What Gets Logged

Authentication Actions:

  • Login (email and Google OAuth)
  • Logout
  • Failed login attempts
  • MFA setup, verification, and backup code usage

Content Actions:

  • Content created
  • Content updated
  • Content deleted
  • Content published
  • Content unpublished

Brief Actions:

  • Brief created
  • Brief updated
  • Brief deleted
  • Brief generated (AI content generation)

Approval Workflow Actions:

  • Submitted for approval
  • Approved
  • Rejected
  • Requested changes
  • Approval cancelled

Settings Changes:

  • Settings updated
  • Connector created/updated/deleted
  • API key created/revoked

Team Management:

  • User invited
  • User removed
  • Role changed

Data Export/Import:

  • Data exported (CSV, JSON, PDF)
  • Data imported

What's Captured in Each Log Entry

User Attribution:

  • User email (preserved even if user deleted)
  • User role at time of action
  • IP address (tracks original client IP, not proxy)
  • User agent (browser/device information)

Action Details:

  • Action type (create, update, delete, etc.)
  • Resource type (content, brief, connector, etc.)
  • Resource ID and human-readable name
  • Request path and HTTP method

Context & Changes:

  • Details JSON field (before/after values for updates)
  • Metadata (workflow stage, export format, etc.)
  • Status (success, failure, denied)
  • Error message (if action failed)

Timestamp:

  • Created timestamp (auto-set, immutable, indexed)

Viewing Audit Logs

Navigate: Settings → Audit Logs

Dashboard View:

  • Recent activity timeline (last 7, 30, 90 days)
  • Summary statistics:
  • Total actions today
  • Total actions in selected period
  • Failed login attempts
  • Unique active users
  • Filter by:
  • Action type (login, content_create, settings_update, etc.)
  • User email (search by name)
  • Resource type (content, brief, user, connector, etc.)
  • Status (success, failure, denied)
  • Date range
  • 50 logs per page with pagination
  • Click any log to view full details

Log Detail View:

  • Full action information
  • Request context (IP, path, user agent)
  • JSON details (field changes, metadata)
  • Related logs (other actions on same resource)

Resource History

View all changes to a specific resource:

Navigate: Audit Logs → Resource History → [Resource Type] → [Resource ID]

Or click "View History" link from:

  • Content detail page → See all edits, publishes, deletes
  • Brief detail page → See creation, updates, generation events
  • Connector settings → See all configuration changes

Example Use Cases:

  • "Who published this article last week?"
  • "What changed in our brand voice settings?"
  • "When was this brief created and by whom?"

User Activity Tracking

View all actions by a specific user:

Navigate: Audit Logs → User Activity → [User Email]

Or view your own activity: Settings → Audit Logs → My Activity

Shows:

  • All actions by user in last 30 days (configurable)
  • Authentication events (logins, logouts)
  • Content creation and edits
  • Settings changes
  • Exports and data access

Example Use Cases:

  • Review team member contributions
  • Investigate suspicious account activity
  • Compliance audit: "Show me all actions by John in Q4"

Exporting Audit Logs

Navigate: Settings → Audit Logs → Export

Export Options:

  • CSV format (for spreadsheet analysis)
  • JSON format (for API/automation)
  • Date range: 7, 30, 90 days or custom range

CSV Columns:

  • Timestamp
  • User Email
  • User Role
  • Action (human-readable)
  • Resource Type
  • Resource ID
  • Resource Name
  • Status
  • IP Address
  • Request Path
  • Details (JSON string)

Use Cases:

  • Compliance audits (SOC 2, GDPR, HIPAA)
  • Security investigations
  • Activity reports for management
  • Evidence collection for disputes

Configuring Audit Log Settings

Navigate: Settings → Audit Logs → Settings

Retention Policy:

  • Default: 365 days (1 year)
  • Configurable per tenant
  • Old logs automatically deleted after retention period
  • Cleaned up nightly by scheduled task

What to Log (toggles for each category):

  • Authentication events (default: on)
  • Content changes (default: on)
  • Brief changes (default: on)
  • Approval actions (default: on)
  • Settings changes (default: on)
  • Team changes (default: on)
  • API access (default: on)

Suspicious Activity Detection:

  • Enable email notifications for suspicious activity
  • Failed login threshold (default: 10 failures in 1 hour)
  • Alerts sent to tenant admins
  • Helps detect brute force attacks

Security Features

Immutability:

  • Logs cannot be edited after creation
  • Logs cannot be deleted manually
  • Prevents tampering and ensures audit trail integrity
  • Enforced at database and application level

IP Address Tracking:

  • Captures original client IP (not proxy/load balancer)
  • Handles X-Forwarded-For headers correctly
  • Useful for detecting unauthorized access from unusual locations

