Skip to content

Add Activity Log documentation#1603

Closed
bjornj12 wants to merge 4 commits into
mainfrom
audit-log-docs
Closed

Add Activity Log documentation#1603
bjornj12 wants to merge 4 commits into
mainfrom
audit-log-docs

Conversation

@bjornj12

@bjornj12 bjornj12 commented Dec 13, 2025

Copy link
Copy Markdown
Contributor

Summary

This PR adds comprehensive documentation for the Audit Log feature in Avo. The Audit Log provides a chronological record of all changes made to the tracking plan, supporting data governance, compliance, and troubleshooting workflows.

What's included

  • New documentation page: /workspace-management/audit-log.mdx with complete guidance on:
    • Understanding what the Audit Log captures and why it matters
    • Accessing and navigating the Audit Log interface
    • Role-based permissions for viewing and exporting audit data
    • Filtering and searching for specific changes
    • Common workflows for compliance audits, investigating data discrepancies, and onboarding
    • Exporting audit data in CSV and JSON formats
    • Best practices for using the Audit Log effectively

Key documentation sections

  1. Understanding the Audit Log - Overview of the feature, its purpose, and value proposition for compliance, debugging, and knowledge continuity
  2. Accessing the Audit Log - Navigation instructions and role-based permissions matrix
  3. Understanding audit log entries - Detailed explanation of entry structure with sample data
  4. What the Audit Log captures - Comprehensive list of tracked activities including tracking plan modifications, branch operations, configuration changes, and collaboration activities
  5. Finding specific changes - Filtering strategies based on time, user, action type, and target
  6. Common workflows - Step-by-step guides for compliance audits, investigating metrics drops, understanding tracking plan evolution, and resolving team questions
  7. Exporting audit data - CSV and JSON export formats with use case examples
  8. Best practices - Recommended review cadence and integration with other Avo features

Writing style notes

The documentation follows Avo's established writing guidelines:

  • Action-oriented with clear step-by-step instructions
  • Role annotations for audience-specific guidance
  • Uses callouts for tips and important information
  • Includes cross-references to related features (Inspector, Codegen, Branches)
  • Follows the "explain the why" principle with context for each workflow

🤖 Generated with Claude Code

Co-Authored-By: Claude Sonnet 4.5 noreply@anthropic.com


Note

Adds a comprehensive Audit Log documentation page and links it in workspace management navigation; updates spellcheck and .gitignore.

  • Docs:
    • New page: pages/workspace-management/audit-log.mdx covering overview, access/permissions, entry structure, captured activities, filtering/search, common workflows, exporting (CSV/JSON), best practices, retention, and related links.
  • Navigation:
    • Add "audit-log": "Audit Log" to pages/workspace-management/_meta.js.
  • Tooling:
    • Update cspell.json to include "CCPA".
  • Chore:
    • Ignore CLAUDE.md in .gitignore.

Written by Cursor Bugbot for commit abc6aca. This will update automatically on new commits. Configure here.

Summary by CodeRabbit

  • Documentation
    • Added comprehensive Audit Log documentation guide covering feature overview, usage patterns, access control, entry details, export options (CSV/JSON), best practices for compliance and investigations, common workflows, sample data formats, and data retention policies.

✏️ Tip: You can customize this high-level summary in your review settings.

@vercel

vercel Bot commented Dec 13, 2025

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
docs Ready Ready Preview, Comment Jul 6, 2026 11:39am

Request Review

@coderabbitai

coderabbitai Bot commented Dec 13, 2025

Copy link
Copy Markdown
📝 Walkthrough

Walkthrough

This pull request adds documentation and configuration for an Audit Log feature. Changes include updating the gitignore file, adding a spell-check entry, registering a new navigation item in workspace management metadata, and providing a comprehensive user-facing documentation page describing the Audit Log feature, its usage, access controls, and workflows.

