Audit logs
Append-only records of team membership changes and exportable drift history for compliance — available on Team and Enterprise plans.
Shipped: CP-5.4 console Team & audit panel; CP-6.2 admin audit for platform operators (private host).
Team audit log
Organization owners and admins view seat and invite events in ConsoleAccountTeam & audit.
Recorded event types include:
- Member invites sent, accepted, and revoked
- Seat capacity changes and enforcement blocks
- Role changes on memberships
API
GET /api/orgs/{orgId}/audit-log?limit=50Requires an authenticated org member with activity:read. Returns up to 200 events:
{
"events": [{
"id": "…",
"eventType": "invite_sent",
"actorUserId": "…",
"targetEmail": "eng@acme.test",
"seatsPurchased": 5,
"seatsUsed": 3,
"createdAt": "2026-06-11T12:00:00.000Z"
}]
}Team plan required — Pro returns 402 with upgrade messaging.
Drift history export
For contract change audit trails, export drift events from console or API:
GET /api/drift/export?format=csv&limit=5000
GET /api/drift/export?format=json
GET /api/drift/export?format=auditCSV and JSON include full changesJson per event. Team plans add HMAC-signed audit JSON (format=audit) for SIEM and compliance ingestion — use the Signed audit (Team) button in console drift export.
Retention
| Data | Pro | Team |
|---|---|---|
| Drift event history | 90 days | 365 days |
| Seat audit events | — | Operational window + export |
| Signed audit export | — | On demand |
See pricing for current limits.
Who can view
Roles with activity:read — viewer and above. Invite and seat management events are visible to all members; sensitive exports require drift:export (member+).