Failed Access Detection:

  • Logs permission denied attempts
  • Tracks unauthorized access attempts
  • Identifies compromised accounts
  • Triggers notifications after threshold exceeded

User Email Preservation:

  • Email stored separately from user record
  • Preserved even if user account deleted
  • Maintains complete audit trail after user removal

Compliance & Use Cases

SOC 2 Compliance:

  • Complete audit trail of all user access and changes
  • 365+ day retention (configurable)
  • Shows who accessed sensitive data (briefs, content, settings)
  • Exportable for external auditors

GDPR Right to Access:

  • Users can request all actions taken on their data
  • Export audit logs related to specific user
  • Shows data access, edits, exports

Security Incident Investigation:

  • Detect unusual activity (user deleting many briefs)
  • Track unauthorized access attempts
  • Identify compromised accounts
  • Timeline of events leading to incident

Governance & Accountability:

  • See who approved/rejected content
  • Track changes to brand voice or strategy
  • Identify who exported sensitive data
  • Resolve disputes about content edits

Forensic Analysis:

  • Complete history of resource changes
  • Who made each edit and when
  • Before/after values for updates
  • Request context (IP, browser, time)

Statistics & Monitoring

Dashboard Stats (refreshed daily):

  • Total actions today
  • Total actions in selected period (7, 30, 90 days)
  • Failed login attempts
  • Unique active users

Activity Patterns:

  • Most active users
  • Most common actions
  • Peak activity times
  • Resource types most frequently modified

Anomaly Detection:

  • Unusual number of deletions
  • Failed login spikes
  • Access from new locations
  • Bulk export activity

Performance Notes

Logging Overhead:

  • <10ms per action
  • Never blocks main operations
  • Errors logged silently (never breaks functionality)
  • Asynchronous where possible

Database Indexing:

  • Indexed on tenant + created_at
  • Indexed on tenant + user
  • Indexed on tenant + action
  • Indexed on tenant + resource_type + resource_id
  • Fast queries even with millions of logs

Retention & Cleanup:

  • Scheduled cleanup runs nightly
  • Deletes logs older than retention period
  • Configurable per tenant
  • Can export before cleanup for archival

Viewing Logs by Context

From Content Hub:

  • Click content → View Details → Activity History
  • Shows all actions on that content piece
  • Create, edit, publish, unpublish, delete events

From Brief Detail Page:

  • Scroll to Activity section
  • Shows brief creation, updates, generation events
  • Links to full audit log entries

From Settings Pages:

  • Changes to settings automatically logged
  • View history of connector configurations
  • Track API key creation/revocation

From Team Management:

  • User invites, removals, role changes logged
  • View who made team changes and when

FAQs

Q: Can I delete audit logs? A: No. Audit logs are immutable for compliance reasons. They're automatically cleaned up after the retention period (default 365 days) via scheduled task.

Q: What happens to logs when I delete a user? A: Logs are preserved. The user_email field is stored separately, so the audit trail remains intact even after user deletion. The user foreign key is set to NULL, but the email and action details remain.

Q: Can I see logs from before enabling audit logging? A: No. Only actions after audit logging was enabled are recorded.

Q: Who can view audit logs? A: Admin and Owner roles can view all audit logs. Other roles can view their own activity via "My Activity" page. Configurable via role permissions.

Q: Are failed login attempts logged? A: Yes. Failed logins are logged with action=login_failed, including IP address and user email (even if account doesn't exist, for security monitoring).

Q: Do audit logs impact performance? A: Minimal impact (<10ms per action). Logging is wrapped in try/catch to never break main functionality. Database is indexed for fast queries.

Q: Can I export logs for compliance audits? A: Yes. Export as CSV or JSON with custom date ranges. Export action itself is logged for audit trail completeness.

Q: What's the difference between audit logs and activity history? A: Same data, different views. Audit logs show all actions across all resources. Activity history shows actions for a specific resource (content, brief, etc.).

Q: Do API requests get logged? A: API key creation and revocation are logged. Individual API requests are not logged by default (would generate excessive logs). Enable via settings if needed for compliance.

Q: Can I get email notifications for suspicious activity? A: Yes. Enable "Notify on suspicious activity" in Audit Log Settings. Set failed login threshold (default: 10 in 1 hour). Notifications sent to tenant admins.

Q: Are webhook events logged? A: Connector creation/updates/deletes are logged. Individual webhook payloads are not logged by default (excessive volume). Check webhook-specific logs if debugging integrations.

Q: How long are logs retained? A: Default 365 days. Configurable per tenant in Audit Log Settings. Logs older than retention period are automatically deleted by nightly cleanup task.