Audit & Monitoring
Every write operation in Temps creates a structured audit event. Track who changed what, detect suspicious activity, and maintain a complete history of authentication and configuration changes.
Security monitoring
Temps surfaces the following security signals in the dashboard and via the API:
| Signal | Where to find it |
|---|---|
| Failed login attempts | Audit log, filtered by event type auth.login_failed |
| Unauthorized API access | Audit log (auth.unauthorized) + server logs |
| TLS certificate expiry | Dashboard notification + email alert (if email provider is configured) |
| WAL health warnings | Service detail page for managed PostgreSQL services |
| OOM-killed containers | Service runtime panel (oom_killed flag) |
For application-level error tracking (crashes, exceptions, performance regressions), see Error Tracking and Monitoring.
Audit log
Every write operation in Temps emits a structured audit event. Events record:
- Who — the user ID and email, or the API key identifier
- What — the event type and the resource affected (project ID, deployment ID, etc.)
- When — ISO 8601 timestamp in UTC
- From where — the client IP address (XFF-aware, with spoofing protection — only trusted when the direct TCP peer is loopback)
Audit events are stored in the Temps database and accessible via the dashboard under Settings → Audit Log and via the API.
Retention
Audit events are retained indefinitely by default. If storage is a concern, configure a retention policy by deleting old rows on a schedule or configuring your database's partitioning or TTL features.
Audit events reference
Authentication events
| Event | Trigger |
|---|---|
auth.login_success | Successful login (any method) |
auth.login_failed | Failed login attempt |
auth.logout | User logged out |
auth.mfa_enabled | MFA enabled on an account |
auth.mfa_disabled | MFA disabled |
auth.password_changed | In-app password change |
auth.password_reset_requested | Self-service reset link requested |
auth.api_key_created | API key created |
auth.api_key_revoked | API key revoked |
OIDC / SSO events
| Event | Trigger |
|---|---|
oidc_provider.created | New SSO provider configured |
oidc_provider.updated | Provider settings changed (includes fields_changed list) |
oidc_provider.deleted | Provider removed |
oidc_role_mapping.created | Role mapping added |
oidc_role_mapping.deleted | Role mapping removed |
Project & deployment events
| Event | Trigger |
|---|---|
project.created | New project created |
project.deleted | Project deleted |
deployment.triggered | Deployment started manually or via git push |
deployment.cancelled | Deployment cancelled |
environment.created | New environment created |
environment.deleted | Environment deleted |
Settings & access events
| Event | Trigger |
|---|---|
team.member_invited | Team member invited |
team.member_role_changed | Role changed for a team member |
team.member_removed | Team member removed |
settings.updated | Platform settings changed |
email_provider.created | Email provider added |
email_provider.updated | Email provider edited (logs field names changed, never values) |
email_provider.deleted | Email provider removed |
backup_schedule.created | Backup schedule created |
backup_schedule.updated | Backup schedule modified |
backup_schedule.deleted | Backup schedule deleted |
Querying the audit log
Dashboard
Navigate to Settings → Audit Log. Filter by event type, user, date range, or resource ID.
Query the audit log
- 1
Go to **Settings → Audit Log**
- 2
Use the **Event type** filter to select the event you want
- 3
Optionally filter by user, date range, or resource ID
CLI
# List recent audit events (filter by operation type) npx @temps-sdk/cli audit list --limit 50 --operation-type auth.login_failed # Filter by user npx @temps-sdk/cli audit list --user-id 42 --from 2026-01-01T00:00:00Z # Filter by date range npx @temps-sdk/cli audit list --from 2026-01-01T00:00:00Z --to 2026-01-31T23:59:59Z # Show details for a specific event npx @temps-sdk/cli audit show --id <event-id>
Events are returned in reverse chronological order (newest first) with standard pagination.