Audit Logs
Review the immutable event log, filter by type/user/resource, and export data for compliance.
Every action in MechaMental is recorded in an immutable audit trail. Audit logs provide full visibility into who did what, when, and from where -- essential for security, compliance, and troubleshooting.
Accessing Audit Logs
Navigate to Admin -> Audit Logs to access the organization-wide log viewer. You can also access workspace-specific logs from Settings -> Audit Log within a workspace.
Event Types
Audit events are grouped into categories. Each event captures the full context of the action.
Authentication Events
| Event | Description |
|---|---|
auth.login | User signed in (password or SSO) |
auth.logout | User signed out |
auth.token_created | API token was generated |
auth.token_revoked | API token was revoked |
auth.sso_configured | SSO/OIDC settings were updated |
auth.failed_login | Failed authentication attempt |
Resource CRUD Events
| Event | Description |
|---|---|
resource.created | A resource was created (app, pipeline, tool, endpoint, etc.) |
resource.updated | A resource was modified |
resource.deleted | A resource was deleted |
resource.committed | A pipeline commit was created |
Deployment Events
| Event | Description |
|---|---|
deploy.release_created | A new release was created |
deploy.release_deployed | A release was deployed to an environment |
deploy.release_rolled_back | A release was rolled back |
deploy.environment_updated | Environment configuration was changed |
Secret Access Events
| Event | Description |
|---|---|
secret.created | A new secret was added to the vault |
secret.updated | A secret value was updated |
secret.deleted | A secret was removed |
secret.accessed | A secret value was read (by a pipeline execution or user) |
Admin Events
| Event | Description |
|---|---|
admin.member_invited | A new member was invited |
admin.member_removed | A member was removed |
admin.role_changed | A member's role was changed |
admin.policy_updated | An IAM or protection policy was updated |
admin.settings_changed | Organization or workspace settings were modified |
admin.billing_action | Billing-related action (plan change, limit update) |
Event Details
Each audit log entry contains:
| Field | Description |
|---|---|
| Timestamp | Exact date and time of the action (UTC) |
| Actor | Who performed the action -- a user email or API token identifier |
| Action | The event type (e.g., resource.created, auth.login) |
| Resource | The affected resource with its type and ID |
| Workspace | The workspace scope (if applicable) |
| Details | Additional context: before/after values, IP address, user agent |
Filtering and Search
The log viewer provides filters to narrow down events.
Filter by Date Range
Select a start and end date to view events within a specific time window. Presets are available for common ranges: Last hour, Last 24 hours, Last 7 days, Last 30 days.
Filter by Event Type
Select one or more event categories (Authentication, Resource CRUD, Deployments, Secrets, Admin) to show only matching events.
Filter by User
Enter a user email or API token identifier to see only actions performed by that actor.
Filter by Resource
Filter by the affected resource type (app, endpoint, tool, secret, model, etc.) or search for a specific resource by name or ID.
Filter by Workspace
Select a workspace to see only events scoped to that workspace. Organization-level events appear when no workspace filter is set.
Filters can be combined. For example, you can view all secret.accessed events by a specific user in the last 7 days within a particular workspace.
Immutable and tamper-proof
Audit logs cannot be modified or deleted by anyone, including organization admins. They are stored with append-only guarantees for compliance with regulatory requirements such as SOC 2 and GDPR.
Export
Export audit logs for external analysis, compliance reporting, or long-term archival.
CSV Export
- Apply your desired filters
- Click Export -> CSV
- The filtered results are downloaded as a
.csvfile
CSV exports are suitable for spreadsheet analysis and sharing with compliance teams.
JSON Export
- Apply your desired filters
- Click Export -> JSON
- The filtered results are downloaded as a
.jsonfile
JSON exports contain the full event payload including nested details, making them suitable for programmatic processing and ingestion into SIEM tools.
Retention
Audit logs are retained based on your organization's plan:
| Plan | Retention Period |
|---|---|
| Starter | 30 days |
| Professional | 90 days |
| Enterprise | 1 year (customizable) |
Enterprise plans can negotiate extended retention periods. Contact your account manager for custom retention requirements.
Export before expiration
Events beyond your retention window are permanently removed. Export logs regularly if you need to retain them longer than your plan allows.