Skip to content

Audit log

Every consequential action in Haven lands in your organization’s audit log: an append-only, hash-chained record. Each entry links to the hash of the previous one, so the log’s integrity is verifiable and edits or deletions are detectable.

Open it from Audit in the top navigation.

In user terms, the log answers “who did what, when” for:

  • Publishing: publish attempts and outcomes, yanks and unyanks, quarantine releases.
  • Namespaces: creation, visibility changes, ownership changes, subset and allowlist changes, dump imports, policy changes.
  • The gate: promotion approvals and revocations, publisher vouches and trust revocations, advisories raised, advisory syncs.
  • Artifacts: SBOM uploads, attestations, docs builds and uploads.
  • Access: token mints, grants, member invitations, role changes, identity revocations.

Entries carry the acting identity, so a token named “ci-deploy” shows up as itself, distinct from the human who minted it.

The audit log is the evidence layer under everything else: when a policy question comes up (“who approved promoting that held version?”, “when did this advisory start holding builds?”), the answer is a log entry, not a memory. For compliance reviews, export what you need and point auditors at the chain.