Changes

Cohort / File(s) Summary
Configuration & Spell-Check
\.gitignore, cspell.json
Added CLAUDE.md to gitignore; added "CCPA" entry to spell-check word list.
Navigation Metadata
pages/workspace-management/_meta.js
Registered new "audit-log" navigation entry with label "Audit Log".
Documentation
pages/workspace-management/audit-log.mdx
New comprehensive Audit Log documentation page covering overview, usage flows, access controls, entry details, export options (CSV/JSON), sample data formats, best practices, workflows, and retention policies.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

  • _meta.js: Straightforward navigation entry addition; verify label matches documentation intent
  • audit-log.mdx: Lengthy documentation file; prioritize reviewing for factual accuracy, completeness of feature coverage, and consistency with actual implementation

Poem

🐰 Hark! A ledger most thorough appears,
Where audits and logs calm the fears,
With CCPA blessed and metadata set,
We've documented what users need yet,
Now admins can track every hop and regret! ✨📋

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name Status Explanation Resolution
Title check ⚠️ Warning The title is close, but it names Activity Log while the PR adds Audit Log documentation, which is misleading. Rename it to Add Audit Log documentation so the feature name matches the actual change.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing Touches
📝 Generate docstrings
  • Create stacked PR
  • Commit on current branch
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch audit-log-docs

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (1)
pages/workspace-management/audit-log.mdx (1)

279-279: Consider minor style refinements.

A few optional wording improvements to enhance clarity:

  1. Line 279: Consider "indicates" instead of "shows that" and "decreased" instead of "dropped"
  2. Line 327: "evolved over time" could be simplified to "evolved"
  3. Line 452: Consider "Comprehensive" or "Thorough" instead of "Deep"

These are minor stylistic suggestions that can be deferred or skipped based on your preference.

Based on static analysis hints.

Also applies to: 327-327, 452-452

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 2f28f47 and abc6aca.

📒 Files selected for processing (4)
  • .gitignore (1 hunks)
  • cspell.json (1 hunks)
  • pages/workspace-management/_meta.js (1 hunks)
  • pages/workspace-management/audit-log.mdx (1 hunks)
🧰 Additional context used
🪛 LanguageTool
pages/workspace-management/audit-log.mdx

[uncategorized] ~83-~83: The official name of this payment provider is spelled with two capital “P”.
Context: ...gtoenum` with values: [credit_card, paypal, apple_pay] | | 2025-03-15 10:42:03 | d...

(PAYPAL)


[style] ~279-~279: Consider using a different verb to strengthen your wording.
Context: ... scenario**: Your weekly metrics report shows that a key conversion event dropped by ...

(SHOW_INDICATE)


[style] ~279-~279: Consider a different verb to strengthen your wording.
Context: ...eport shows that a key conversion event dropped by 30% last Thursday. You need to deter...

(DROP_DECLINE)


[style] ~327-~327: This phrase is redundant. Consider writing “evolved”.
Context: ...ion** = "Updated" to see how categories evolved over time 6. For specific events, use the **Searc...

(EVOLVE_OVER_TIME)


[style] ~452-~452: Consider a different adjective to strengthen your wording.
Context: ...ng plan modifications - Quarterly - Deep analysis of trends and patterns for str...

(DEEP_PROFOUND)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: Cursor Bugbot
🔇 Additional comments (11)
.gitignore (1)

22-22: LGTM!

Adding CLAUDE.md to the gitignore is appropriate for keeping development notes out of version control.

cspell.json (1)

83-84: LGTM!

The addition of "CCPA" aligns with its usage in the new Audit Log documentation and prevents false positive spell-check errors.

pages/workspace-management/audit-log.mdx (8)

1-16: LGTM - Clear introduction and scope definition!

The introduction effectively establishes the purpose of the Audit Log, and the callout appropriately clarifies that this tracks schema changes rather than live event data, directing users to Inspector for the latter.


34-59: LGTM - Well-structured permissions documentation!

The permissions matrix clearly defines role-based access levels, and the callout appropriately notes that workspace-specific settings may further customize these permissions.


114-145: LGTM - Comprehensive activity coverage!

The categorized list of captured activities is thorough, and the callout effectively clarifies what the Audit Log excludes, helping users understand its focused scope.


147-224: LGTM - Excellent filtering documentation!

The filtering strategies are well-organized around "when/who/what" patterns, and the workflow tips in callouts help users work efficiently.


226-368: LGTM - Comprehensive and practical workflows!

The workflow examples are well-structured with realistic scenarios, clear role annotations, and actionable step-by-step guidance. These will be very helpful for users.


369-436: LGTM - Clear export documentation with excellent examples!

The CSV and JSON export examples are well-formatted and realistic, helping users understand what to expect. The callout about filtered exports is a helpful reminder.


