Audit Log Events
The full reference of audit log event types, the structure of each log entry, and the entities they apply to.
This page is the reference for every audit log event MainBranch records. For the live, in-app view, see Audit Logs.
Audit logs are available to workspace owners and admins. They capture notable actions across the product so you can review who did what, when, and from where.
Log structure
Every audit log entry has the same shape. Each row in the audit log corresponds to one event.
| Field | Type | Description |
|---|---|---|
createdAt | datetime | When the event happened, in UTC. |
action | AuditAction | The event name (see Recorded events). |
actor | object | Who performed the action — { id, type } where type is user, api_key, or system. |
entity | object | What the action was performed on — { id, type, name?, parent_id? }. See Entities. |
org_id | string | The workspace the event belongs to. |
details.before | object | (Optional) Snapshot of the entity before the change. |
details.after | object | (Optional) Snapshot of the entity after the change. |
details.info | object | (Optional) Additional context specific to the action (e.g. share recipients, export format, integration provider). |
context.request_id | string | The request that triggered the event. Used for tracing. |
context.ip_address | string | (Optional) IP address of the actor at the time of the event. |
context.user_agent | string | (Optional) Browser or client identifier of the actor. |
context.session_id | string | (Optional) The actor's session, if applicable. |
Click any row in the in-app audit log to expand it and see details and context as readable JSON.
Entities
Every event is attached to an entity. The entity.type field tells you what kind of object the event applies to.
| Entity | What it represents |
|---|---|
chat | A chat conversation. |
file | A Vault file. |
folder | A Vault folder. |
meeting | A meeting (live-recorded or uploaded). |
org | The workspace itself. Used for workspace-wide changes. |
presentation | A presentation deck. |
smart_form | A smart form (PDF form fill). |
user | A user — either the actor themselves or a user being acted upon (e.g. an invited member). |
entity.name is the human-readable label when available (file name, meeting title, etc.). entity.parent_id is set when the entity sits inside another (e.g. a file inside a folder).
Recorded events
The table below lists every audit action MainBranch records, the entity it applies to, and the date the event first started being recorded.
Chat
| Event | Entity | Available from |
|---|---|---|
chat.created | chat | 2026-04-21 |
chat.named | chat | 2026-04-21 |
chat.renamed | chat | 2026-04-21 |
chat.deleted | chat | 2026-04-21 |
chat.branched | chat | 2026-04-21 |
chat.exported | chat | 2026-04-21 |
chat.message.sent | chat | 2026-04-21 |
chat.message.response | chat | 2026-04-21 |
chat.message.regenerated | chat | 2026-04-21 |
chat.archived | chat | 2026-04-26 |
chat.archived_all | user | 2026-04-26 |
chat.unarchived | chat | 2026-04-26 |
chat.pinned | chat | 2026-04-26 |
chat.unpinned | chat | 2026-04-26 |
Meetings
| Event | Entity | Available from |
|---|---|---|
meeting.created | meeting | 2026-04-21 |
meeting.renamed | meeting | 2026-04-21 |
meeting.deleted | meeting | 2026-04-21 |
meeting.bot_scheduled | meeting | 2026-04-21 |
meeting.shared | meeting | 2026-04-21 |
meeting.share_revoked | meeting | 2026-04-21 |
meeting.unshared | meeting | 2026-04-21 |
Presentations
| Event | Entity | Available from |
|---|---|---|
presentation.generated | presentation | 2026-04-21 |
presentation.slides_updated | presentation | 2026-04-21 |
presentation.regenerated | presentation | 2026-05-05 |
presentation.image_generated | presentation | 2026-05-05 |
presentation.message.sent | presentation | 2026-05-05 |
presentation.exported | presentation | 2026-05-05 |
presentation.deleted | presentation | 2026-05-05 |
presentation.shared | presentation | 2026-05-12 |
presentation.share_revoked | presentation | 2026-05-12 |
presentation.unshared | presentation | 2026-05-12 |
Smart forms
| Event | Entity | Available from |
|---|---|---|
smart_form.created | smart_form | 2026-04-21 |
smart_form.filled | smart_form | 2026-04-21 |
smart_form.submitted | smart_form | 2026-04-21 |
smart_form.deleted | smart_form | 2026-04-21 |
Vault — files
| Event | Entity | Available from |
|---|---|---|
vault.file.uploaded | file | 2026-04-21 |
vault.file.moved | file | 2026-04-21 |
vault.file.shared | file | 2026-04-21 |
vault.file.share_revoked | file | 2026-04-21 |
vault.file.trashed | file | 2026-04-21 |
vault.file.restored | file | 2026-04-21 |
vault.file.deleted | file | 2026-04-21 |
vault.file.updated | file | 2026-05-12 |
Vault — folders
| Event | Entity | Available from |
|---|---|---|
vault.folder.created | folder | 2026-04-21 |
vault.folder.renamed | folder | 2026-04-21 |
vault.folder.moved | folder | 2026-04-21 |
vault.folder.deleted | folder | 2026-04-21 |
Users
| Event | Entity | Available from |
|---|---|---|
user.login | user | 2026-04-21 |
user.logout | user | 2026-04-21 |
user.updated | user | 2026-04-21 |
user.password_changed | user | 2026-04-21 |
user.password_reset_requested | user | 2026-04-21 |
user.2fa_enabled | user | 2026-04-21 |
user.2fa_disabled | user | 2026-04-21 |
user.integration_connected | user | 2026-04-21 |
user.integration_disconnected | user | 2026-04-21 |
user.invite_accepted | user | 2026-04-21 |
user.account_deletion_scheduled | user | 2026-04-21 |
user.account_deletion_cancelled | user | 2026-04-21 |
Workspace
| Event | Entity | Available from |
|---|---|---|
org.settings_updated | org | 2026-04-21 |
org.security_settings_updated | org | 2026-04-21 |
org.member.invited | user | 2026-04-21 |
org.member.role_changed | user | 2026-04-21 |
org.data_export.requested | org | 2026-04-21 |
org.data_export.downloaded | org | 2026-04-21 |
org.audit_log_export.requested | org | 2026-05-05 |
Filtering and searching
In the in-app Audit Logs view you can:
- Filter by date range — Pick a start and end date.
- Search — Full-text over action labels and entity names.
- Sort — Click the Time column header to toggle ascending or descending.
- Paginate — Older entries load automatically as you scroll.
Exporting
Click Export in the Audit Logs page to download a CSV of the currently filtered results. The export runs in the background; you'll receive an email with a download link when it's ready. Download links expire after a set period — usually 7 days.
The export itself is captured as an org.audit_log_export.requested event in the log.
Retention
Audit log entries are retained for the lifetime of the workspace. Contact support if you need a copy after a workspace is closed.
See also
- Audit Logs — the in-app view.
- Data Export — broader downloadable archives of activity.
- Permissions — who can see and do what.