Audit log actions
Every entry in the audit log records an action — a stable, dotted verb like document.create — and the resource type it applies to. The set of actions is a closed registry (src/lib/server/services/audit-actions.ts): the audit API only accepts a registered verb, so the vocabulary stays consistent and a typo can never silently land a new, unqueryable action in the trail.
This page is the canonical list. Each row is action → resourceType. Filter the Settings → Admin → Audit view by any of these.
| Action | Resource type |
|---|---|
account.deletion_confirmed | user |
account.deletion_requested | user |
account.email_change_cancelled | user |
account.email_change_requested | user |
account.email_changed | user |
account.export_downloaded | user |
ai.chat | ai_config |
ai.image.generate | attachment |
api_key.create | api_key |
api_key.remove_document_override | api_key |
api_key.revoke | api_key |
api_key.set_collection_scopes | api_key |
api_key.set_document_override | api_key |
api_key.set_restricted_mode | api_key |
attachment.upload | document |
auth.login_failed | user |
auth.step_up_failed | user |
auth.step_up | user |
badge.delete | badge |
badge.upsert | badge |
brain.journal_append | document |
brain.quick_capture | document |
collection.create | collection |
collection.delete | collection |
collection.permission.remove | collection |
collection.permission.upsert | collection |
comment.create | comment |
comment.delete | comment |
document.append | document |
document.copy | document |
document.create | document |
document.delete | document |
document.insert_after_heading | document |
document.move | document |
document.prepend | document |
document.publish_to_channel | document |
document.restore | document |
document.update | document |
gamification.points_expiry_update | team |
gamification.toggle | team |
group.add_member | group |
group.create | group |
group.delete | group |
group.remove_member | group |
group.set_capabilities | group |
group.update | group |
image_config.create | image_config |
image_config.delete | image_config |
image_config.update | image_config |
invitation.create | invitation |
invitation.revoke | invitation |
llm_config.create | llm_config |
llm_config.delete | llm_config |
llm_config.update | llm_config |
mfa.admin_reset | user |
mfa.disable | user |
mfa.enroll | user |
mfa.regenerate_backup_codes | user |
mfa.verify_failed | user |
oauth.app_revoked | oauth_client |
oauth.authorize_consent_shown | oauth_client |
oauth.authorize_denied | oauth_client |
oauth.authorize_granted | oauth_client |
oauth.refresh_reuse_detected | oauth_token |
oauth.token_failed | oauth_token |
oauth.token_issued | oauth_token |
oauth.token_refreshed | oauth_token |
oauth.token_revoked | oauth_token |
passkey.delete | passkey |
passkey.register | passkey |
passkey.rename | passkey |
point_rule.delete | point_rule |
point_rule.upsert | point_rule |
points.admin_award | user |
points.admin_reset | user |
publishing_channel.create | publishing_channel |
publishing_channel.delete | publishing_channel |
publishing_channel.resync | publishing_channel |
publishing_channel.update | publishing_channel |
publishing_token.create | publishing_token |
publishing_token.revoke | publishing_token |
publishing_token.rotate | publishing_token |
required_document.create | required_document |
required_document.delete | required_document |
scim.group.create | group |
scim.group.delete | group |
scim.group.update | group |
scim.token.create | scim_token |
scim.token.revoke | scim_token |
scim.user.deactivate | user |
scim.user.provision | user |
scim.user.reactivate | user |
scim.user.update | user |
settings.audit_export_test | system |
settings.backup.download | backup |
settings.backup.encryption_rotate | backup_encryption |
settings.backup.encryption_setup | backup_encryption |
settings.backup.offsite_clear | backup_offsite |
settings.backup.offsite_set | backup_offsite |
settings.backup.uploads_mode_set | backup |
storage.notice_reset | user |
storage.team_quota_update | team |
storage.user_soft_limit_update | user |
tag.permission.remove | tag |
tag.permission.set | tag |
team.mfa_enforcement_disabled | team |
team.mfa_enforcement_enabled | team |
team.update | team |
user.suspend | user |
user.unsuspend | user |
user.update_system_group | user |
webhook.create | webhook |
webhook.delete | webhook |
webhook.toggle | webhook |
webhook.update | webhook |
Actions are grouped by domain in the source registry; here they are sorted alphabetically for lookup. To add one, extend the registry (a compile error blocks any unregistered verb) and add the row above.