Audit Log Viewer
The Audit Log Viewer gives tenant admins a read-only window into every significant action taken within their tenant — who did what, to which record, and when.
Accessing the Viewer
Navigate to Admin → Monitoring → AuditLog in the sidebar. You must be logged in as a user with admin.access permission.
What the Audit Log Records
Each entry captures:
| Field | Description |
|---|---|
createdAt | Timestamp when the action occurred (UTC) |
tenantId | The tenant the action belongs to |
actorId | Discord/internal user ID of the operator or system that performed the action |
action | Machine-readable action name (e.g. order.approved, payment.confirmed) |
entityType | Domain object that was affected (e.g. order, payment, product) |
entityId | Identifier of the affected record |
meta | Structured JSON payload with action-specific context (amounts, status transitions, notes) |
Navigating the List
The list defaults to newest entries first. Use the column headers to re-sort.
Filters
| Filter | Usage |
|---|---|
| Actor ID | Filter by a specific operator or system actor |
| Action | Filter by action name (exact match) |
| Entity type | Filter to all actions against one domain object type |
| Created at | Date/time range filter |
Jumping to Related Records
The actorId column renders as a link to the User record for that actor. Click it to inspect the user's profile.
Reading the meta Field
The meta field is shown on the detail (show) page as a structured JSON tree. Common sub-fields depend on the action:
- order.approved:
{ approvedBy, notes } - payment.confirmed:
{ amountCents, currency, referenceNote } - inventory.decremented:
{ productId, qty, orderId }
The contents vary by action; consult the domain service documentation for the full payload shape of any given action.
Read-Only
The Audit Log is intentionally read-only. Operators cannot create, edit, or delete entries through the admin panel. This is by design to preserve the integrity of the audit trail.
Tenant Isolation
You can only see audit log entries belonging to your own tenant. Cross-tenant data is inaccessible regardless of your permission level.
Data Retention
Audit log entries are automatically deleted after the configured retention window (default: 365 days). This is enforced by a MongoDB TTL index on the createdAt field. The retention window is controlled by the AUDIT_LOG_RETENTION_DAYS environment variable; see docs/runbooks/retention.md for the change procedure and operator notes.