---
title: Activity Log
description: The workspace audit trail — who changed what, and when, including AI-agent actions.
---

The **Activity Log** is your workspace's audit trail: a chronological record of who changed what, and when. It captures changes made in the dashboard by your teammates, calls made through the [Data API](/data-integrations/data-api), and actions taken by AI agents through the [Churnkey MCP server](/data-integrations/mcp) — all in one place, newest first.

Use it to answer questions like *"who published this cancel flow last week?"*, *"when did our Stripe settings change?"*, or *"what has our AI agent done in the workspace?"*.

## Who can access it

The Activity Log is restricted to **Owners and Admins** (the `audit_logs:read` permission). Other roles do not see the page, and the same restriction is enforced on the API, so it cannot be reached by URL. See [Roles and Permissions](/account/roles-and-permissions).

## Finding it

Open it from the dashboard at [**Settings → Activity**](https://app.churnkey.co/settings/activity).

## Reading an entry

Each row has four columns:

- **When** <br/> The timestamp of the action.
- **Source** <br/> How the change was made — one of:
  - **Dashboard** — a teammate acting in the web app.
  - **Data API** — a server-to-server [Data API key](/data-integrations/data-api). Keys are not tied to a person, so these rows show *"API key (no user)"* in the User column.
  - **AI agent (MCP)** — an AI agent acting through the [MCP server](/data-integrations/mcp). These run under a real user via per-user OAuth, so they are attributed to that person and tagged with the agent's client name.
- **User** <br/> Who performed the action — name and email — for dashboard and AI-agent (MCP) actions. Keyless Data API actions show *"API key (no user)"*.
- **Activity** <br/> A human-readable summary, including before → after values where relevant (e.g. *"stripe settings update (stackCoupons: false → true)"*). For AI-agent actions, the OAuth scopes used are shown beneath the summary.

## Filtering and searching

A filter row above the table lets you narrow the trail:

- **Search** — free-text search across the action, the acting user (name or email), and the AI-agent actor. Type a teammate's email to see everything they changed, or a keyword like `stripe` or `recovery` to find specific actions.
- **Source** — show only Dashboard, Data API, or AI agent (MCP) entries.
- **Date range** — limit to a window of time.
- **Clear filters** — reset everything.

The count of matching entries is shown next to the filters, and **Load more** pages through older results.

## AI-agent attribution

When an AI agent acts through the [MCP server](/data-integrations/mcp), it authenticates as a specific Churnkey user via OAuth and inherits that user's role. Every action it takes is recorded here **under that user's name**, alongside the agent's client name and the OAuth scopes it used — so agent activity is just as accountable as a teammate's.

## Programmatic access

The same trail is available to AI agents and scripts through the MCP **`get_audit_log`** tool, gated by the `account.audit_log.read` scope (Owner/Admin only). It returns the same who/what/when data — including before → after summaries and source filtering — that the Activity page displays. See the [MCP server documentation](/data-integrations/mcp).

::callout
This is the **workspace audit trail** (Settings → Activity). It is different from the per-session **Activity Stream** on the [Cancel Flow analytics](/cancel-flows/analytics/session-outcomes) pages, which records what an individual customer did inside a cancel flow.
::

## Common questions

**Why do some rows say "API key (no user)"?** <br/>
Those actions were made with a Data API key, which authenticates an integration rather than a person, so there is no user to attribute. Dashboard and AI-agent (MCP) actions always show the acting user.

**Can other roles see the Activity Log?** <br/>
No. It is limited to Owners and Admins, both in the dashboard and on the API.

**Does searching a teammate's email find their changes?** <br/>
Yes. Search matches the acting user's name and email as well as the action text, so searching an email returns everything that person did.

**Do AI-agent actions really show who authorized them?** <br/>
Yes. MCP actions run under the authenticating user via OAuth and are logged under that user's name with the agent's client name and scopes — see [AI-agent attribution](#ai-agent-attribution).
