Skip to content

Audit Log #24

New issue
New issue
Closed
Closed
Audit Log#24
Labels
P2Medium prioritycomplianceCompliance and auditenhancementNew feature or request
@antiv

Description

@antiv
antiv
opened on Mar 3, 2026

Summary

Comprehensive audit trail: who changed what config when, who accessed which agent, RBAC denials, admin actions (user CRUD, key management). Immutable log with retention policy.

Motivation

EU AI Act compliance requires audit trails for AI systems. Essential for enterprise adoption in regulated industries. Currently only RBAC denials are logged (to token_usage_logs) — config changes, admin actions, and access patterns are untracked.

Scope

  • New audit_logs table (timestamp, actor, action, resource_type, resource_id, details JSON, ip_address)
  • Actions logged: agent CRUD, user CRUD, config changes, RBAC denials, login/logout, key management, schedule changes, approval decisions
  • Immutable: no UPDATE/DELETE on audit_logs (append-only)
  • Retention policy: configurable auto-archive after N days
  • Dashboard: audit log viewer with filters (actor, action, resource, date range)
  • Export: JSON/CSV for compliance reporting

Acceptance Criteria

  • All admin actions logged automatically
  • Immutable audit log (append-only)
  • Dashboard viewer with filtering
  • Export for compliance reporting
  • Retention policy configurable

Metadata

Metadata

Assignees

No one assigned

    Labels

    P2Medium prioritycomplianceCompliance and auditenhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions