> ## Documentation Index
> Fetch the complete documentation index at: https://docs.emergence.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Audit Log

> View and export the audit log for your CRAFT organisation — what events are captured and how to use them for compliance.

The audit log is a tamper-evident record of significant actions taken by users and the platform within your organisation. It is available to organisation owners and admins and is scoped strictly to your organisation — you cannot see events from other organisations.

## Where to find the audit log

In the CRAFT platform, navigate to **Settings** and select **Audit Log** from the sidebar.

## What the audit log captures

The audit log records actions across the following categories:

| Category               | Examples of events captured                                                            |
| ---------------------- | -------------------------------------------------------------------------------------- |
| **User management**    | User invited, role changed, account deactivated, account reactivated                   |
| **Project management** | Project created, project deleted, member added to project, member removed from project |
| **Data connections**   | Data connection created, updated, or deleted                                           |
| **Secrets**            | Secret created, secret deleted (content is never logged)                               |
| **Authentication**     | Login, logout, failed login attempt                                                    |
| **Agent activity**     | Agent tool calls (when agent audit is enabled for a project)                           |
| **Audit settings**     | Retention period changed                                                               |

Each event record includes:

| Field         | Description                                                  |
| ------------- | ------------------------------------------------------------ |
| **Timestamp** | When the event occurred (UTC)                                |
| **Actor**     | The user or service that performed the action                |
| **Action**    | What was done (for example, `user.invite`, `project.create`) |
| **Resource**  | The specific resource that was affected                      |
| **Project**   | The project context, if applicable                           |
| **Details**   | Additional context specific to the event type                |

## Viewing and filtering the audit log

<Steps>
  <Step title="Open the Audit Log page">
    Navigate to **Settings** and select **Audit Log**.
  </Step>

  <Step title="Apply filters">
    Use the filter options to narrow down the events you want to review:

    * **Date range**: select a start and end date
    * **Actor**: filter by a specific user
    * **Action**: filter by action type (for example, show only login events)
    * **Resource type**: filter by the type of resource affected
    * **Project**: filter to events within a specific project

    Filters can be combined. For example, you can see all actions taken by a specific user within a date range.
  </Step>

  <Step title="Review events">
    The list shows matching events in reverse chronological order (newest first). Select any event to expand it and see the full details.
  </Step>
</Steps>

## Exporting the audit log

You can export audit events to a CSV file for use in compliance reports, external monitoring tools, or archiving.

<Steps>
  <Step title="Apply your filters">
    Set the date range and any other filters for the events you want to export.
  </Step>

  <Step title="Export to CSV">
    Select **Export to CSV** in the top-right area of the Audit Log page. The file will download to your browser.

    <Note>
      Exports are paginated at up to 50,000 rows per file. If your date range contains more than 50,000 events, export in smaller date ranges and combine the files.
    </Note>
  </Step>
</Steps>

## Audit log retention

By default, audit events are retained for 90 days. Organisation owners and admins can adjust the retention period under **Settings → Audit Log → Retention Settings**.

<Warning>
  Reducing the retention period will immediately delete events outside the new window. This action cannot be undone. Set a retention period that meets your compliance requirements before reducing it.
</Warning>

## Compliance use cases

The audit log is designed to support common compliance and security review scenarios:

**Access reviews:** Filter by date range to see which users had access to which resources during a specific period. Look for role change events to identify when permissions were granted or removed.

**Incident investigation:** Filter by actor and date range to reconstruct the sequence of actions taken by a specific user during an incident window.

**Data access auditing:** Filter by resource type `data_connection` and action `execute` to see which users ran queries against a specific data source.

**Offboarding verification:** After deactivating a user, search for events by their user ID to confirm their access was removed and identify any resources that may need a new owner.
