TrueFoundry provides comprehensive audit logging that tracks all activities performed on the platform. Audit logs help you monitor user actions, track changes to resources, maintain compliance, and troubleshoot issues by providing a complete history of platform activities. These logs are scoped to TrueFoundry platform activity and do not replace infrastructure-level audit logs from Kubernetes, AWS, or other cloud providers.
You can find the audit logs in the Platform > Access > Audit Logs section of the TrueFoundry dashboard.
Audit logs capture detailed information about actions performed on the TrueFoundry platform, including:
- User actions - Who performed what action and when
- Resource changes - Creation, updates, and deletions of deployments, workspaces, integrations, and more
- API activity - All API calls made to the platform
- System actions - Automated actions performed by Autopilot and other system components
Tenant Admins can view audit logs for all users and resources. Other users can view audit logs for their own actions on resources they have access to.
- ACTION - The type of action performed (e.g., “Apply Provider Integration”, “Create Deployment”)
- RESOURCE - The resource that was affected, including its name and type
- API ROUTE - The API endpoint that was called
- USER - The user or system component that performed the action
- TIMESTAMP - When the action occurred (displayed as relative time, e.g., “8m ago”, “16m ago”)
- MESSAGE - A brief summary of the action, highlighting what changed
You can also view the details of each activity by clicking on the activity in the timeline. If the action changed a resource, the details view shows a diff view; otherwise, the standard details view is available for inspecting the full metadata.
Resource-level activity logs
Audit logs are also available from individual resource pages. This helps you review the activity history for a specific entity, such as a model, policy, guardrail, setting, user, or other supported resource.
For resource-level audit logs:
- Tenant Admins can view all audit logs related to the selected resource, including actions performed by other users.
- Users who are not Tenant Admins can view only their own actions for that resource.
- When an action changes a YAML configuration, Audit log shows the diff between the previous YAML and the current YAML.
- Each log entry includes a short summary of the change made by that action.
Exporting Audit Logs
The audit logs are printed in application logs in the following format:
time="2025-11-24 08:35:39" level=info context=AuditLogInterceptor module=ProviderAccountController tenant=truefoundry user=user:abc@example.com path=/v1/provider-accounts action=APPLY_PROVIDER_INTEGRATION resourceType=provider-integration resourceId=cmi8vpe170ib701rehy456uq0 resourceFqn=truefoundry:aws-bedrock:harshil-test-21-nov:model:anthropic-claude-3-haiku-20240307-v1-0 resourceName=anthropic-claude-3-haiku-20240307-v1-0 metaData="{\"providerAccountFqn\":\"truefoundry:aws-bedrock:harshil-test-21-nov\",\"manifest\":{\"cost\":{\"metric\":\"public_cost\"},\"name\":\"anthropic-claude-3-haiku-20240307-v1-0\",\"type\":\"integration/model/bedrock\",\"region\":\"us-east-2\",\"model_id\":\"anthropic.claude-3-haiku-20240307-v1:0\",\"model_types\":[\"chat\"]}}" trace_id=4e488dc171953c90073c92717f5e1813 span_id=dc4895726fbb0e4e trace_flags=01
context=AuditLogInterceptor.
API Access
For programmatic access to audit logs, you can use the TrueFoundry API. Refer to the API Reference for detailed endpoint documentation.
Access to audit logs via API requires appropriate permissions. Ensure your API keys or authentication tokens have the necessary access rights.
