Audit log & diffs
Every mutating admin action writes an AuditLog row. System → Audit log (/system/audit) is the searchable timeline.
Fields on each row
Section titled “Fields on each row”| Field | Meaning |
|---|---|
id | UUID |
admin_id | Who did it |
admin_email | Denormalized for readable list |
action | Dotted action name (user.ban, refund.execute, series.create, approval.approve, role.update, …) |
ref_type | Target resource type (user, series, refund, admin_role, approval, …) |
ref_id | Target ID |
before | JSON: full previous state (null on create) |
after | JSON: full new state (null on delete) |
ip | Requestor IP |
user_agent | Requestor UA |
created_at | UTC timestamp |
Filters
Section titled “Filters”- Admin: filter to a specific admin’s actions.
- Action: glob like
refund.*oruser.*. - Ref type / ID: see everything that touched a specific resource.
- Date range: UTC.
The diff viewer
Section titled “The diff viewer”Click a row → detail page with a side-by-side JSON diff. Highlights added/removed keys, changed values.
What’s audited
Section titled “What’s audited”Everything mutating on the admin surface. Examples:
user.create,user.update,user.ban,user.suspend,user.reactivate,user.anonymize,user.comp_subscriptionwallet.adjust(with reason, amount, direction, event_id)refund.request,refund.approve,refund.execute,refund.rejectseries.create/update/delete/publish/unpublish/archiveepisode.create/update/delete/schedule/publish/unpublishmedia.upload/retry/deletecollection.create/update/delete,rail.create/update/delete/reorderadmin.create/update/delete/disable,role.create/update/deleteapproval.approve/rejectpromo.create/update/delete,pricing_override.create/update/deletepush.create/schedule/send/unschedule/deleteflag.set/delete
What’s NOT audited
Section titled “What’s NOT audited”- Read operations (list/get): too high volume.
- Login events: separate table (planned).
- Public API activity: not admin surface.
Retention
Section titled “Retention”- All audit rows kept forever in v2. If volume becomes an issue, we’ll archive older-than-1-year to cold storage.
Common flows
Section titled “Common flows”- “Who compped this user a subscription?”: filter
ref_type=user,ref_id=<userId>,action=user.comp_subscription. - “Show me every refund action last week”: filter
action=refund.*, date range = last week. - “What did admin X do yesterday?”: filter
admin_id=X, date range.
API call
Section titled “API call”| Action | Endpoint |
|---|---|
| List audit log | GET /v1/admin/audit-logs |
Full details in API: System.