Audit Log: Compliance & Forensics
Every privileged action is recorded for compliance, debugging, and incident response.
PromptHelm records every privileged action as an append-only audit event. The audit log is what makes a SOC 2 review tractable, what lets you reconstruct a security incident, and what gives engineering managers a single source of truth for "who changed what, when, and why."
What gets recorded
Every action that mutates organization state, security posture, or billing creates an audit entry:
- Organization — create, rename, delete, transfer ownership.
- Members — invite, remove, role change.
- Prompts — create, version save, promotion, archive.
- Provider keys — add, rotate, revoke.
- API tokens — mint, revoke.
- Authentication — password change, passkey enroll/remove, OAuth link/unlink, login from new device.
- Account — deletion, GDPR export, tier change.
- Webhooks — install, rotate signing secret, remove.
Read-only actions (viewing a prompt, running the playground, listing analytics) are not recorded — that traffic lives in execution logs and RUM, not the audit trail.
What each entry contains
| Name | Type | Default | Description |
|---|---|---|---|
| actorId | ObjectId | — | The user or service that performed the action. |
| actorType | user | api_token | system | — | Distinguishes manual changes from automation. |
| action* | string | — | Stable verb, e.g. prompt.promote, member.role.change. |
| resource | { type, id } | — | What the action targeted. |
| metadata | object | — | Action-specific context: previous value, new value, IP, user-agent. |
| createdAt* | Date | — | Server timestamp; never editable. |
Tier visibility
| Name | Type | Default | Description |
|---|---|---|---|
| Free | tier | — | Audit events are recorded but not surfaced in the dashboard. |
| Pro | tier | — | Last 7 days visible in /settings/audit. |
| Business | tier | — | Last 90 days visible, filterable by actor and action. |
| Enterprise | tier | — | Full retention plus signed CSV/JSON export. |
Compliance posture
GDPR exports + audit retention are the building blocks for SOC 2 and HIPAA readiness. The combination answers the two questions auditors ask first:
- Can you produce a record of every privileged change? — yes, indefinitely (Enterprise) or for the tier window.
- Can you prove records have not been tampered with? — yes,
entries are append-only and the audit collection has no
updateordeleteprivileges in the application role.
Append-only means append-only
Audit records are never mutated and never deleted. Even an account
deletion creates a final account.delete entry rather than wiping
the trail.
Where to find it
The dashboard surface is /settings/audit (Pro tier and above). The
backend module is live across all tiers; the UI rolls out by tier as
described above.