CH-UICH-UI

Audit Log

The CH-UI Cloud workspace audit log — who did what, when, across members, connections, integrations, billing, and sign-ins.

The audit log records administrative actions in a CH-UI Cloud workspace, so owners and admins can answer "who changed this, and when?" — a baseline requirement for security reviews and SOC 2.

It's available to owners and admins at Console → Audit log.

This is the console audit log (workspace administration). It is distinct from Governance, which records ClickHouse query activity and metadata changes inside a connection.

What's recorded

ActionWhen it fires
auth.loginA member signs in via magic link
sso.loginA member signs in via SSO
member.invitedA member is invited to the workspace
member.role_changedA member's role is changed
member.removedA member is removed
org.createdA workspace is created
org.deletedA workspace is deleted
connection.createdA connection (tunnel or direct) is added
connection.deletedA connection is removed
github.connectedThe GitHub app is connected to the workspace
github.disconnectedThe GitHub integration is removed
billing.subscription_updatedA plan/subscription change is applied (from Stripe)
sso.configured / sso.removedSSO settings are changed

Each entry captures the actor (email), the action, an optional target (e.g. the affected user or connection), structured metadata, the IP address, the user agent, and a timestamp.

Using it

The page lists events newest-first with:

  • Search across actor, action, and target
  • Action filter (sign-ins, member changes, connections, GitHub, billing…)
  • Time range (24h / 7 days / 30 days / all time)
  • Load more paging

Properties

  • Tamper-resistant by design: there is no UI to edit or delete individual entries. Workspace deletion is recorded at the account level so the event survives even after the workspace is gone.
  • Actor preserved: the actor's email is stored on the event, so the trail stays meaningful even if the user is later removed.
  • System actions (e.g. a Stripe-driven plan change) are attributed to system.

API

MethodPathDescription
GET/console/orgs/{slug}/auditList events. Query: action, search, timeRange, limit, offset. Admin only.

On this page