Skip to content
feat.so feat.so

Audit log

The audit log records every change made to flags, segments, environments, roles, API keys, and members. It is always on. The log is scoped per project; an organization-level log shows changes to members, roles, and the organization itself.

What gets logged

Section titled “What gets logged”

Every mutation is recorded with:

  • Who made the change (member, API key, or system for automated actions).
  • What changed: the resource type, its ID, and a structured diff of old and new values.
  • When the change happened.
  • A comment, if the environment requires one or the actor provided one voluntarily.
  • A request ID, shared by every change made in the same API request, so a single Save in the dashboard groups together as one entry.

The log includes creates, updates, deletes, archives, restores, and approvals.

Reading the log

Section titled “Reading the log”

In the dashboard the log shows one row per (request ID, parent resource). Expand a row to see the underlying changes. Filter by:

  • Date range.
  • Actor.
  • Resource type.

A change made through the API shows the API key that signed the request rather than a user.

Required comments

Section titled “Required comments”

Each environment carries a require comments toggle. When on, every flag and segment edit must include a free-text reason; the audit log entry stores it. Use this for production environments where you want to enforce “why did you change this” alongside “what changed.”

The setting is per environment; staging can be loose while production is strict.

Retention

Section titled “Retention”

The audit log is retained for the lifetime of the project. There is no automatic pruning. Archive a flag or environment instead of deleting it if you want to keep the log lines pointing at it readable.

Common uses

Section titled “Common uses”
  • Post-incident review. “What changed in the hour before the incident?” Filter by date and actor.
  • Compliance. Export the log via the API for an audit period.
  • Accountability. Who turned off the kill switch and why? The comment, the actor, and the previous state are all there.

What is not in the audit log

Section titled “What is not in the audit log”
  • Individual flag evaluations. The SDK evaluates locally and does not report contexts back to feat. If you need per-evaluation analytics, pipe client.on("change") events or your own logs to your analytics tool.
  • Customer-facing dashboard browsing (read activity).
Section titled “Related”