Audit Logs
Immutable audit trail of all state-changing operations in your organization.
All endpoints require admin role. Base URL: https://api.airaproof.com/api/v1
Overview
Aira automatically logs every state-changing action in your organization. Audit logs are immutable and retained for the lifetime of the organization.
What Gets Logged
| Action | Description |
|---|---|
case.executed | A case was run (models, decision) |
action.notarized | An action was notarized |
action.authorized | A human co-signed an action |
action.legal_hold | Legal hold set or released |
agent.registered | Agent registered in the registry |
agent.decommissioned | Agent decommissioned |
agent.transferred | Agent transferred to another org |
agent.version_published | New agent version published |
estate.will_set | Agent will created or updated |
estate.death_certificate | Death certificate issued |
escrow.created | Escrow account created |
escrow.deposit | Funds deposited |
escrow.release | Funds released |
escrow.dispute | Funds disputed |
evidence.package_created | Evidence package sealed |
team.member_invited | Team invitation sent |
team.member_removed | Team member removed |
team.role_changed | Member role updated |
team.ownership_transferred | Org ownership transferred |
api_key.created | API key generated |
api_key.revoked | API key revoked |
credentials.updated | Provider credentials updated |
webhook.created | Webhook endpoint registered |
webhook.deleted | Webhook endpoint deleted |
List Audit Logs
GET /api/v1/audit-logs
Authorization: Bearer <token>Requires admin role. Returns paginated audit log entries, newest first.
Query Parameters
| Parameter | Type | Description |
|---|---|---|
page | integer | Page number (default: 1) |
per_page | integer | Items per page (default: 20, max: 100) |
action | string | Filter by action type (e.g. case.executed) |
user_uuid | string | Filter by user who performed the action |
resource_type | string | Filter by resource type (e.g. case, agent, action) |
resource_id | string | Filter by specific resource ID |
from | string | ISO 8601 datetime — only entries after this time |
to | string | ISO 8601 datetime — only entries before this time |
Response
{
"data": [
{
"id": "uuid",
"action": "case.executed",
"user_uuid": "uuid",
"user_email": "alice@acme.com",
"resource_type": "case",
"resource_id": "uuid",
"details": {
"models": ["claude-sonnet-4-6", "gpt-5.4"],
"decision": "approve"
},
"ip_address": "203.0.113.42",
"created_at": "2026-03-26T10:30:00Z"
}
],
"pagination": {
"page": 1,
"per_page": 20,
"total": 1542,
"has_more": true
},
"request_id": "req_abc123"
}Entry Fields
| Field | Type | Description |
|---|---|---|
id | string | Unique log entry ID |
action | string | Action type (see table above) |
user_uuid | string | User who performed the action (null for API key auth) |
user_email | string | Email of the user |
resource_type | string | Type of affected resource |
resource_id | string | ID of affected resource |
details | object | Action-specific metadata |
ip_address | string | IP address of the request |
created_at | string | ISO 8601 timestamp |
Retention
Audit logs are retained indefinitely on cloud plans. Self-hosted operators manage their own retention via database policies.