Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.emergence.ai/llms.txt

Use this file to discover all available pages before exploring further.

The audit log is a tamper-evident record of significant actions taken by users and the platform within your organisation. It is available to organisation owners and admins and is scoped strictly to your organisation — you cannot see events from other organisations.

Where to find the audit log

In the CRAFT platform, navigate to Settings and select Audit Log from the sidebar.

What the audit log captures

The audit log records actions across the following categories:
CategoryExamples of events captured
User managementUser invited, role changed, account deactivated, account reactivated
Project managementProject created, project deleted, member added to project, member removed from project
Data connectionsData connection created, updated, or deleted
SecretsSecret created, secret deleted (content is never logged)
AuthenticationLogin, logout, failed login attempt
Agent activityAgent tool calls (when agent audit is enabled for a project)
Audit settingsRetention period changed
Each event record includes:
FieldDescription
TimestampWhen the event occurred (UTC)
ActorThe user or service that performed the action
ActionWhat was done (for example, user.invite, project.create)
ResourceThe specific resource that was affected
ProjectThe project context, if applicable
DetailsAdditional context specific to the event type

Viewing and filtering the audit log

1

Open the Audit Log page

Navigate to Settings and select Audit Log.
2

Apply filters

Use the filter options to narrow down the events you want to review:
  • Date range: select a start and end date
  • Actor: filter by a specific user
  • Action: filter by action type (for example, show only login events)
  • Resource type: filter by the type of resource affected
  • Project: filter to events within a specific project
Filters can be combined. For example, you can see all actions taken by a specific user within a date range.
3

Review events

The list shows matching events in reverse chronological order (newest first). Select any event to expand it and see the full details.

Exporting the audit log

You can export audit events to a CSV file for use in compliance reports, external monitoring tools, or archiving.
1

Apply your filters

Set the date range and any other filters for the events you want to export.
2

Export to CSV

Select Export to CSV in the top-right area of the Audit Log page. The file will download to your browser.
Exports are paginated at up to 50,000 rows per file. If your date range contains more than 50,000 events, export in smaller date ranges and combine the files.

Audit log retention

By default, audit events are retained for 90 days. Organisation owners and admins can adjust the retention period under Settings → Audit Log → Retention Settings.
Reducing the retention period will immediately delete events outside the new window. This action cannot be undone. Set a retention period that meets your compliance requirements before reducing it.

Compliance use cases

The audit log is designed to support common compliance and security review scenarios: Access reviews: Filter by date range to see which users had access to which resources during a specific period. Look for role change events to identify when permissions were granted or removed. Incident investigation: Filter by actor and date range to reconstruct the sequence of actions taken by a specific user during an incident window. Data access auditing: Filter by resource type data_connection and action execute to see which users ran queries against a specific data source. Offboarding verification: After deactivating a user, search for events by their user ID to confirm their access was removed and identify any resources that may need a new owner.