Audit Log
A tamper-evident log of every significant action taken in SpecVault — who did what, and when.
What gets logged
SpecVault logs the following event types:
- spec.published — a new spec version was uploaded, including the publisher identity (user email or token name), service ID, version number, and whether breaking changes were detected
- service.created — a new service was registered
- service.updated — a service's name, team, or base URL was changed
- service.deleted — a service and all its versions were deleted
- subscriber.added — an email address was subscribed to a service
- subscriber.removed — a subscriber was removed (by admin or via unsubscribe link)
- token.created — a new API token was created (name only, never the value)
- token.revoked — an API token was revoked
- user.login — a successful dashboard login
- alert.sent — a breaking-change email alert was dispatched, including recipient count
Log entry format
Each entry in the exported audit log follows this structure:
{
"timestamp": "2026-06-01T14:32:07Z",
"event": "spec.published",
"actor": "github-actions-prod",
"actor_type": "token",
"service_id": "svc_01hwx3p9k2",
"service_name": "Payments API",
"detail": {
"version": "v42",
"breaking_changes": 2,
"endpoints_total": 31
}
}
Actor types
user— action performed via the dashboard (actor is the email address)token— action performed via API with a token (actor is the token name)system— internal event (e.g. automatic alert dispatch)
Viewing the audit log
The audit log is accessible in two ways:
Dashboard view
Navigate to Audit Log in the top nav. The page shows a paginated, filterable list of events in reverse chronological order. You can filter by event type and search by service name or actor.
JSON export
From the Audit Log page you can export events as newline-delimited JSON (one object per line) for the current filter. Pipe the export into any log tool — for example, to look at just spec publishes:
cat audit-log-export.json | jq 'select(.event == "spec.published")'
This makes it easy to feed the audit trail into a log aggregator (Datadog, Loki, CloudWatch, etc.) or keep an offline archive for compliance.
The audit log is append-only — entries are never modified after writing. SpecVault retains and backs up the log for you as part of the hosted service; there is nothing to rotate or maintain on your side.
Retention
Audit events are retained on the hosted service and remain available in the dashboard. If you have specific long-term retention or compliance requirements, export the log periodically as JSON, or contact engage@sentinelflux.in to discuss enterprise retention options.