Activity
The Activity page is a chronological audit trail of who did what inside your customer. It sits next to the Audit page in the Super Admin section of the sidebar and is visible only to the Customer Super Admin.
What gets logged
Every entry captures who (user_id), which customer (customer_id), what happened (event_type), a short human-readable description, and a small JSON metadata blob with structured details. No prompt content, no record bodies, no PII — only the fact that an event occurred plus the identifiers needed to cross-reference it.
The platform records the following event types:
| Event type | When it fires |
|---|---|
role.add | A new role is created via the Roles page. |
role.delete | A role is deleted directly (no users assigned). |
role.reassign_and_delete | A role’s users are moved to another role and the source is deleted. Metadata records the source, target, and number of users moved. |
user.add | A new user is created. Metadata records the new user id and assigned role. |
user.delete | A user is deleted. Description includes the user’s name and email. |
user.role_change | A user’s role assignment changes via the user edit form. Only fires when the role actually differs — name/email-only edits don’t generate noise. |
project.add | A new project is created. |
project.edit | A project is updated. |
dataset.add | A new import batch (dataset) is created. |
module.built | A module’s import workflow completes successfully. Metadata records the file and row counts. |
semantic.build | A semantic-dataset build is queued from the project tree. |
semantic.delete | A semantic dataset is removed. |
prompt.create | A user submits a prompt to RebelCore™ Agent. Only the fact that a prompt happened is recorded — no prompt text, no agent response. Metadata records the session id and the number of selected datasets. The correlation_id ties the entry back to the inference workflow shown on the Audit page. |
curate_leak_scrubbed | The agent’s leak scanner caught the language model attempting to quote a specific row value, identifier, or aggregate that the project’s LLM exposure level doesn’t permit, and replaced the answer with a clean fallback. Metadata records the active exposure level (limited / advisory) and the kind of leak detected (row_token / value_token / aggregate_token). A spike in this event for a particular user is worth investigating — it means the model is repeatedly trying to say something it shouldn’t. |
prompt.refused_by_exposure | Reserved. Legacy event type that’s wired into the dashboard but currently never emitted — the workflow now lets the curate step refuse-with-summary instead of short-circuiting. Kept in the schema in case a stricter pre-flight refusal is reintroduced later. |
How writes work
Activity logs are fire-and-forget:
- Each event is scheduled as a FastAPI background task that runs after the response is sent, so the user never waits on logging.
- The background task opens its own short-lived database session, writes one row, and closes — a logging failure cannot poison the originating transaction or cascade into a failed user-facing operation.
- Errors are swallowed and surfaced to the worker log only; the user-facing operation is unaffected.
The same fire-and-forget helper is used inside Temporal activities (for module.built) and from API routes (for everything else).
Reading the page
Picking a user
The Users panel on the left lists every user in your customer (plus the Customer Super Admin). Search by name or email; click a row to load that user’s activity in the right panel.
Date range and 30-day cap
Above the activity table you’ll see a date range with From and To pickers, defaulted to the last 30 days. The page is hard-capped to a 30-day window — the server will silently clamp any wider range you type. A small italic note under the headline reminds you of this:
This view is capped at the last 30 days. Use the download button to export complete activity for a user.
This keeps the in-browser view fast even on busy customers where prompt.create is the dominant event.
Browsing entries
Each row shows:
- When — local time of the event.
- Event — a friendly badge (e.g. Role added, User prompted the agent).
- Description — the same one-liner that’s stored in the database.
Click any row to expand it inline; you’ll see a pretty-printed JSON blob of the row’s metadata. That’s where the structured detail lives — for example, a role.reassign_and_delete entry’s metadata records the source role id, the target role id, and the number of users moved.
The page paginates 50 entries at a time. Use Previous / Next under the table to walk through the window.
Downloading the full history (CSV)
Once a user is selected, the button at the top of the right panel reads Download full activity (CSV). Clicking it streams the entire history for that user — bypassing the 30-day cap — as a CSV file named like activity-user42-2026-05-08.csv.
The file has these columns:
| Column | Description |
|---|---|
timestamp_utc | ISO 8601 timestamp in UTC. |
event_type | The raw event type (e.g. role.add). |
description | The human-readable summary stored on the row. |
customer_id | The customer the event was scoped to. |
user_id | The acting user (or empty for system-driven events like module.built). |
correlation_id | The inference workflow id for prompt.create events; otherwise empty. |
metadata_json | The raw JSON metadata blob, useful for spreadsheets and downstream parsing. |
The export endpoint streams rows in batches of 500 to keep memory flat regardless of how much history is being pulled.
API surface
| Method | Path | Notes |
|---|---|---|
GET | /api/v1/audit/activity | Paged read. Server clamps from/to to a 30-day window. limit capped at 200, default 100. Super-admin only. |
GET | /api/v1/audit/activity/export.csv | Full-history CSV stream for one user. No date clamp. Super-admin only. |
Both endpoints scope automatically to the calling principal’s customer_id. Cross-customer reads are not supported.
Where to go next
- Audit — drill into a single inference workflow’s MCP call tree.
- Managing users — the source of
user.add/user.delete/user.role_changeevents. - Roles & permissions — the source of
role.*events, including the migrate-then-delete flow.