The handbook
Manage usersManage rolesMint and revoke API keysManage tenantsRun agents and chatIngest and curate contextManage cultivatorsPer-tenant agent overridesReview the audit log
Workflows

Workflows: Review the audit log

The audit log is the source of truth for who did what within a tenant. This page covers the common review patterns.

Prerequisites

  • acaso_os:admin on the connection. Audit access is admin-gated in v1. Operators without admin do not see the Audit nav item.

Open the audit log

Open /audit. The page calls GET /v1/admin/tenants/{slug}/audit-log?limit=50 and renders a chronological table (newest first) with columns for timestamp, actor (key id + resolved user display name), action, resource, and request_id.

Filter

The filter bar uses nuqs to mirror state into the URL. Sharing the URL with another operator reconstructs the exact view.

FilterEffect
Date range (from, to)Constrain to a window.
Action prefixuser.* shows all user-related actions, role.* for roles, etc.
Actor user idAll actions by one operator.
Subject idAll actions on one resource (a user, a chat, a statement).
pii_touched = trueOnly actions that touched PII fields.

Inspect a row

Click any row to open the right-side detail sheet. The sheet renders:

  • The full action and resource.
  • The actor (key id, resolved user, IP, user agent).
  • pii_touched flag.
  • The metadata JSON (collapsible) — typically a before/after diff for updates.
  • The request_id, copyable in one click.

The request id is the cross-reference for support tickets and log search.

Common review patterns

"Who archived chat #abc?"

Filter by subject_id = abc and action prefix chat. The row shows the actor_user_id and the timestamp.

"What did Alice do yesterday?"

Filter by actor_user_id = <Alice's UUID> and the date range. The table lists every write she performed.

"Anything touched user U's PII in the last 90 days?"

Filter by subject_id = U, pii_touched = true, and a 90-day window.

"What changed about role member this quarter?"

Filter by subject_id = <member role's UUID> and action prefix role.. The detail sheet of each row shows the scope diff in the metadata.

Export

The console does not offer a built-in export in v1. For ad-hoc exports, hit GET /v1/admin/tenants/{slug}/audit-log?cursor=...&limit=200 directly from a curl or notebook against the API and stitch the pages. The request_id field correlates across the platform's logs.

Note: The audit log is append-only. Rows cannot be edited or deleted through any API surface. Retention is governed by the deployment's compliance policy.

PreviousWorkflowsPer-tenant agent overridesNext DevelopOverview