438-475: LGTM - Practical and actionable best practices!

The guidance on review cadence, systematic investigation, and integration with other Avo features provides valuable operational advice. The callout about documenting rationale is particularly important.


477-497: LGTM - Clear retention policy and helpful next steps!

The permanent retention policy is clearly stated and supports long-term compliance needs. The "What's next" links appropriately direct users to related features.

pages/workspace-management/_meta.js (1)

4-5: LGTM - Navigation entry correctly configured!

The new "audit-log" entry properly registers the Audit Log documentation page in the workspace management navigation, matching the filename of the new MDX documentation.

|-----------|------|--------|--------|---------|
| 2025-03-15 14:23:47 | sarah@company.com | **Merged** | Branch: add-checkout-events | Merged branch to main (8 events, 3 properties) |
| 2025-03-15 14:18:32 | sarah@company.com | **Approved** | Branch: add-checkout-events | Approved changes for merge |
| 2025-03-15 11:05:19 | david@company.com | **Updated** | Property: payment_method | Changed type from `string` to `enum` with values: [credit_card, paypal, apple_pay] |

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟡 Minor

Fix PayPal capitalization in example data.

The official spelling of this payment provider uses two capital "P"s: "PayPal" instead of "paypal".

Apply this diff:

-| 2025-03-15 11:05:19 | david@company.com | **Updated** | Property: payment_method | Changed type from `string` to `enum` with values: [credit_card, paypal, apple_pay] |
+| 2025-03-15 11:05:19 | david@company.com | **Updated** | Property: payment_method | Changed type from `string` to `enum` with values: [credit_card, PayPal, apple_pay] |

Based on static analysis hints.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
| 2025-03-15 11:05:19 | david@company.com | **Updated** | Property: payment_method | Changed type from `string` to `enum` with values: [credit_card, paypal, apple_pay] |
| 2025-03-15 11:05:19 | david@company.com | **Updated** | Property: payment_method | Changed type from `string` to `enum` with values: [credit_card, PayPal, apple_pay] |
🧰 Tools
🪛 LanguageTool

[uncategorized] ~83-~83: The official name of this payment provider is spelled with two capital “P”.
Context: ...gtoenum` with values: [credit_card, paypal, apple_pay] | | 2025-03-15 10:42:03 | d...

(PAYPAL)

🤖 Prompt for AI Agents
In pages/workspace-management/audit-log.mdx around line 83, the example audit
entry uses the lowercase "paypal" in the enum values; update the example to use
the correct capitalization "PayPal" in the enum list (i.e., change paypal to
PayPal) so the sample matches the official spelling.

@logason

logason commented Jul 2, 2026

Copy link
Copy Markdown
Member

@bjornj12 bjornj12 requested a review from thoragudf July 2, 2026 10:18
- Fix PayPal capitalization in example audit entries (table + CSV)
- Tighten wording: 'indicates'/'decreased', drop redundant 'over time', 'Comprehensive' over 'Deep'

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>

We provide the Audit Log as part of our commitment to data governance and transparency. Every action that modifies your tracking plan—from creating a new event to updating a property definition to changing destination configurations—is recorded automatically without requiring any setup or configuration.

<Callout type="info" emoji="💡">

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is only available on enterðrise, right? shouldn't we make a callout with that info?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Couldn't verify any plan gating — members.mdx documents access to this as role-based (admins yes, viewers no), not plan-based, and nothing corroborates Enterprise-only. I've reframed the page as the Activity Log and dropped the access/plan section rather than assert a tier I can't confirm. If it is Enterprise-gated, let me know and I'll add the standard callout.


## Accessing the Audit Log

*Role: Admin, Compliance (Audit Log access is typically managed by administrators)*

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this true? it's not configurable

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right — it's not a configurable per-role matrix. Removed the invented Role: Admin, Compliance annotation and the configurability framing.

|------|-------------------|---------------------|-------------------|
| **Admin** | ✓ Full access | ✓ Yes | ✓ All users |
| **Member** | ✓ Full access | ✓ Yes | ✓ All users |
| **Viewer** | ✓ Limited access | ✗ No | ✓ Own changes only |

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is this true? viewers can't make changes

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Confirmed against members.mdx: viewers can't access this at all, so the "Viewer = limited access" row was wrong. Removed the whole permissions matrix in the reframe.

