Audit Log
Audit logs record write operations performed in aqua, providing a history of who did what and when. There are two ways to view audit logs: at the organization level and at the account level.
Availability
Section titled “Availability”| View | Available to | Plan requirement |
|---|---|---|
| Organization audit log | Members of the organization | Team or Enterprise (cloud) |
| Account activity log | The account owner | All plans |
Self-hosted instances have full access to audit logs regardless of plan.
Organization Audit Log
Section titled “Organization Audit Log”The organization audit log shows all recorded activity within the organization. Access it from the Audit Log tab on the organization detail page.
This view is available to members with the member role or higher. On the cloud-hosted version, it requires a Team or Enterprise plan. Free plan organizations see a message prompting them to upgrade.
Filtering
Section titled “Filtering”You can filter the audit log by:
- Category — Use the segment tabs at the top to show only events in a specific category (e.g., Organization, Project, QA Plan).
- User — Filter by a specific organization member to see only their actions.
Account Activity Log
Section titled “Account Activity Log”The account activity log shows all actions performed by your account, across all organizations. Access it from Settings > Activity Log in the Web UI.
This view is available to all users regardless of plan. It supports the same category filter as the organization view.
Tracked Events
Section titled “Tracked Events”Audit logs track the following events, grouped by category.
Authentication
Section titled “Authentication”| Event | Description |
|---|---|
user.registered | A new user account was created. |
user.logged_in | A user signed in. |
user.password_changed | A user changed their password. |
user.profile_updated | A user updated their display name. |
user.email_change_requested | A user requested an email address change. |
user.email_changed | A user’s email address was changed. |
user.email_verified | A user’s email was verified. |
user.account_deleted | A user account was deleted. |
api_key.created | An API key was created. |
api_key.deleted | An API key was deleted. |
oauth_connection.deleted | An OAuth connection was removed. |
email_verification.resent | A verification email was resent. |
Organization
Section titled “Organization”| Event | Description |
|---|---|
organization.created | An organization was created. |
organization.updated | An organization’s name was changed. |
organization.deleted | An organization was deleted. |
member.added | A member was added to the organization. |
member.role_changed | A member’s role was changed. |
member.removed | A member was removed from the organization. |
Project
Section titled “Project”| Event | Description |
|---|---|
project.created | A project was created. |
project.updated | A project’s settings were updated. |
project.deleted | A project was deleted. |
project.transferred | A project was moved to another organization. |
project.memory_updated | A project’s memory document was updated. |
QA Plan
Section titled “QA Plan”| Event | Description |
|---|---|
qa_plan.created | A QA plan was created. |
qa_plan.updated | A QA plan’s content was updated. |
qa_plan.status_changed | A QA plan’s status, pinned state, or archived state was changed. |
qa_plan.deleted | A QA plan was deleted. |
qa_plan_version.created | A new version of a QA plan was created. |
Execution
Section titled “Execution”| Event | Description |
|---|---|
execution.created | A QA plan execution was started. |
Common Scenario
Section titled “Common Scenario”| Event | Description |
|---|---|
common_scenario.created | A common scenario was created. |
common_scenario.updated | A common scenario was updated. |
common_scenario.deleted | A common scenario was deleted. |
Billing
Section titled “Billing”| Event | Description |
|---|---|
billing.checkout_created | A Stripe checkout session was initiated. |
subscription.updated | An organization’s subscription was changed. |
Event Details
Section titled “Event Details”Each audit log entry includes:
- Actor — The user who performed the action, or “System” for automated operations (e.g., webhook-triggered subscription changes).
- Resource — The type and ID of the affected resource.
- Source — How the action was performed:
web(Web UI),api(CLI / API key), orsystem(automated). - Timestamp — When the action occurred.
- Additional details — Context-specific information such as role changes, status transitions, or transfer destinations.
Data Retention
Section titled “Data Retention”Audit log entries are retained for 3 months. Entries older than 3 months are automatically deleted.