Skip to main content
The Audit log is a who-did-what record of actions taken in your organization: nodes started or deleted, API keys created or revoked, members added or removed, sign-ins, role changes, and more. Each entry names the actor, the action, the target it was performed on, and when it happened. Use it for compliance reviews, security investigations, and “who changed this?” questions.

Open the audit log

In the Dashboard sidebar, open Audit log. This page shows the organization-wide feed and is available to Admins and Owners (and platform admins). If you’re a Member, you don’t have the sidebar link — you see the events you triggered under My recent activity on your profile page instead. See Manage your account.

Audit log vs other activity views

The Dashboard surfaces a few activity views that are easy to confuse:
ViewShowsReach for it when
Audit logActor + action + target, with a timestampCompliance, security, “who did this?”
Events feedLifecycle facts about resources (a node started, sync finished)Ops triage, “what happened, when?”
Alerts (coming soon)Conditions you defined, with an open → resolved lifecyclePaging on-call, webhook delivery

What each entry shows

ColumnContent
TimeWhen the action happened.
ActionWhat was done — for example Node created, API key revoked, Member added.
ActorWho did it (name or email). Links to the user when known.
TargetWhat it was done to — a node, executor, API key, organization, user, or invitation. Links to that item’s page when applicable.
Open any row to see its full detail panel: a one-line summary, the resolved actor and target, and any extra metadata captured with the action (for example a changed field, a role change, or an invitation’s email). Sensitive values such as secrets and API-key material are never stored in an entry. Entries are append-only. There is no edit, delete, or dismiss — an audit entry only ever has a creation time, never a lifecycle. Use the filter bar at the top of the log to narrow what you see. Each filter is multi-select and the URL updates as you go, so a filtered view is shareable:
  • Action — filter by action type (the Type filter).
  • Actor — pick one or more users.
  • Target — pick one or more nodes, executors, API keys, or other targets.
  • Category — group by domain: Auth, Security, Organization, Resource, Failure, System, Other.
  • LevelInfo, Success, Warning, or Error.
  • Date — on, before, after, or a from/to range.
There’s also a free-text Search activity… box that matches across the action, actor, target, and entry details. You can group the table by day, actor, target, category, or level, and Load more to page through older entries.

Export to CSV

The full-page log has an Export button that downloads the currently visible rows as a CSV (file name audit-activity-log-<timestamp>.csv). The export columns are: ID, Occurred at, Source, Type, Title, Summary, Category, Level, Actor kind, Actor ID, Actor label, Target kind, Target ID, Target label, Idempotency UUID, plus the entry’s metadata and detail payload as JSON. Export is available on the full Audit log page only. The My recent activity view on your profile is a personal slice, not a compliance artefact, so it has no export.

Who sees what

Visibility is enforced for every request:
RoleSees
Owner / AdminEvery action in the organization, by any member, including each other’s.
MemberOnly the actions they performed (via My recent activity on their profile).
Platform adminThe organization feed, and can read across organizations from the admin console.
The My recent activity view is always scoped to you, regardless of role, and the Actor column is hidden there since every entry is your own.

What gets audited

Actions are grouped into categories. The current set:
  • Resourcenode.created, node.updated, node.deleted, node.start.requested, node.stop.requested, node.restart.requested, executor.disabled, executor.deleted, release.created, release.updated, release.deleted.
  • Securityapi_key.created, api_key.revoked, user.role.changed, user.banned, user.unbanned, user.deleted, impersonation.started, impersonation.stopped.
  • Organizationorganization.created, organization.updated, organization.deleted, organization.member.added, organization.member.removed, organization.member.suspended, organization.member.restored, invitation.sent, invitation.accepted, invitation.revoked.
  • Authsession.signed_in, session.signed_out, user.password.changed, user.password.reset_requested, user.password.reset_completed, user.session.terminated.
  • Otheruser.registered, user.email.verified.
  • Failureauthz.denied (an action was blocked because the actor lacked permission).
The set grows as new actions ship. An action the Dashboard doesn’t yet recognize still appears, with a generated label.

Permissions

  • Read the organization audit log — Owners and Admins (and platform admins).
  • Export the audit log to CSV — same as read.
  • Read your own activity under My recent activity — every signed-in user, scoped to themselves.
  • No role can edit, delete, or dismiss an audit entry — the log is append-only.