Audit and incidents
Every governed action should be observable in the dashboard audit stream.
Event data baseline
Each event should capture:
- actor (
uid, display identity) - workspace context (org, team, active group)
- command intent (
install,publish,test,run) - policy verdict and blocking reason
- timestamp and correlation id
- optional supporting metadata (package list, matched rule, preflight details)
Incident workflow
- filter event stream by timeframe/team/verdict
- open event detail and inspect policy source
- classify severity
- attach to incident folder/report
- track resolution and follow-up actions
High-signal dashboards
Recommended command center widgets:
- blocked actions (24h / 7d)
- top users by governed activity
- policy hit-rate by team
- publish preflight failures by reason
Compliance posture
For governance reviews, ensure:
- event retention policy is explicit
- audit records are immutable after write
- RBAC controls who can view and export sensitive event detail