Audit log

Caddi writes a row for every meaningful action. Filterable, exportable, signed.

What gets logged

Project lifecycle: created, archived, deleted.
Deploys: promoted, rolled back, failed.
Env-var changes: who, when, what changed (value diffs are redacted for secrets).
Provider connections: connected, refreshed, disconnected.
Approvals: requested, granted, declined, escalated.
User events: invited, accepted, removed, role changed.
Domain events: verified, propagation status, certs.

Shape of a row

json

{
  "id": "audit_01H9X4D811ABCDXYZ",
  "workspace_id": "agency_01H...",
  "actor_id": "user_01H...",
  "actor_email": "[email protected]",
  "type": "deploy.promoted",
  "subject_type": "project",
  "subject_id": "project_01H...",
  "subject_name": "meridian-studio",
  "metadata": {
    "from_env": "staging",
    "to_env": "production",
    "from_sha": "e9d2244",
    "to_sha": "a1f7b9c",
    "pr_number": 412
  },
  "created_at": "2026-04-27T22:14:08Z",
  "ip": "203.0.113.4",
  "user_agent": "Mozilla/5.0 ..."
}

Where to read it

Inside the dashboard at Settings → Audit log. Filter by actor, type, subject, time range. Export to CSV at any time.

Retention

Audit log entries are kept indefinitely on the Pro plan. We’ll never silently delete a row.