Audit logs
Every mutation through REST or MCP creates an audit event. Auditability is a core product surface, not an implementation detail.
Mutation contract
Audit events include tenant, actor, source, tool or route, resource, action, input hash, before/after snapshots, status, error message, and timestamp.
Credential events
The Slab5 console records audit events when workspace credentials are created or revoked:
api_key.createdapi_key.revokedmcp_client.createdmcp_client.revoked
Credential audit rows include tenant, workspace, actor user, target type, target ID, action, and timestamp. Secret values are never stored in audit metadata.
Deletion events
Destructive control-plane actions write audit events before or during archival where possible. Account deletion, owned Team deletion, member-only Team leave, workspace deletion, and credential revocation should leave enough audit context to understand who initiated the action and which local Slab5 records lost active access.
Audit rows remain metadata-only. They should not contain raw API keys, MCP tokens, payment-provider secrets, webhook signing secrets, or deleted record payloads that would reintroduce access after revocation.