Run history and the action invocation audit
Every workflow execution writes a run record with the trigger snapshot, the runAs principal, started/ended times, and a step-by-step timeline. Open /automations/runs/{runId} to see it — each step expands to show the typed input it received, the typed output it produced, the duration, the error message if it failed, and the attempt / invocation IDs that link it back to the underlying action invocation.
The action invocation audit:
Every action call — workflow-triggered, Wally-triggered, SDK-triggered, MCP-triggered, webhook-triggered — writes an invocationRecord into orgs/{orgId}/actionInvocations. Org admins can browse the full audit at /admin/action-invocations, filtered by surface (wally, workflow, sdk, mcp, chatgpt, webhook, internal), status (pending / success / failed / replayed), or module/action.
Tamper-evidence:
Invocation records are hash-chained — every record carries a chainSequence and a chainHash that depends on the prior record's hash. The "Verify chain" button on the audit page replays the chain and confirms nothing has been mutated or removed. If something has, the verification fails loudly with the breakpoint.
The 8-most-recent runs panel on /automations is the quick-glance signal; the run detail page is the debugger; the action invocation audit is the tamper-evident record that ties workflow runs back to every other action surface in the platform.