AuditLogService
Component Detail
Description
Orchestrates audit log write and query operations, enforcing the append-only constraint at the application layer and delegating persistence to AuditLogRepository. Captures actor identity, action type, affected resource, IP address, and UTC timestamp for every qualifying event. Exposes a query API supporting date range, actor, and action type filters with cursor-based pagination.
audit-log-service
Sources & reasoning
Line 258 explicitly requires that every Global Admin support-access session is logged in the org's audit trail, making the Audit Log a mandatory capability rather than an optional hardening measure. Admin-security is always-on for the Admin Web Portal MVP, and the audit trail is prerequisite infrastructure for both the Security Dashboard and Session Management features.
-
docs/source/likeperson.md · line 258Every support-access session is logged in the org's audit trail.
Responsibilities
- Accept and validate inbound audit event payloads from write operations and config changes
- Enrich events with server-side timestamp and verified actor identity before persistence
- Enforce append-only semantics - no update or delete methods exposed
- Execute filtered, paginated queries against the audit log
- Emit structured log records for support access events and tenant configuration changes
Interfaces
record(event: AuditEventInput): Promise<void>
query(filters: AuditLogFilters, cursor?: string): Promise<PagedResult<AuditLogEntry>>
recordSupportAccess(actorId: string, tenantId: string, reason: string, ip: string): Promise<void>
Related Data Entities (5)
Data entities managed by this component