat_expediente_consulta | api | User queried a dossier via the chat endpoint |
stop_agente | api | User called POST /agentes/{nombre}/stop |
The
auditoria MongoDB collection and the audit.jsonl file are written in parallel. The JSONL file is optimised for bulk export and offline analysis; the MongoDB collection is optimised for per-docente and per-document queries via the admin endpoints above.