Skip to main content
Audit logs provide a searchable audit trail of activity in your workspace. They show who performed an action, when it happened, what changed, and which resource was affected. Use audit logs to review workspace settings and configuration changes, track access updates, and investigate unexpected behavior. Audit logs can also support security and compliance workflows when needed.
  • Available on: Enterprise plans
  • Access: Workspace admins and owners
  • Location: Settings → Workspace → Audit logs

Audit log events

Workspace audit logs include events across categories such as:
CategoryExample events
Workspace membership
  • Member added, removed, or role updated
  • Invite link created or deleted
Workspace management
  • Workspace settings updated
  • Workspace deleted
Groups
  • Group created, updated, or deleted
  • Group members added or removed
Identity and access
  • Verified domain added or removed
  • SSO provider configured or removed
  • SCIM provisioning actions
Secrets and integrations
  • GitHub, Slack, or MCP connector installed or removed
  • Secrets changed
Projects
  • Project created, deleted, or updated
  • Collaborators or domains added or removed
  • Prompt activity
Authentication
  • Login and logout events
  • SSO workspace access

Audit log table

By default, the page shows logs for All actions, All members, and All time. The total number of matching logs appears in the top right of the table. The table is organized into four columns:
ColumnDescription
TimestampShows relative time, such as 4 minutes ago or about 11 hours ago. Hover to see the exact date and time.
ActorThe member who performed the action. Clicking the member’s name opens a popover showing their User ID, IP address, and User Agent. From this popover, you can copy these details or filter the table by that user.
ActionThe type of activity, displayed as a label such as Prompt sent, Workspace updated, Member added, or Project created.
ResourceThe affected object, such as a project, workspace, or user. Some resources are clickable. For example, clicking a project name opens that project.
Click any row to expand it and see structured JSON details describing the event. This includes the metadata associated with that action, such as message IDs for prompt activity or specific fields that were updated in a workspace setting.

Filtering audit logs

You can combine all three filters to focus on specific activity:
  • All actions lets you filter by a specific action type, such as Member added, Member removed, Workspace updated, Project created, or Prompt sent.
  • All members lets you select a workspace member using the searchable member picker.
  • Time range includes presets such as All time, Last 7 days, Last 30 days, Last 90 days, This month, and Last month.

How to use audit logs

A typical workflow:
  1. Set a relevant time range.
  2. Filter by member to review activity from a specific user.
  3. Filter by action type to narrow results to a specific kind of change.
  4. Expand entries to inspect the full JSON details.
  5. Open affected projects or jump to related messages to review context.
  6. Use the member popover to copy details such as user ID, IP address, or user agent if needed.

Audit log data retention

Logs are retained for 13 weeks, or approximately 90 days. Events older than that are automatically removed.
Logs before February 26, 2026 may be incomplete.

FAQ

Audit logs are available on Enterprise plans and are visible to workspace owners and admins.
Audit logs are retained for 13 weeks, or approximately 90 days. Events older than that are automatically removed.
No, there is currently no export functionality.Audit log entries can be expanded to view structured JSON details, which can be copied if needed.
If audit logs are not available or do not appear as expected:
  • Confirm your workspace is on an Enterprise plan.
  • Confirm your role includes permission to view audit logs. You must be a workspace admin or owner.
  • Clear filters and try a broader time range.