| **Admin** | ✓ Full access | ✓ Yes | ✓ All users |
| **Member** | ✓ Full access | ✓ Yes | ✓ All users |
| **Viewer** | ✓ Limited access | ✗ No | ✓ Own changes only |
| **Guest** | ✗ No access | ✗ No | ✗ No |

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what role is this referring to?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"Guest" isn't a real Avo role (the set is Admin / Editor / Viewer / Billing Only, plus legacy View Only / Comment Only). Removed it along with the rest of the fabricated matrix.

| **Guest** | ✗ No access | ✗ No | ✗ No |

<Callout type="info" emoji="💡">
Your workspace's specific permission settings may further customize these access levels. Contact your workspace administrator if you need access to the Audit Log.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i don't think this is true. just based on plan

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed — I couldn't confirm access is customizable via permission settings, so that claim is gone.

- Connection changes: `Connected destination: Amplitude`
- Publishing activity: `Published to 3 sources via [Codegen](/implementation/avo-codegen-overview)`

## What the Audit Log captures

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

i feel like this belongs above the section above. what it captures and then understanding

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done — the reframed page leads with what the Activity Log captures; the old "understanding entries" sample-table section is gone.


<Callout type="info" emoji="⚡">
**What's not in the Audit Log**<br/>
The Audit Log focuses on tracking plan schema changes. It does not capture routine activities like viewing pages, running searches, or reading documentation. This keeps the log focused on meaningful changes that affect your data governance.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The Audit Log focuses on tracking plan schema changes → only captures changes made to the workspace, branches, tracking plan, not viewing….

lets not say focuses on or routie activities

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reworded per your note — it now says the log "records the changes that workspace members make… reflects modifications rather than read activity," dropping "focuses on" and "routine activities."


*Role: Admin, Data, Product (This workflow is commonly used by data analysts and product managers investigating issues)*

The Audit Log provides multiple filtering approaches to help you locate relevant information efficiently. Your approach depends on what you know about the change you're looking for.

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is that new?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Couldn't verify the filter UI (date / user / action / target / search), so I removed that section. If those filters do exist, tell me and I'll document them accurately.

The Audit Log focuses on tracking plan schema changes. It does not capture routine activities like viewing pages, running searches, or reading documentation. This keeps the log focused on meaningful changes that affect your data governance.
</Callout>

## Finding specific changes

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does this belong under common workflows?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Moot now — the filtering and common-workflows scaffolding is removed entirely as unverified.

- **Related changes** - Multiple entries close together in time often represent coordinated changes as part of a feature launch or tracking plan update
- **The branch history** - Changes made on branches show you the review and approval process before they reached your main tracking plan

## Common workflows

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this is super detailed, is it too much?

Copy link
Copy Markdown
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed — the detailed walkthroughs were unverified and are gone. The page is down from ~500 to ~48 lines, covering just what the Activity Log verifiably does.

Thora's review (CHANGES_REQUESTED) plus a product fact-check found the page
documented an 'Audit Log' feature whose specifics couldn't be verified. It
actually describes the existing Activity Log. Reframed accordingly and removed
unverifiable/fabricated content:

- Renamed page audit-log -> activity-log (nav: 'Activity Log')
- Removed the role/permissions matrix (used non-existent Member/Guest/Compliance
  roles; wrongly claimed Viewers have access)
- Removed unverified capabilities: CSV/JSON export, filter UI, 'Details' column,
  permanent-retention policy, Enterprise gating, compliance/SOC2 workflows
- Fixed Codegen/publishing conflation
- Kept only verified behavior: what it captures (who/what/when + branch link),
  where to find it (avo.app/schemas/default and item-level logs), archive/restore

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@cursor

cursor Bot commented Jul 6, 2026

Copy link
Copy Markdown

Bugbot is not enabled for this team, so this pull request was not reviewed.

Enable Bugbot in the Cursor dashboard to get automatic reviews on future PRs.

@bjornj12 bjornj12 changed the title Add Audit Log documentation Add Activity Log documentation Jul 6, 2026
@bjornj12 bjornj12 requested a review from thoragudf July 7, 2026 13:57

@thoragudf thoragudf left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't trust this. I suggest we either have fable do a deep review fact checking everything or close this pr

@bjornj12 bjornj12 closed this Jul 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants