Audit logs provide an immutable record of every significant action taken in your Raven organization. They track who did what, when, and to which resource — giving you full visibility for security reviews, compliance audits, and incident investigation.
What Gets Logged
Every create, update, and delete operation across your organization is automatically recorded.
| Action | Description |
|---|
create | A new resource was created (provider, key, guardrail, etc.) |
update | An existing resource was modified |
delete | A resource was removed |
enable | A resource was enabled |
disable | A resource was disabled |
rotate | A virtual key was rotated |
invite | A member was invited to the organization |
revoke | A key or agent identity was revoked |
Actor Tracking
Every audit log entry records the actor who performed the action:
- Actor ID — The authenticated user who initiated the action
- Timestamp — When the action occurred (with timezone)
- Organization — Which organization the action belongs to
- Metadata — Additional context about the change (old/new values, request details)
If a user is deleted, the audit log retains the entry with a null actor reference, preserving the historical record without the personal identifier.
Resource Types
Audit logs cover every resource type in Raven.
| Resource Type | Examples |
|---|
provider | Added OpenAI provider, disabled Anthropic |
virtual_key | Created new key, rotated key, set rate limit |
guardrail | Created PII detection rule, updated priority |
budget | Set monthly budget, updated alert threshold |
webhook | Registered webhook endpoint, disabled webhook |
routing_rule | Created cost-optimized routing, updated fallback |
team | Created team, added member |
organization | Updated org settings |
member | Invited member, changed role |
Viewing Audit Logs
Dashboard
Navigate to Admin > Audit Logs in the dashboard to browse the audit trail. You can filter by:
- Resource type — View only provider changes, key operations, etc.
- Action — Filter to just creates, updates, or deletes
- Actor — See all actions by a specific team member
- Date range — Focus on a specific time period
Audit Log Entry Structure
Each audit log entry contains:
{
"id": "clx1abc2def",
"action": "create",
"resourceType": "guardrail",
"resourceId": "clx2ghi3jkl",
"actorId": "user_abc123",
"metadata": {
"name": "Block PII",
"type": "pii_detection",
"action": "block"
},
"organizationId": "org_xyz789",
"createdAt": "2026-03-15T10:30:00Z"
}
Indexing
Audit logs are indexed for fast querying on four dimensions:
| Index | Use Case |
|---|
| Organization + Created At | Browse recent logs for an org |
| Organization + Action | Filter by action type |
| Organization + Resource Type | Filter by resource category |
| Actor ID | Find all actions by a specific user |
Exporting
Audit logs can be exported for external analysis or long-term archival:
- JSON export — Download the full audit trail as a JSON file
- CSV export — Export to CSV for spreadsheet analysis
- API pagination — Programmatically iterate through all records using cursor-based pagination
Audit logs are append-only and immutable. Once an entry is created, it cannot be modified or deleted — even by organization admins.
