Leave Localhost logoLeave LocalhostDocs
Reference

Audit Event Catalog

The closed set of audit actions shipped by the starter. The source of truth is convex/audit/validators.ts (auditActionValidator and AUDIT_ACTION_CATEGORY). This is a minimal starter audit, not a compliance guarantee.

The closed set of audit actions shipped by the starter. The source of truth is convex/audit/validators.ts (auditActionValidator and AUDIT_ACTION_CATEGORY). This is a minimal starter audit, not a compliance guarantee.

Each event carries: action, derived category, result (success | failure | denied), an actor snapshot, an optional organizationId, an optional target, a summary, optional metadata, and createdAt.

Events

ActionCategoryEmitted fromNotes
auth.user.createdauthBetter Auth user.onCreate triggerOne event per new account.
auth.user.deletedauthBetter Auth user.onDelete triggerCovers account deletion too — Better Auth deleteUser runs the same trigger, so there is no separate event.
organization.createdorganizationorganizations.createWorkspaceTeam-mode workspace creation.
organization.updatedorganizationorganizations.updateOrganizationRename.
organization.deletedorganizationorganizations.deleteOrganizationProfile status → deleted; includes revoked grant count.
organization.suspendedorganizationadmin.organizations.suspendSuper-admin write; result reflects success/failure.
organization.reactivatedorganizationadmin.organizations.reactivateSuper-admin write.
member.invitedmembermembers.inviteMemberMetadata: invitee email, role.
member.role_changedmembermembers.updateMemberRoleMetadata: member id, new role.
member.removedmembermembers.removeMemberMetadata: member id, role if known.
billing.grant_createdbillingbilling.grants syncSystem actor (webhook/manual). Metadata: provider, plan key, count.
billing.grant_revokedbillingbilling.grants syncSystem actor. Metadata: provider, plan key, count.
billing.subscription_updatedbillingprovider upsert*SubscriptionFires on status change/creation. Metadata: provider, plan key, status, previous status.
security.stepup_challenge_createdsecuritysecurity.createSensitiveVerificationChallengeA verification code was requested. Never the code.
security.stepup_challenge_consumedsecuritysecurity.consumeSensitiveVerificationChallengeStep-up succeeded.
security.stepup_challenge_failedsecuritysecurity.consumeSensitiveVerificationChallengeMetadata: reason (invalid/expired/too_many_attempts/consumed).
admin.access_deniedadminadmin write mutations (resolveSuperAdminAccess)An authenticated non-admin attempted an admin write. Committed via a structured-result return (not a throw). Anonymous callers are not recorded.

Result semantics

  • success — the action completed.
  • failure — the action was attempted but failed after authorization (e.g. suspending an already-suspended workspace).
  • denied — an authorization check rejected the caller (admin.access_denied).

Adding a new event

Add a literal to auditActionValidator, the AuditAction union, and AUDIT_ACTION_CATEGORY, then call writeAuditEvent. See Recipe: Write an Audit Event.

On this page