Skip to content

Audit log & diffs

Every mutating admin action writes an AuditLog row. System → Audit log (/system/audit) is the searchable timeline.

FieldMeaning
idUUID
admin_idWho did it
admin_emailDenormalized for readable list
actionDotted action name (user.ban, refund.execute, series.create, approval.approve, role.update, …)
ref_typeTarget resource type (user, series, refund, admin_role, approval, …)
ref_idTarget ID
beforeJSON: full previous state (null on create)
afterJSON: full new state (null on delete)
ipRequestor IP
user_agentRequestor UA
created_atUTC timestamp
  • Admin: filter to a specific admin’s actions.
  • Action: glob like refund.* or user.*.
  • Ref type / ID: see everything that touched a specific resource.
  • Date range: UTC.

Click a row → detail page with a side-by-side JSON diff. Highlights added/removed keys, changed values.

Everything mutating on the admin surface. Examples:

  • user.create, user.update, user.ban, user.suspend, user.reactivate, user.anonymize, user.comp_subscription
  • wallet.adjust (with reason, amount, direction, event_id)
  • refund.request, refund.approve, refund.execute, refund.reject
  • series.create/update/delete/publish/unpublish/archive
  • episode.create/update/delete/schedule/publish/unpublish
  • media.upload/retry/delete
  • collection.create/update/delete, rail.create/update/delete/reorder
  • admin.create/update/delete/disable, role.create/update/delete
  • approval.approve/reject
  • promo.create/update/delete, pricing_override.create/update/delete
  • push.create/schedule/send/unschedule/delete
  • flag.set/delete
  • Read operations (list/get): too high volume.
  • Login events: separate table (planned).
  • Public API activity: not admin surface.
  • All audit rows kept forever in v2. If volume becomes an issue, we’ll archive older-than-1-year to cold storage.
  • “Who compped this user a subscription?”: filter ref_type=user, ref_id=<userId>, action=user.comp_subscription.
  • “Show me every refund action last week”: filter action=refund.*, date range = last week.
  • “What did admin X do yesterday?”: filter admin_id=X, date range.
ActionEndpoint
List audit logGET /v1/admin/audit-logs

Full details in API: System.