Audit & Monitoring

Every write operation in Temps creates a structured audit event. Track who changed what, detect suspicious activity, and maintain a complete history of authentication and configuration changes.


Security monitoring

Temps surfaces the following security signals in the dashboard and via the API:

SignalWhere to find it
Failed login attemptsAudit log, filtered by event type auth.login_failed
Unauthorized API accessAudit log (auth.unauthorized) + server logs
TLS certificate expiryDashboard notification + email alert (if email provider is configured)
WAL health warningsService detail page for managed PostgreSQL services
OOM-killed containersService runtime panel (oom_killed flag)

For application-level error tracking (crashes, exceptions, performance regressions), see Error Tracking and Monitoring.


Audit log

Every write operation in Temps emits a structured audit event. Events record:

  • Who — the user ID and email, or the API key identifier
  • What — the event type and the resource affected (project ID, deployment ID, etc.)
  • When — ISO 8601 timestamp in UTC
  • From where — the client IP address (XFF-aware, with spoofing protection — only trusted when the direct TCP peer is loopback)

Audit events are stored in the Temps database and accessible via the dashboard under Settings → Audit Log and via the API.

Retention

Audit events are retained indefinitely by default. If storage is a concern, configure a retention policy by deleting old rows on a schedule or configuring your database's partitioning or TTL features.


Audit events reference

Authentication events

EventTrigger
auth.login_successSuccessful login (any method)
auth.login_failedFailed login attempt
auth.logoutUser logged out
auth.mfa_enabledMFA enabled on an account
auth.mfa_disabledMFA disabled
auth.password_changedIn-app password change
auth.password_reset_requestedSelf-service reset link requested
auth.api_key_createdAPI key created
auth.api_key_revokedAPI key revoked

OIDC / SSO events

EventTrigger
oidc_provider.createdNew SSO provider configured
oidc_provider.updatedProvider settings changed (includes fields_changed list)
oidc_provider.deletedProvider removed
oidc_role_mapping.createdRole mapping added
oidc_role_mapping.deletedRole mapping removed

Project & deployment events

EventTrigger
project.createdNew project created
project.deletedProject deleted
deployment.triggeredDeployment started manually or via git push
deployment.cancelledDeployment cancelled
environment.createdNew environment created
environment.deletedEnvironment deleted

Settings & access events

EventTrigger
team.member_invitedTeam member invited
team.member_role_changedRole changed for a team member
team.member_removedTeam member removed
settings.updatedPlatform settings changed
email_provider.createdEmail provider added
email_provider.updatedEmail provider edited (logs field names changed, never values)
email_provider.deletedEmail provider removed
backup_schedule.createdBackup schedule created
backup_schedule.updatedBackup schedule modified
backup_schedule.deletedBackup schedule deleted

Querying the audit log

Dashboard

Navigate to Settings → Audit Log. Filter by event type, user, date range, or resource ID.

Query the audit log

  1. 1

    Go to **Settings → Audit Log**

  2. 2

    Use the **Event type** filter to select the event you want

  3. 3

    Optionally filter by user, date range, or resource ID

CLI

# List recent audit events (filter by operation type)
npx @temps-sdk/cli audit list --limit 50 --operation-type auth.login_failed

# Filter by user
npx @temps-sdk/cli audit list --user-id 42 --from 2026-01-01T00:00:00Z

# Filter by date range
npx @temps-sdk/cli audit list --from 2026-01-01T00:00:00Z --to 2026-01-31T23:59:59Z

# Show details for a specific event
npx @temps-sdk/cli audit show --id <event-id>

Events are returned in reverse chronological order (newest first) with standard pagination.

Was this page helpful?