Aıon

Documentation

Audit Types

Security audit log types

AuditLogEntry

A single audit log entry

@dataclass(frozen=True)
class AuditLogEntry:
    id: str
    event_type: str                    # See AuditEventType enum
    event_timestamp: Optional[datetime]
    severity: str                      # "info" | "warning" | "error" | "critical"
    action: str                        # Human-readable action description
    result: str                        # "success" | "failure" | "denied"
    user_id: Optional[str]
    api_key_id: Optional[str]
    ip_address: Optional[str]
    resource_type: Optional[str]       # Type of resource affected
    resource_id: Optional[str]         # ID of resource affected
    error_message: Optional[str]
    metadata: Optional[dict[str, Any]] # Additional event data


    # Properties for enum conversion
    @property
    def event_type_enum(self) -> Optional[AuditEventType]: ...
    @property
    def severity_enum(self) -> AuditSeverity: ...
    @property
    def result_enum(self) -> AuditResult: ...

AuditLogList

Paginated list of audit log entries

@dataclass(frozen=True)
class AuditLogList:
    entries: list[AuditLogEntry]
    total_count: int
    has_more: bool

AuditEventType (Enum)

Types of auditable events

class AuditEventType(str, Enum):
    # Authentication events
    AUTH_LOGIN = "auth.login"
    AUTH_LOGOUT = "auth.logout"
    AUTH_LOGIN_FAILED = "auth.login_failed"
    AUTH_TOKEN_REFRESH = "auth.token_refresh"
    AUTH_EMAIL_VERIFIED = "auth.email_verified"
    AUTH_PASSWORD_CHANGED = "auth.password_changed"
    AUTH_OAUTH_LOGIN = "auth.oauth_login"


    # Authorization events
    PERMISSION_DENIED = "permission.denied"
    PERMISSION_GRANTED = "permission.granted"
    ROLE_CHANGED = "role.changed"


    # API key events
    API_KEY_CREATED = "api_key.created"
    API_KEY_DELETED = "api_key.deleted"
    API_KEY_USED = "api_key.used"
    API_KEY_FAILED = "api_key.failed"


    # Tenant events
    TENANT_CREATED = "tenant.created"
    TENANT_UPDATED = "tenant.updated"
    TENANT_MEMBER_ADDED = "tenant.member_added"
    TENANT_MEMBER_REMOVED = "tenant.member_removed"
    TENANT_MEMBER_ROLE_CHANGED = "tenant.member_role_changed"


    # Rule events
    RULE_SET_CREATED = "rule_set.created"
    RULE_SET_UPDATED = "rule_set.updated"
    RULE_SET_DELETED = "rule_set.deleted"
    RULE_SET_SHARED = "rule_set.shared"
    RULE_SET_SHARE_REVOKED = "rule_set.share_revoked"


    # Security events
    SECURITY_RATE_LIMIT_EXCEEDED = "security.rate_limit_exceeded"
    SECURITY_INVALID_TOKEN = "security.invalid_token"
    SECURITY_SUSPICIOUS_ACTIVITY = "security.suspicious_activity"

AuditSeverity (Enum)

Audit log severity levels

class AuditSeverity(str, Enum):
    INFO = "info"         # Normal operations
    WARNING = "warning"   # Potential issues
    ERROR = "error"       # Failed operations
    CRITICAL = "critical" # Security incidents

AuditResult (Enum)

Audit log result values

class AuditResult(str, Enum):
    SUCCESS = "success"   # Operation succeeded
    FAILURE = "failure"   # Operation failed
    DENIED = "denied"     # Permission denied

Related

Audit Resource

Methods for querying audit logs

Tenant Types

TenantSettings, TenantMember