Last reviewed against v0.9.0
source:
app.go::audit, internal/connections/store.go::audit_events Audit log format
Every mutating action writes a row. Per-Space scoping. Actor, action, target, metadata, timestamp.
Every mutating action writes a row to the audit log:
| Field | Description |
|---|---|
actor | display name + Cognito sub |
action | connection.open, document.share.create, vault.read, etc. |
target_kind | what kind of resource was acted on |
target_id | the resource id |
target_name | a human-readable label |
metadata | JSON blob with action-specific detail |
created_at | ISO 8601 timestamp |
Scope
Personal-Space actions go to the user’s personal audit. Shared-Space actions go to the Space’s audit. Cross-Space queries require the explicit “include all Spaces” flag.