Audit log

Who did
what.
And when.

Every mutation in the workspace is written. Twenty-two action types, indexed and filterable. The compliance review your team has been dreading just got boring.

Try Rook GTM
app.rookhq.com/w/acme/audit
ActionAll12,418 entries
WhenActionTargetActor
14:02:11integration_connectedWATI · Hloframeava@acme.com
14:01:03lead_bulk_created412 leads · Hloframe · csvmia@acme.com
13:48:22campaign_pausedSpring outreachava@acme.com
13:21:09lead_erasedlead_8a7f4a (GDPR Article 17)ava@acme.com
11:14:55workspace_settings_updatedsending-policyava@acme.com
11:09:30gdpr_export_requestedlead_b1c3e2bo@acme.com
10:42:14campaign_createdRe-engagement Q2mia@acme.com
10:21:08product_deletedOld micrositeava@acme.com
10:18:42lead_unsubscribedlead_98a4 · WhatsApp keywordsystem
10:09:11integration_verifiedGmail · okbo@acme.com

Audit logs that nobody can read are not audit logs. They are spreadsheets that lost their meaning.

Twenty-two action types

Mapped to the things that actually happen.

Products

  • PRODUCT_CREATED
  • PRODUCT_UPDATED
  • PRODUCT_DELETED

Leads

  • LEAD_CREATED
  • LEAD_UPDATED
  • LEAD_DELETED
  • LEAD_BULK_CREATED
  • LEAD_EXPORTED
  • LEAD_UNSUBSCRIBED
  • LEAD_ERASED

Campaigns

  • CAMPAIGN_CREATED
  • CAMPAIGN_UPDATED
  • CAMPAIGN_DELETED
  • CAMPAIGN_PAUSED
  • CAMPAIGN_RESUMED
  • CAMPAIGN_ENROLLED

Integrations

  • INTEGRATION_CONNECTED
  • INTEGRATION_UPDATED
  • INTEGRATION_REMOVED
  • INTEGRATION_VERIFIED

Compliance

  • GDPR_EXPORT_REQUESTED

Workspace

  • WORKSPACE_SETTINGS_UPDATED

What gets recorded

Every row carries enough to reconstruct the moment.

Per-row fields

Actor, target, metadata, IP, user agent.

The actor is the Rook ID who triggered the action, plus the email at time of action so future renames do not lose the trail. The target is typed (lead, product, campaign) plus the row id.

Metadata captures the diff: which fields changed, how many leads were imported, the source of the change. IP and user-agent come from the request headers.

AuditLog {
  id          uuid
  workspaceId uuid
  actorId     uuid?     // null for system / webhook
  actorEmail  string?   // captured at time of action
  action      AuditAction
  targetType  string?   // 'lead' | 'campaign' | …
  targetId    string?
  metadata    json      // diff, counts, source
  ip          string?
  userAgent   string?
  createdAt   timestamp
}

What auditors love

Designed for the SOC 2 / ISO review.

Filter by action

Twenty-two action types, queryable.

Append-only

No update or delete API. The log is the truth.

Indexed for time + target

Per-target queries (all events for lead X) are O(log n).

Tech specs

Storage
Postgres table, indexed on (workspaceId, createdAt desc), (workspaceId, action), (workspaceId, targetType, targetId)
Retention
Indefinite. Cascade-deleted only when the workspace is deleted.
Mutability
Append-only. No update or delete endpoints.
Failure mode
Audit writes never throw upstream. Failures logged, request continues.
Action types
22 enums (see above)
Filters
By action type. Pagination 1..200 per page.

Make your next compliance review boring.

Try Rook GTM

Continue exploring

Feature

Sending policy

For

For agencies

Feature

Campaign builder