Audit Log

What this surface does

The Audit Log is the immutable record of every privileged action (admin login, role change, deletion approval, agreement signature, refund issued, manual journal entry, etc.). Sourced from `audit_events` (migration 145). Append-only, no edit/delete.

When to use it

• Compliance audits — proving what happened and when.
• Investigating a customer complaint or internal incident.
• Quarterly review — patterns of privileged action by admin.

Key gotchas

• Entries are append-only by design. If you see a row that looks wrong, you cannot "fix" it — investigate why it was written and add a corrective event.
• Service-role events (background jobs) are logged with `actor = system`. Filter accordingly.
• Retention is indefinite. Do not assume old entries will fall off — they will not.

Related

• Activity Feed (real-time view of a subset).