Audit Logs
The Audit Logs page (/audit-logs) provides an append-only record of every mutating action performed within your workspace. Use it for compliance reviews, debugging unexpected changes, and access monitoring.
What is logged
Every API route that creates, updates, or deletes a resource writes an audit entry. Logged actions include:
- Test case creation, update, deletion
- Test run creation, completion, deletion
- Test result updates (including bug linking and retest flags)
- Project and module changes
- Settings changes (AI config, integrations, webhooks)
- User invites and role changes
- API token creation and revocation
- Webhook subscription changes
Audit entry fields
| Field | Description |
|---|---|
| Action | What happened (e.g., CREATE, UPDATE, DELETE) |
| Resource type | What was affected (e.g., TestCase, TestRun, User) |
| Resource ID | Identifier of the affected record |
| User | Email of the user who performed the action |
| IP address | Source IP of the request |
| Timestamp | UTC time of the action |
| Metadata | Additional context (e.g., previous and new values) |
Filtering
Filter the log by:
- Action —
CREATE,UPDATE,DELETE - Resource type —
TestCase,TestRun,Project,User, etc. - Date range — From / to date picker
- User — Filter to a specific user's actions
Export to CSV
Click Export CSV to download the filtered log as a comma-separated file. Useful for compliance audits or external reporting.
GET /api/audit-logs?format=csv&action=DELETE&resourceType=TestCase
Data retention
Audit logs are retained indefinitely on both cloud and self-hosted installations. There is no automatic pruning — they are append-only by design.
SUPER_ADMIN access
Platform administrators (SUPER_ADMIN role) can view audit logs across all tenants via the /api/admin/audit-logs endpoint. Tenant-scoped users can only see their own workspace's logs.