> ## Documentation Index
> Fetch the complete documentation index at: https://docs.userepo.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Audit events

> Pull the audit trail for compliance review.

Every meaningful action in Repo records an audit event with metadata-only fields (never raw content). Use this endpoint to export the trail for SOC 2, GDPR, or internal review.

## Required action

`admin`

## Query parameters

<ParamField query="limit" type="integer" default="100">
  Max number of events to return. Min 1, max 500.
</ParamField>

## Response

```json theme={null}
{
  "auditEvents": [
    {
      "id": "uuid",
      "organizationId": "uuid",
      "actorUserId": null,
      "actorApiKeyId": "uuid",
      "action": "context.retrieve",
      "targetType": "context_contract",
      "targetId": "request-uuid",
      "metadata": {
        "query": "What did we decide about the brand color?",
        "hitCount": 5,
        "citationCount": 5,
        "exclusionCount": 1,
        "providers": ["notion", "slack"]
      },
      "createdAt": "2026-05-30T20:14:00.123Z"
    },
    {
      "id": "uuid",
      "actorUserId": "uuid",
      "actorApiKeyId": null,
      "action": "api_key.create",
      "targetType": "api_key",
      "targetId": "uuid",
      "metadata": {
        "name": "support-agent-prod",
        "prefix": "repo_a1b2",
        "actorType": "agent",
        "allowedActions": ["search", "context", "ask"],
        "allowedProviders": ["slack", "notion"]
      },
      "createdAt": "2026-05-30T19:45:00.000Z"
    }
  ]
}
```

## Action catalog

| Action                                    | When emitted                                             |
| ----------------------------------------- | -------------------------------------------------------- |
| `context.retrieve`                        | Every `/v1/context` call                                 |
| `api_key.create`                          | New API key minted                                       |
| `api_key.revoke`                          | API key revoked                                          |
| `connector.allowlist.update`              | Slack channel allowlist changed                          |
| `connector_access.request`                | User requested access to a gated connector (Drive/Gmail) |
| `maintenance.slack.cleanup_system_events` | Admin ran Slack noise cleanup                            |
| `organization.create`                     | New workspace created                                    |
| `sync_run.create`                         | Sync run queued from the console                         |
| `billing.checkout.create`                 | Stripe Checkout session started                          |
| `billing.portal.create`                   | Stripe Billing Portal session opened                     |

## Actor identification

Each event has either `actorUserId` (a Supabase human) or `actorApiKeyId` (an API key) — never both. Look at which one is non-null to attribute the action.

## What's NOT logged

By design, Repo does NOT log:

* Full hit content from retrieval (only counts + provider list)
* API key secrets (only the public `prefix`)
* OAuth tokens (encrypted, never appear in logs)
* Source-item content during ingest
* LLM completions from `/v1/ask`

This keeps the audit log small and reduces blast radius if the log is ever exposed.
