Activity Tracking

Teabar records all actions performed on your environments, providing a complete audit trail for compliance, debugging, and team visibility.

Overview

Activity tracking captures:

User actions - Who did what and when
Environment changes - Creation, updates, deletion
Configuration changes - Settings and policy modifications
API access - All API calls with authentication details
System events - Automated actions and scheduled tasks

Note

Activity logs are retained for 90 days by default. Enterprise plans can configure longer retention periods.

Viewing Activity

CLI

# View recent activity
teabar activity

# View activity for a specific environment
teabar activity --env my-feature-env

# View activity for a specific user
teabar activity --user [email protected]

# View activity for a time range
teabar activity --from "2024-01-01" --to "2024-01-07"

# Filter by action type
teabar activity --action create
teabar activity --action delete
teabar activity --action update

Example output:

Recent Activity (last 24 hours)

TIME                 USER                ACTION              RESOURCE
2024-01-15 14:32:01  [email protected]   env.create          my-feature-env
2024-01-15 14:30:45  [email protected]   env.delete          old-test-env
2024-01-15 13:15:22  api-key:deploy-*   env.update          staging-env
2024-01-15 12:00:00  system             env.cleanup         idle-env-1
2024-01-15 11:45:33  [email protected]   project.update      frontend
2024-01-15 10:30:00  [email protected]  member.invite       [email protected]

Showing 6 of 156 events. Use --limit to see more.

Dashboard

Access the activity dashboard at https://app.teabar.dev/activity.

Features:

Real-time activity feed
Advanced filtering and search
Visual timeline view
Export capabilities

Activity Events

Environment Events

Event	Description
`env.create`	Environment created
`env.update`	Environment configuration changed
`env.delete`	Environment deleted
`env.start`	Environment started
`env.stop`	Environment stopped
`env.restart`	Environment restarted
`env.checkpoint`	Checkpoint created
`env.restore`	Environment restored from checkpoint

Project Events

Event	Description
`project.create`	Project created
`project.update`	Project settings changed
`project.delete`	Project deleted
`project.blueprint.update`	Blueprint configuration changed

Organization Events

Event	Description
`org.update`	Organization settings changed
`member.invite`	Member invited
`member.remove`	Member removed
`member.role.update`	Member role changed
`auth.login`	User logged in
`auth.logout`	User logged out

System Events

Event	Description
`system.cleanup`	Automated cleanup executed
`system.alert`	Alert triggered
`system.maintenance`	Scheduled maintenance

Activity Details

Get detailed information about a specific event:

# View activity details by ID
teabar activity show evt_abc123

Output:

{
  "id": "evt_abc123",
  "timestamp": "2024-01-15T14:32:01Z",
  "action": "env.create",
  "actor": {
    "type": "user",
    "id": "usr_xyz789",
    "email": "[email protected]",
    "ip_address": "192.168.1.100"
  },
  "resource": {
    "type": "environment",
    "id": "env_def456",
    "name": "my-feature-env"
  },
  "context": {
    "project": "frontend",
    "organization": "acme-corp",
    "source": "cli",
    "cli_version": "1.5.0"
  },
  "changes": {
    "blueprint": "nodejs-app",
    "resources": {
      "cpu": "2",
      "memory": "4G"
    }
  },
  "result": "success"
}

Filtering Activity

By Time Range

# Last hour
teabar activity --since 1h

# Last 7 days
teabar activity --since 7d

# Specific date range
teabar activity --from "2024-01-01" --to "2024-01-31"

By Actor

# By user email
teabar activity --user [email protected]

# By service account
teabar activity --actor service-account:ci-pipeline

# System actions only
teabar activity --actor system

By Resource

# By environment
teabar activity --env my-feature-env

# By project
teabar activity --project frontend

# By resource type
teabar activity --resource-type environment
teabar activity --resource-type project
teabar activity --resource-type organization

By Action

# All create actions
teabar activity --action "*.create"

# All environment actions
teabar activity --action "env.*"

# Specific action
teabar activity --action "member.invite"

Combined Filters

# John's environment deletions in the last week
teabar activity 
  --user [email protected] 
  --action env.delete 
  --since 7d

Streaming Activity

Monitor activity in real-time:

# Stream all activity
teabar activity stream

# Stream specific environment
teabar activity stream --env my-feature-env

# Stream with filters
teabar activity stream --action "env.*" --project frontend

Exporting Activity

CSV Export

teabar activity export 
  --from "2024-01-01" 
  --to "2024-01-31" 
  --format csv 
  --output january-activity.csv

