Audit Log
The Audit Log gives you a complete, searchable record of every action performed in your account. Every change made through the UI, REST API, MCP, or internal system processes is tracked automatically, so you always know who did what and when.
Accessing the Audit Log
Navigate to Account Settings > Audit in the sidebar. This page requires the Audit role — ask your account owner to grant it if you don't see the menu item.
What Is Tracked
Every user-facing action that creates or modifies resources is recorded. Events cover the full lifecycle of your infrastructure:
| Category | Examples |
|---|---|
| Apps | App created, settings saved, app destroyed |
| Environments | Environment created, stopped, started, scaled, region moved, duplicated |
| Deploys & Builds | Deploy triggered, rollback, deploy with image, build triggered, build canceled |
| Hosts | Hosts saved |
| Secrets | Secret decrypted, secrets re-encrypted, database key updated |
| Storage | Storage server created, storage synced, volume created |
| Alerts | Alert created, updated, deleted, toggled; contact point created, updated, deleted |
| Account & Members | Account created, renamed, destroyed; member invited, removed, roles updated |
| MCP Keys | MCP key created, updated, deleted, regenerated, toggled |
| User Settings | Profile updated, CLI token updated, env CLI token updated |
| Other | Exec session started, GitHub connected/disconnected, pod killed, IP allowlist saved, custom resources saved |
Channels
Each event records the channel through which the action was performed:
| Channel | Description |
|---|---|
| UI | Action performed through the web dashboard |
| API | Action performed via the REST API |
| MCP | Action performed through the MCP server |
| SYSTEM | Automated internal process |
Channels are displayed as color-coded badges in the audit table for quick visual identification.
Filtering Events
The Audit page provides several filters to help you find specific events:
- Date range — filter events by a start and end date
- Type — filter by event type (e.g., only deploys, only member changes)
- Channel — filter by origin channel (UI, API, MCP)
- Member — filter by the team member who performed the action
- App — filter by the application affected, including removed apps
Hide Navigation Toggle
By default, the Hide navigation toggle is on, which excludes page-navigation events from the list. Turn it off if you want to see navigation activity as well.
Event Details
Each event in the audit table shows:
| Column | Description |
|---|---|
| Type | A human-readable label describing the action (e.g., "App created", "Environment scaled") |
| Channel | The origin channel badge (UI, API, MCP) |
| User | The team member who performed the action |
| App / Env | The affected application and environment, if applicable. Removed apps and environments are shown with a strikethrough |
| Date | Timestamp of the event. Hover to see the IP address that originated the request |
Permissions
Access to the Audit Log requires the Audit role. Account owners and members with the audit permission can view the full event history for the account.
Use Cases
- Security investigation — trace who made a change that caused an incident
- Compliance — maintain a record of all infrastructure changes for audits
- Team visibility — understand what actions team members are taking across environments
- Debugging — correlate deployment or configuration changes with application issues
- Change management — review recent changes before and after maintenance windows