ReferenceStructures
AuditLogRecord
The audit log entry object returned by GET /api/v1/audit-logs.
AuditLogRecord represents a single immutable audit event recorded by the hzel control plane. Audit logs are append-only — entries are never modified after creation.
Fields
| Field | Type | Description |
|---|---|---|
id | string (UUID) | Unique audit log entry identifier. |
user_id | string (UUID) | null | ID of the user who performed the action. null for system-generated events with no human actor. |
container_id | string (UUID) | null | ID of the container affected by the action. null if the event is not container-scoped. |
action | string | Dot-separated action identifier, e.g. "container.start", "token.create", "network.member.add". |
outcome | string | Result of the action — typically "success" or "failure". |
metadata | object | Structured JSON with additional context specific to the action type. Shape varies by action. May be an empty object {}. |
created_at | string (ISO 8601) | UTC timestamp when the event was recorded. |
Example
{
"id": "e5f6a7b8-0000-0000-0000-000000000001",
"user_id": "d290f1ee-6c54-4b01-90e6-d701748f0851",
"container_id": "f47ac10b-58cc-4372-a567-0e02b2c3d479",
"action": "container.start",
"outcome": "success",
"metadata": {},
"created_at": "2025-06-15T12:01:00Z"
}Access control
The audit log endpoint requires:
- Admin role — non-admin users receive
403 Forbidden. - Non-OAuth auth — OAuth application tokens are rejected even for admin accounts. Use a PAT or a browser session.