AuditLogRepository
Component Detail
Data Layer
medium complexity
backend
0
Dependencies
0
Dependents
0
Entities
0
Integrations
Description
Provides database-layer access to the append-only audit_log table, enforcing that no application role can issue UPDATE or DELETE statements against existing rows. Implements cursor-based pagination and indexed filtering by tenant, actor, action type, and timestamp range. Owned entirely by the backend service layer.
audit-log-repository
Sources & reasoning
Line 258 explicitly requires that every Global Admin support-access session is logged in the org's audit trail, making the Audit Log a mandatory capability rather than an optional hardening measure. Admin-security is always-on for the Admin Web Portal MVP, and the audit trail is prerequisite infrastructure for both the Security Dashboard and Session Management features.
-
docs/source/likeperson.md · line 258Every support-access session is logged in the org's audit trail.
Responsibilities
- Insert new audit log entries with no update or delete capability
- Execute filtered queries with compound indexes on tenant_id, actor_id, action_type, and created_at
- Implement cursor-based pagination to handle large log volumes efficiently
- Enforce row-level append-only constraint via database permissions and table configuration
- Return typed AuditLogEntry objects with all required provenance fields
Interfaces
insert(entry: NewAuditLogEntry): Promise<AuditLogEntry>
findByFilters(tenantId: string, filters: AuditLogFilters, cursor?: string, limit?: number): Promise<PagedResult<AuditLogEntry>>
countByFilters(tenantId: string, filters: AuditLogFilters): Promise<number>