What the agent can tell you about your workspace

A catalog of the read-only "what is the state of my workspace" questions the agent can answer in one round-trip — quotas, members, holds, retention, anomalies, DLP, version history, extraction status, audit chain.

Updated 2026-04-27

Open the agent (⌘K) and try any of these — each is one tool call away:

**Workspace state and quotas**

- "How much disk space have my files used?" — calls tenantUsageSummary - "Am I close to my agent question cap?" — same tool, surfaces the warnings array - "What plan are we on?" / "When does the subscription renew?" — getTenantSettings - "What's our ingest email?" — getTenantSettings (returns the docs+slug@kodori.ai address)

**Who and what**

- "Who is on this workspace?" / "How many admins do we have?" — listMembers - "What happened today?" / "What changed this week?" — recentActivity (24h default; up to 30 days) - "What did I do this morning?" — recentActivity with scope='me'

**Governance**

- "Are any matters on hold?" / "How many active legal holds?" — listLegalHolds - "What retention rules do we have?" / "How many docs are on AP-7?" — listRetentionClasses - "What's in the retention review queue?" — listRetentionReviewQueue - "Any anomalies pending review?" / "Any auto-paused agents?" — listAnomalies - "Anything DLP flagged?" / "Open findings on this document?" — listDlpFindings (permission-trimmed)

**Per-document**

- "Show me the version history of this document" — listDocumentVersions - "What happened to this document?" — listDocumentEvents - "Why hasn't this PDF extracted yet?" / "Did the OCR succeed?" — getDocumentExtraction

**Saved searches**

- "What saved searches do I have?" — listSavedSearches - "Run my Smith engagement saved search" — runSavedSearch

**Admin / ops surface**

- "What API keys exist?" — listApiKeys (plaintext secrets are NEVER returned; only sha256-stored) - "Where am I sending webhooks?" / "Any failed deliveries lately?" — listWebhooks (with 24h delivery health stats) - "Verify the audit chain integrity" — verifyAuditChain (recomputes SHA-256 over every event; same logic as the /audit "Verify chain integrity" button)

Permission-trimming applies throughout. A user without read on a document never sees its versions, events, extraction status, or DLP findings — even if they ask the agent. The same canReadDocument SQL fragment that powers /search backs every per-document tool.

Mutation tools still gate on an explicit user-stated reason — no amount of conversation context lets the agent invent a reason for a delete or sensitivity change. Read-only tools have no such gate; ask away.

Related in Working with the AI agent