Smoo Audit Logs · Developer Service

Compliance-ready audit logging built into every action

Structured events. Tamper-evident hash chain. S3 storage with SQL queries. Auto-attached Smoo AI context — every event carries organization, user, agent, conversation, IP, and geo without manual instrumentation.

Three things general-purpose logs cannot do

DataDog and Better Stack are great products. They are not audit logs. Smoo Audit Logs is purpose-built.

Auto-context

Every Smoo AI-emitted event carries organizationId, userId, agentId, conversationId, sessionId, IP, user-agent, and geo — without manual instrumentation. Your own events inherit the same context via one middleware.

Tamper-evident

Per-org, per-day SHA-256 hash chain. Each event links to the previous. A daily verifier publishes a root hash to S3 Object Lock — even Smoo AI staff cannot rewrite history after the fact.

SQL-queryable

Events land in S3 as Parquet (Phase 1) / Apache Iceberg (Phase 2), queryable via Athena. Saved queries, scheduled exports, and a power-user SQL endpoint for compliance officers and incident responders.

One line to log an event

Server or browser. Same shape. Same context. No vendor SDK to learn.

import { createServerAuditClient } from '@smooai/audit-logs/server';
import { AUDIT_ACTIONS } from '@smooai/audit-logs/schema';

const audit = createServerAuditClient(
    {
        organizationId: org.id,
        actorType: 'user',
        actorId: user.id,
        actorEmail: user.email,
    },
    {
        endpoint: process.env.SMOOAI_AUDIT_INGEST_URL,
        accessToken: serviceToken,
    },
);

await audit.log({
    action: AUDIT_ACTIONS.CRM_CONTACT_MERGED,
    resource: { type: 'crm.contact', id: contact.id },
    outcome: 'success',
    diff: { before: { ...existing }, after: { ...merged } },
});

No SDK? It's just an HTTP POST

The same event over the raw REST API — in the language you already ship. Server-side, Smoo AI fills in actorId, ipAddress, geo, and the hash-chain link.

const event = {
    action: "agent.config_changed",
    resource: { type: "agent", id: "agent_abc" },
    outcome: "success",
    diff: { before: { temperature: 0.7 }, after: { temperature: 0.3 } },
};

const res = await fetch("https://api.smoo.ai/audit/events", {
    method: "POST",
    headers: {
        Authorization: `Bearer ${process.env.SMOO_ACCESS_TOKEN}`,
        "Content-Type": "application/json",
    },
    body: JSON.stringify(event),
});
console.log(await res.json()); // { id, hashCurrent }

Standard event catalog

Out-of-the-box dashboards and compliance reports pivot off these stable action names. Emit your own events alongside — everything in the catalog is auto-emitted by Smoo AI services.

CategoryActionNotes
Identityuser.signinIncludes failed signins
Identityuser.signout
Identityuser.password_changed
Identityuser.invited
Orgorg.created
Orgorg.member_added
Orgorg.member_removed
Orgorg.role_changedIncludes before/after roles
Orgorg.subscription_changedStripe-driven
Orgorg.product_purchasedStripe-driven
Agentagent.config_changed
Agentagent.knowledge_doc_added
Agentagent.knowledge_doc_removed
Agentagent.escalation_created
Agentagent.tool_failedoutcome=failure
CRMcrm.contact_created
CRMcrm.contact_merged
CRMcrm.contact_deleted
APIapi.key_mintedPhase 1 shipped
APIapi.key_rotatedPhase 1 shipped
APIapi.key_revokedPhase 1 shipped
Integrationsintegration.connected
Integrationsintegration.disconnected

Built for compliance, security, and accountability

SOC 2 evidence

Every privilege change, every member add/remove, every API key event — captured with timestamp, actor, IP, and a tamper-evident hash. Auditor-ready exports in one click.

GDPR DSARs

Pull every action taken on a data subject in seconds. The schema is structured, not free-text, so subject-rights workflows are queries, not log greps.

Internal accountability

See which agent or which staff member touched a CRM contact, an agent config, or a billing subscription — with diff context for every change.

Security forensics

Replay a chain from an incident window. Hash mismatches surface tampering. Saved queries (Pro) alert on failed-signin bursts and impossible-travel patterns.

Customer disputes

When a customer says "I never deleted that" — pull the audit event with IP, user-agent, geo, and the cryptographic proof that the chain is intact.

BYOB Enterprise

Events written to your own S3 bucket. You own the data, the retention policy, and the cross-account IAM. Smoo AI runs the ingest; your account stores the truth.

Simple pricing

Pay for events, not seats. Long-term retention costs cents per GB, not dollars.

Starter

$79/mo
  • 1M events / mo
  • 90 days hot (queryable)
  • 365 days cold (Glacier)
  • Basic dashboard
  • Standard event catalog
Get Started
Recommended

Pro

$199/mo
  • 10M events / mo
  • 1 year hot retention
  • 7 years cold (compliance)
  • Athena SQL query API
  • Saved queries + alerts
  • CSV / JSON exports
Start Free Trial

Enterprise

Custom
  • Unlimited events
  • Custom retention
  • BYOB — your own S3 bucket
  • SOC 2 attestation cooperation
  • Signed compliance reports
  • Dedicated support
Talk to Sales

Start auditing in minutes

Drop the emitter into your app. Smoo AI services emit the standard catalog automatically. Query it with SQL or browse the dashboard.