Every security-relevant action in a workspace is recorded in an append-only audit log.
Recorded events
- Member invitations, role changes, and removals
- API key creation and revocation
- Agent deployment, pause, resume, and removal
- Integration connection and disconnection
- Workspace setting changes
Each event records who (member or API key), what (the action and its target), and when (UTC timestamp), plus the source IP where available.
Access
The audit trail is visible to workspace owners and admins under Dashboard → Activity. Events are retained for the life of the workspace and are immutable — there is no API or UI to edit or delete them.
Export
Audit events can be exported for your SIEM or compliance archive. On Business and Custom plans, webhook delivery of audit events enables real-time forwarding.