Audit log
A read-only timeline of everything you've done.
What's logged
GET /api/account/audit-list returns a chronological list:
- Logins (with IP and user agent).
- Logouts.
- Password changes.
- MFA setup / disable.
- Settings changes.
- Workspace loads.
- Run starts and completions.
- Apply / rollback events.
- API key creates / revokes.
- Account deletion requests.
UI
Account → Audit log. A table with columns: Time · Event · Detail · IP · Result.
Filter by:
- Date range.
- Event type.
- IP.
- Result (success / failure).
Export to CSV with Download.
Retention
The audit log is append-only and retained for the lifetime of the account. Deleting your account removes the log along with everything else.
Workspace audit chain
The per-workspace receipt chain is separate from this account-level audit log. They serve different purposes:
| Account audit log | Workspace receipt chain | |
|---|---|---|
| Scope | Whole account | One workspace |
| Records | Auth events, settings, navigation | Code mutations |
| Tamper-evident | No (append-only) | Yes (hash-linked) |
| Verification | Human review | verify endpoint |
Why both
Account events tell you "who is doing things in my account?". Receipts tell you "what changed in this codebase?". The intersection — "who applied this diff?" — is captured by the receipt's user_id field, which links back into the audit log.