SpecVault Docs

Audit Log

A tamper-evident log of every significant action taken in SpecVault — who did what, and when.

What gets logged

SpecVault logs the following event types:

  • spec.published — a new spec version was uploaded, including the publisher identity (user email or token name), service ID, version number, and whether breaking changes were detected
  • service.created — a new service was registered
  • service.updated — a service's name, team, or base URL was changed
  • service.deleted — a service and all its versions were deleted
  • subscriber.added — an email address was subscribed to a service
  • subscriber.removed — a subscriber was removed (by admin or via unsubscribe link)
  • token.created — a new API token was created (name only, never the value)
  • token.revoked — an API token was revoked
  • user.login — a successful dashboard login
  • alert.sent — a breaking-change email alert was dispatched, including recipient count

Log entry format

Each entry in the exported audit log follows this structure:

{
  "timestamp": "2026-06-01T14:32:07Z",
  "event": "spec.published",
  "actor": "github-actions-prod",
  "actor_type": "token",
  "service_id": "svc_01hwx3p9k2",
  "service_name": "Payments API",
  "detail": {
    "version": "v42",
    "breaking_changes": 2,
    "endpoints_total": 31
  }
}

Actor types

  • user — action performed via the dashboard (actor is the email address)
  • token — action performed via API with a token (actor is the token name)
  • system — internal event (e.g. automatic alert dispatch)

Viewing the audit log

The audit log is accessible in two ways:

Dashboard view

Navigate to Audit Log in the top nav. The page shows a paginated, filterable list of events in reverse chronological order. You can filter by event type and search by service name or actor.

JSON export

From the Audit Log page you can export events as newline-delimited JSON (one object per line) for the current filter. Pipe the export into any log tool — for example, to look at just spec publishes:

cat audit-log-export.json | jq 'select(.event == "spec.published")'

This makes it easy to feed the audit trail into a log aggregator (Datadog, Loki, CloudWatch, etc.) or keep an offline archive for compliance.

The audit log is append-only — entries are never modified after writing. SpecVault retains and backs up the log for you as part of the hosted service; there is nothing to rotate or maintain on your side.

Retention

Audit events are retained on the hosted service and remain available in the dashboard. If you have specific long-term retention or compliance requirements, export the log periodically as JSON, or contact engage@sentinelflux.in to discuss enterprise retention options.