Tracking mutations and administrative actions across the system.
Overview
Audit logging records every mutation (create, update, delete) and administrative action performed in Strait. This feature provides a comprehensive trail of activity for security, compliance, and troubleshooting. Audit logging is enabled by default.
What Gets Logged
Every API mutation records the actor identity, action type, resource type and ID, timestamp, and relevant metadata. This ensures that any change to the system state can be traced back to its source.
Common examples of logged events include:
- Job created or updated
- Run triggered or cancelled
- Role assigned to a user
- API key rotated
- Webhook subscription created
Actor Identity
Strait captures created_by and updated_by fields on core resources to maintain a clear chain of custody. The actor identity is derived from the authentication context:
- Users: Identity from JWT or OIDC claims when actions are performed via the dashboard or CLI.
- Service Accounts: Identity from the API key used for the request.
- Internal: The internal secret for service-to-service calls or system-initiated actions.
Event Format
Audit events are structured to provide consistent information across different types of actions.
| Field | Type | Description |
|---|---|---|
action | string | The specific action performed (e.g., "job.created"). |
resource_type | string | The type of resource affected (e.g., "job", "run"). |
resource_id | string | The unique identifier of the affected resource. |
actor | string | The identity of the entity that performed the action. |
project_id | string | The project where the action occurred. |
metadata | json | Additional context or parameters related to the action. |
timestamp | time | The date and time when the event was recorded. |
Configuration
No additional configuration is required to start capturing events.
Events are stored in the primary database for persistence and are also emitted to the internal event system, allowing for real-time monitoring or integration with external logging providers.