Use audit logs
Track workspace activity for compliance monitoring and security review.
Monitor what happens in your workspace with a detailed log of every significant action.
Overview
The Audit Logs page provides compliance monitoring and data export for your workspace. Every significant action is recorded — job creation, team changes, runner activity, and more. Each entry captures who performed the action, when it happened, and from which IP address.
This is useful for:
- Compliance monitoring. Demonstrate to auditors that you track who does what and when.
- Security review. Investigate unexpected activity, such as unfamiliar IP addresses or actions taken outside normal hours.
- Team visibility. Understand how your workspace is being used and by whom.
Viewing logs
- Open Audit Logs from the workspace sidebar, under Compliance & Audit. You should see a table of recent events sorted by time, with the most recent at the top.
- Click on any log entry to expand it and see additional detail about the event.
The log is paginated — use the Prev and Next buttons at the bottom of the table to navigate between pages.
Each entry shows four columns:
| Column | What it shows |
|---|---|
| Time | When the event occurred (e.g., "Mar 21, 07:57 PM"). |
| User | Who triggered the event — a person or an AI agent. |
| Event | The type of action, shown as a badge (e.g., "Job Created," "Invite Sent"). |
| IP | The IP address associated with the action. |
Filtering
Use the controls at the top of the page to narrow down the log.
- Date range. Click the date picker in the top-right corner to select a start and end date. Only events within that range are shown.
- Event type. Open the event type dropdown to filter by a specific kind of action (e.g., only "Job Created" events). The log updates immediately to show only matching events.
- User. Open the user dropdown to see events from a specific person or agent.
- Hide system events. Toggle this on to filter out automated or system-generated events and focus on actions taken by people.
Event types
Common event types include:
| Event | What it means |
|---|---|
| Workspace Created | A new workspace was created. |
| Invite Sent | An invitation was sent to a new member. |
| Invite Accepted | Someone accepted a workspace invitation. |
| Job Created | A new job was added to the workspace. |
| Job Updated | A job's details were modified. |
| Job Ready | A job was moved to the Ready stage. |
| Worker Claimed Job | A runner picked up an agentic job for execution. |
| Worker Completed Attempt | A runner finished an attempt on a job. |
| Worker Updated | A runner's configuration was changed. |
| Job Deleted | A job was permanently deleted from the workspace. |
| Job Canceled | A job was canceled before completion. |
| Job State Changed | A job transitioned between states (e.g., from Ready to In Progress). |
Note: The event names above (such as "Worker Claimed Job") are the labels shown in the Coord interface. In documentation, the term "runner" is used to describe the same concept.
This is not an exhaustive list — additional event types may appear as new features are added.
Exporting data
The Audit Logs page includes a Data Export panel below the log table. Use it to export workspace data for external reporting, compliance audits, or importing into other tools.
To export data:
- Select a date range using the date picker at the top of the page. The export covers the same date range as the audit log.
- In the Data Export panel, choose a Data Type — either Jobs or Attempts.
- Choose a Format — either CSV or JSON.
- Click Download to export the data. Each export includes up to 10,000 records.
Next steps
- Workspaces and teams — roles, permissions, and workspace settings
- Manage your team — inviting members and assigning roles