Monitoring & Activity Tracking
Metatate provides built-in observability through an append-only activity log, governance snapshots, a decision log, and standard SPCS container monitoring.
Activity Log
Table: app_data.activity_log
An append-only audit trail that records every significant action in the application.
Schema
| Column | Type | Description |
|---|---|---|
id | INTEGER | Auto-increment primary key |
action | VARCHAR | Action identifier (e.g., policy.created, compile.applied, classification.run) |
entity_type | VARCHAR | Type of entity affected (policy, table, taxonomy, instruction) |
entity_id | VARCHAR | Unique identifier of the affected entity |
entity_name | VARCHAR | Human-readable name of the entity |
actor | VARCHAR | Snowflake user who performed the action |
actor_role | VARCHAR | Snowflake role active at the time of the action |
details | VARIANT | JSON payload with action-specific metadata |
created_at | TIMESTAMP_NTZ | Timestamp of the event |
API Access
GET /v1/activities
Query parameters:
| Parameter | Type | Default | Description |
|---|---|---|---|
limit | integer | 50 | Maximum number of records to return |
offset | integer | 0 | Number of records to skip for pagination |
action | string | -- | Filter by action identifier (exact match) |
entityType | string | -- | Filter by entity type (exact match) |
Governance Snapshots
Table: app_data.governance_snapshots
Tracks each materialization run that compiles policies into the governance tables consumed by MCP tools. Each row represents a point-in-time snapshot of the governance state, enabling diff-based auditing of what changed between materializations.
Decision Log
Table: app_data.governance_decision_log
Records every authorization decision made by the authorize_use and validate_query_context MCP tools. Each entry includes the request parameters, the decision (allow/deny), the reasoning chain, and the policies evaluated. Decisions are referenced by a unique decision_id that can be passed to the explain_why MCP tool for detailed review.
SPCS Container Logs
Container logs for all three services (router, frontend, backend) are accessible through Snowflake's built-in SPCS log infrastructure:
-- View recent backend logs
SELECT *
FROM TABLE(
SYSTEM$GET_SERVICE_LOGS(
'core.metatate_service', 0, 'backend', 100
)
);
-- View router (nginx) logs
SELECT *
FROM TABLE(
SYSTEM$GET_SERVICE_LOGS(
'core.metatate_service', 0, 'router', 50
)
);
Logs are retained according to the compute pool's configured log retention period.
Health Check
GET /health
Returns the current service status, version, and connectivity state. Used by SPCS as the container liveness probe and by the frontend to display connection status.
Example response:
{
"status": "healthy",
"version": "1.0.0",
"snowflake_connected": true,
"tenant_configured": true
}