Audit Log Service - Meander Platform - Likepersonsapp

Description

Shared backend helper injected into sensitive domain services (user management, role assignment, organization settings) to emit append-only audit events. Enforces immutability - no UPDATE or DELETE path exists.

Feature: Audit Log

audit-log-service

Sources & reasoning

Core service implementing the append-only event emission pattern. Injected at the service layer of all sensitive domain operations. Also handles streaming CSV export to avoid memory limits on high-volume organizations.

No source references — this artifact was included based on reasoning alone (see above).

Responsibilities

Accept structured audit event payloads and persist to audit_logs table
Enforce append-only constraint - no update or delete operations
Scope all entries to the current organization tenant
Record actor_id, actor_role, action_type, target_entity, target_id, organization_id, and timestamp
Log Global Admin support-access sessions automatically

Interfaces

log(event: AuditEvent): Promise<void>

query(filters: AuditFilters, cursor?: string): Promise<AuditLogPage>

exportCsv(filters: AuditFilters): AsyncIterable<Buffer>

Relationships

Dependents (7)

Components that depend on this component

service Geographic Match Service service Duplicate Resolution Service service Export Download Service service Organization Settings Service service Support Access Grant Service service Member Association Service service Security Event Service

Related Data Entities (13)

Data entities managed by this component

Accounting Sync Log 17 fields audit Activity 31 fields core Activity Attachment 22 fields core Assignment Consent 16 fields core Audit Log 18 fields audit Bufdir Export 21 fields core Confidentiality Declaration 19 fields core Organization 21 fields core Organization Settings 26 fields configuration Session 21 fields core Terminology Override 11 fields configuration User 23 fields core User Organization Role 12 fields core