Every consequential mutation in a workspace — creating or deleting a project, rotating an API key, inviting a teammate, upgrading a plan — lands in the audit log. The log is scoped to the active workspace (your personal account or a team) and viewable from the dashboard.
Audit is a security + operational tool, not a debugging tool for events. Inbound events themselves are visible in the events view; the audit log records human actions, not customer traffic.
What’s recorded
| Category | Actions |
|---|---|
| Projects | created, deleted |
| Channels | created, deleted |
| Connections | OAuth install created, disconnected |
| Endpoints | created, updated, deleted |
| API keys | created, deleted |
| Rules | created, deleted, enabled/disabled |
| Events | replayed, replayed with edits |
| Team | member invited, removed, invitation revoked |
| Billing | plan changed (upgrade, downgrade, cancel) |
Not recorded: event ingestion, reads (list endpoints, open a project), background operations (retry reaper, retention purge).
What’s on each entry
- Who — the Clerk user id of whoever clicked. For plan changes triggered by Stripe’s webhook (failed-payment → past-due → grace-expiry → default plan), the actor reads
systeminstead. - When — server-side timestamp.
- Action — a dotted string, e.g.
api_key.rotated. Stable enough for filtering. - Resource — type + id. Project UUIDs, email addresses for invitations, Clerk user ids for team members, plan ids for subscriptions.
- Metadata — per-action structured context (e.g. plan change shows
fromandto, invite showsemailandrole).
Retention
Audit retention follows the same tier as event retention:
| Tier | Retention |
|---|---|
| Hobby | 7 days |
| Hacker | 14 days |
| Pro | 30 days |
| Scale | 90 days |
Entries older than your plan’s window are purged on a rolling background job. Upgrading extends retention forward — entries already purged don’t come back. Downgrading honors a short grace window then tightens.
Team vs. personal
Every workspace has its own independent audit log:
- Personal workspace: records what you did.
- Team workspace: records what anyone in the team did. All members can view; there’s no separate read permission.
Switching workspaces in the sidebar switches which log you’re viewing. Audit entries never leak across owners — they key on the polymorphic owner_id like every other resource.
What happens on workspace deletion
Delete a team: every audit entry for that team is purged along with its projects, subscription, and usage. Delete a user account: same, at the user-owned layer. No residual audit survives — if you need archival, use Export CSV on the audit log view before deleting.
Related
- Audit log view — the dashboard surface.
- Teams — how workspaces + roles interact.