You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Follow-up to #25239. That PR documents the sbx-side local audit log (sandboxd's JSONL records of policy decisions + session lifecycle, collected by SIEM tools). This issue tracks the separate, Hub-side audit surface: AI Governance policy-change events in Activity logs, which are already live but undocumented.
Background
Two distinct audit surfaces exist for AI Governance:
Activity logs (app.docker.com) — who changed a governance policy in the Admin Console / via the Governance API. Served by the Docker Audit Logs API and shown in the Activity logs UI.
The governance events are confirmed live (seen in a test org), for example:
created governance policy
created / updated / deleted governance policy rule '<name>'
set governance setting '<name>' from '<old>' to '<new>'
But content/manuals/admin/activity-logs.md currently only documents Settings Management "Policy created/updated/deleted" events — nothing for AI Governance.
What remains
Add AI Governance events to content/manuals/admin/activity-logs.md — a new subsection (or rows under Organization events) covering governance.policy.create / update / delete, including the data fields (org_uuid, policy_id, policy_type, rule_changes, settings_changes) and action_description examples.
Verify the Hub API reference (reference/api/hub, audit-logs tag) lists the governance.* action types. This is generated/vendored, so a missing entry may need an upstream fix rather than a docs edit.
Cross-reference the two surfaces — once the Activity Logs section exists, link it and the sbx audit log page to each other (runtime policy-decision audit ↔ org-level policy-change audit), so readers don't conflate them.
Summary
Follow-up to #25239. That PR documents the sbx-side local audit log (sandboxd's JSONL records of policy decisions + session lifecycle, collected by SIEM tools). This issue tracks the separate, Hub-side audit surface: AI Governance policy-change events in Activity logs, which are already live but undocumented.
Background
Two distinct audit surfaces exist for AI Governance:
content/manuals/ai/sandboxes/governance/audit.md.The governance events are confirmed live (seen in a test org), for example:
created governance policycreated/updated/deleted governance policy rule '<name>'set governance setting '<name>' from '<old>' to '<new>'But
content/manuals/admin/activity-logs.mdcurrently only documents Settings Management "Policy created/updated/deleted" events — nothing for AI Governance.What remains
content/manuals/admin/activity-logs.md— a new subsection (or rows under Organization events) coveringgovernance.policy.create/update/delete, including thedatafields (org_uuid,policy_id,policy_type,rule_changes,settings_changes) andaction_descriptionexamples.reference/api/hub,audit-logstag) lists thegovernance.*action types. This is generated/vendored, so a missing entry may need an upstream fix rather than a docs edit.References
/reference/api/hub(audit-logs tag)