Audit Logs & Activity Tracking
Platform-wide audit trails for admin actions, agent operations, and data changes
Overview
The platform maintains audit trails across all major operations — admin actions, agent runtime events, billing changes, and website executions. Audit logs provide accountability, debugging context, and compliance support.
What Gets Logged
Admin Actions
All admin API writes are logged with:
| Field | Description |
|---|---|
action | What was done (e.g., client.create, agent.update, user.delete) |
actor | Who performed the action (admin user ID) |
resource | What was affected (resource type + ID) |
timestamp | When the action occurred |
changes | Before/after state for updates |
Agent Runtime Events
SEO agent operations emit seo.* audit events:
| Event | Meaning |
|---|---|
seo.campaign.queued | A campaign was queued for execution |
seo.campaign.started | Worker claimed the campaign |
seo.campaign.completed | Campaign finished successfully |
seo.campaign.failed | Campaign failed |
seo.campaign.cancelled | Campaign was cancelled |
seo.action.completed | A sub-agent action finished |
Website Execution Events
All website job lifecycle transitions are logged:
| Event | Meaning |
|---|---|
website_execution.job.created | Job persisted |
website_execution.job.preview_ready | Preview available |
website_execution.job.running | Worker started execution |
website_execution.job.completed | Execution succeeded |
website_execution.job.failed | Execution failed |
wordpress.entity.write | WordPress content was written |
github.change_set.applied | GitHub commit was made |
Billing Events
Stripe webhooks mirror charge, invoice, and subscription state changes into the audit log with full event metadata.
Viewing Audit Logs
Via Admin UI
- Navigate to Admin → Audit Logs
- Filter by action type, actor, resource, or date range
- View detailed event records with full change metadata
Via API
# List audit logs
GET /admin/audit-logs?actor=USER_ID&action=client.create&from=2026-05-01&to=2026-05-05
# Get a specific audit entry
GET /admin/audit-logs/ENTRY_ID
Activity Records
Website execution uses shared activity records instead of a separate history store. Activity records include:
- Event key — standardized identifier (e.g.,
website_execution.job.completed) - Status —
info,success,warning, orerror - Summary — human-readable description
- Metadata — structured data specific to the event type
- Timestamp — when the event occurred
Retention
Audit logs are retained indefinitely by default. For high-volume deployments:
- Archive logs older than 90 days to cold storage
- Maintain a summary index for long-term reporting
- Never delete audit logs that may be needed for compliance
Compliance Considerations
Audit logs capture who did what and when. They do not store raw API keys, tokens, or secrets. Sensitive fields in logged payloads are redacted.
For compliance-sensitive deployments:
- Ensure audit log access is restricted to authorized admins
- Enable log export for external SIEM or compliance tools
- Configure retention policies to meet regulatory requirements
- Verify that all admin actions produce audit entries
Troubleshooting
| Issue | Resolution |
|---|---|
| Missing audit entries | Some legacy actions may not emit events — check the specific feature documentation |
| Cannot access audit logs | Only super_admin and admin roles can view audit logs |
| Logs too large to browse | Use date range and action type filters to narrow results |
| Redacted fields in entries | Sensitive fields (tokens, passwords, secrets) are automatically redacted |