JSON Export

teabar activity export 
  --from "2024-01-01" 
  --to "2024-01-31" 
  --format json 
  --output january-activity.json

API Access

# Use OIDC token (from teabar auth or Keycloak service account)
curl -H "Authorization: Bearer $TEABAR_TOKEN" 
  "https://api.teabar.dev/v1/activity?from=2024-01-01&limit=100"

Audit Compliance

SOC 2 Compliance

Teabar activity logs support SOC 2 compliance requirements:

Immutable logs - Activity records cannot be modified or deleted
Complete coverage - All user and system actions are recorded
Retention policies - Configurable retention periods
Access controls - Only authorized users can view activity

Audit Reports

Generate compliance-ready audit reports:

# Generate audit report
teabar audit report 
  --from "2024-01-01" 
  --to "2024-03-31" 
  --format pdf 
  --output q1-audit-report.pdf

Report includes:

User access summary
Permission changes
Environment lifecycle events
Security-relevant actions
Anomaly detection results

Webhooks

Send activity events to external systems:

# teabar.yaml
webhooks:
  - name: activity-to-datadog
    url: https://http-intake.logs.datadoghq.com/v1/input
    events:
      - "env.*"
      - "member.*"
    headers:
      DD-API-KEY: ${DD_API_KEY}
  
  - name: security-alerts
    url: https://hooks.slack.com/services/xxx
    events:
      - "api_key.create"
      - "api_key.revoke"
      - "member.role.update"

Webhook Payload

{
  "event": "env.create",
  "timestamp": "2024-01-15T14:32:01Z",
  "actor": {
    "type": "user",
    "email": "[email protected]"
  },
  "resource": {
    "type": "environment",
    "name": "my-feature-env"
  },
  "organization": "acme-corp",
  "project": "frontend"
}

Agent Health Monitoring

For participant activity tracking, Teabar deploys a lightweight agent to participant workspaces. Educators can monitor agent health to identify connectivity issues.

Health Status

Status	Indicator	Meaning
`healthy`	Green	Agent responding normally
`degraded`	Yellow	Agent responding but with errors
`unresponsive`	Orange	No heartbeat for 60-300s
`offline`	Red	No heartbeat for 300s+
`unknown`	Gray	Agent never connected

Viewing Participant Health

# View all participants' agent status
teactl activity health my-workshop

# Output:
# PARTICIPANT     AGENT STATUS    LAST SEEN     ACTIVITY
# participant-1   ● healthy       just now      active
# participant-2   ● healthy       10s ago       active
# participant-3   ◐ degraded      45s ago       slow connection
# participant-4   ○ unresponsive  3m ago        -
# participant-5   ○ offline       15m ago       -
#
# Summary: 2 healthy, 1 degraded, 1 unresponsive, 1 offline

Real-time Health Monitoring

# Watch participant health in real-time
teactl activity health my-workshop --watch

# Include health in activity stream
teactl activity watch my-workshop
# Shows: 5● 1◐ 1○ (health summary in header)

Health Alerts

Configure alerts for participant connectivity issues:

# In blueprint or environment config
activityTracking:
  agentHealth:
    heartbeatInterval: 30s
    alerts:
      - condition: offline_count >= 3
        notify: [email, slack]
        message: "Multiple participants offline"

Tip

Agent health issues often indicate network problems, not participant errors. Check your network configuration if many participants show as offline.

Best Practices

Review regularly - Check activity logs weekly for anomalies
Set up alerts - Notify on sensitive actions (member changes, role updates)
Export for compliance - Regularly export logs to your own storage
Use webhooks - Integrate with SIEM tools for security monitoring
Tag activities - Use consistent project and environment naming for easier filtering
Monitor agent health - Keep an eye on participant connectivity during sessions

Warning

Activity logs may contain sensitive information. Ensure only authorized personnel have access to activity data.

Troubleshooting

Missing Activity Events

# Check if activity tracking is enabled
teabar config get activity.enabled

# Verify webhook delivery
teabar webhooks status

# Check for failed webhook deliveries
teabar webhooks failures --since 24h

High Volume Activity

For organizations with high activity volume:

# Use pagination for large queries
teabar activity --limit 100 --offset 200

# Use streaming for real-time monitoring
teabar activity stream --filter "action=env.create"

# Export in batches
teabar activity export --batch-size 10000