Audit logs — identity and admin events
Signups, sign-ins, MFA enrollment, role changes, tenant edits, IdP changes, API-key lifecycle, and policy edits. Long retention (90+ days) for compliance.
Two complementary log streams. Audit logs answer 'who changed what'. Request logs answer 'what traffic flowed'.
Signups, sign-ins, MFA enrollment, role changes, tenant edits, IdP changes, API-key lifecycle, and policy edits. Long retention (90+ days) for compliance.
Every proxied HTTP request — method, path, status code, latency, response size, caller IP. Rolling window for operational debugging.
Both streams are filtered by tenant_id server-side. Platform admins can scope cross-tenant views; tenant admins see only their tenant.
Passwords, API keys, session ids, and request bodies are never logged. Audit metadata is structured JSONB; request logs store transport-level fields only.
What teams should be able to achieve with this capability.
Answer compliance questions ('who promoted this user to admin?') from audit logs.
Debug a 5xx spike or a slow endpoint from request logs.
Correlate the two by timestamp + tenant_id + user_id when investigating an incident.
Public overview pages are written for evaluation and security review.
This public page intentionally avoids internal endpoint inventories, secret names, infrastructure-specific values, role identifiers, cryptographic tuning constants, and tenant-specific examples. Detailed implementation guidance belongs inside the authenticated dashboard where examples can be scoped to the signed-in tenant.