Activity timelines for platform services and cloud portal #666
Description
Summary
With Activity v0.3.0, we introduced semantic activity timelines that translate raw audit events into clear, human-readable summaries. DNS was the first service to ship activity timelines and the staff portal was the first to integrate the activity UI.
This enhancement covers the next phase: bringing human-friendly activity timelines to all platform services and making them available to end users through the cloud portal.
Users can already see project and organization activity today through raw audit logs, but these are technical and hard to parse. Activity timelines replace that experience with clear descriptions of what happened — like "Sarah created HTTP proxy api-gateway" instead of a raw API call record.
Motivation
When users want to understand what's been happening in their project, they shouldn't need to read raw audit payloads. Activity timelines give users immediate answers to everyday questions:
- "What changed in my project today?"
- "Who updated the gateway configuration?"
- "Did my domain finish verifying?"
- "When were permissions last changed?"
Expanding activity coverage to all platform services and surfacing it in the cloud portal means every user gets this visibility — not just staff.
Goals
- Cover all user-facing platform services with human-readable activity summaries
- Design and polish the activity UI for end-user readiness in the cloud portal
- Provide both per-resource and project-wide activity views
- Maintain the quality bar set by DNS activity timelines for summary clarity and usefulness
Non-Goals
- Compute resources (Workloads, Instances, Networks, Subnets, Locations, etc.) — not yet exposed to end users
- Alerting or notifications based on activity
- Exporting activity logs to external systems
Service Coverage
Network Services
| Resource | Description |
|---|---|
| Domain | Domain registration and verification lifecycle |
| HTTPProxy | HTTP proxy configuration and readiness |
| Gateway | Gateway creation and traffic management |
| HTTPRoute | Route rules for directing traffic to backends |
| TrafficProtectionPolicy | WAF and traffic protection rules (observe/enforce) |
| Connector | Hybrid connectivity between environments |
Example activity summaries:
- "You created HTTP proxy
api-gateway" - "Your gateway is ready and accepting traffic"
- "Sarah added a route for
/api/v2to gatewaymain" - "Domain
example.comhas been verified" - "Traffic protection enabled in enforce mode on gateway
main" - "Connector
on-prem-linkestablished connectivity"
Identity & Access
| Resource | Description |
|---|---|
| User | User invitations and membership |
| RoleBinding | Permission grants and revocations |
Permission changes are some of the most important activities to surface clearly:
- "Alex invited taylor@example.com to the project"
- "Morgan granted Editor role to the DevOps team"
- "A role binding was removed for service-deployer"
Resource Management
| Resource | Description |
|---|---|
| Organization | Top-level organizational units |
| Project | Project lifecycle within organizations |
| ConfigMap | Application configuration |
| Secret | Sensitive configuration (values never shown) |
Example activity summaries:
- "You created project
staging-west" - "Alex updated ConfigMap
feature-flags" - "A secret was updated in namespace
production"
Telemetry
| Resource | Description |
|---|---|
| ExportPolicy | Telemetry export pipeline configuration |
Example activity summaries:
- "You created an export policy for metrics"
- "Your export pipeline is active and delivering data"
- "Export to
monitoring-endpointfailed — we'll keep retrying"
Cloud Portal Design & Integration
The activity UI is currently integrated into the staff portal. Before bringing it to the cloud portal, it needs a design pass to ensure the right level of polish for end users:
- Review and refine the activity timeline visual design for the cloud portal context
- Ensure the UI works well on resource detail pages (per-resource timeline) and at the project level (aggregated feed)
- Consider empty states, loading behavior, and how activity fits into the overall page layout
- Validate that the experience feels cohesive with the rest of the cloud portal
Suggested Approach
- Design — UI/UX review and refinement of the activity timeline for end-user readiness
- Network Services — High visibility, natural extension of DNS work
- Resource Management — Core resources users interact with daily
- Identity & Access — Important for security and team collaboration visibility
- Telemetry — Smaller surface area, can proceed independently
- Cloud Portal Integration — Can begin in parallel with service work once design is finalized
Related
- Parent enhancement: Semantic activity logs #469
- Activity v0.3.0 release: https://github.com/datum-cloud/activity/releases/tag/v0.3.0
- DNS activity timeline (reference implementation): feat: DNS activity timeline dns-operator#25
- Staff portal activity UI: feat(activity-hub): integrate staff portal with activity service staff-portal#349