Accounting Sync Log
Data Entity
Description
Immutable audit record of each synchronization attempt between Meander and an external accounting system (Xledger, Dynamics). Captures trigger source, payload scope, per-record success/failure counts, error detail, and the external reference ID returned by the accounting system. Used for operational monitoring, re-sync decisions, and compliance evidence.
Data Structure
| Name | Type | Description | Constraints |
|---|---|---|---|
id |
uuid |
Primary key — stable identifier for this sync attempt | PKrequiredunique |
organization_id |
uuid |
Organization whose accounting integration produced this sync event | required |
accounting_system |
enum |
Target accounting platform for this sync | required |
sync_type |
enum |
Whether the sync was a scheduled job, a manual admin export, or an API-triggered push | required |
status |
enum |
Lifecycle state of the sync attempt | required |
triggered_by |
uuid |
User ID of the admin who initiated a manual export; null for scheduled/automated syncs | - |
period_start |
datetime |
Start of the accounting period covered by this sync (inclusive) | required |
period_end |
datetime |
End of the accounting period covered by this sync (inclusive) | required |
records_total |
integer |
Total number of records (expense claims, reimbursements) selected for this sync | required |
records_synced |
integer |
Count of records successfully accepted by the accounting system | required |
records_failed |
integer |
Count of records rejected or errored during this sync | required |
payload_summary |
json |
Compact metadata about what was sent: record IDs, total amount, currency, export format version. Never contains PII. | - |
error_details |
json |
Structured error information from the accounting system or adapter when status is failed or partial. Includes error codes, per-record failure reasons, and stack context. | - |
external_reference_id |
string |
Transaction or batch ID returned by the accounting system on success. Used to correlate Meander records with the accounting system's own audit trail. | - |
started_at |
datetime |
Timestamp when the sync job began execution | required |
completed_at |
datetime |
Timestamp when the sync job reached a terminal state (success, partial, or failed); null while in_progress or pending | - |
created_at |
datetime |
Row insertion timestamp | required |
Database Indexes
idx_accounting_sync_logs_org_started
Columns: organization_id, started_at
idx_accounting_sync_logs_org_status
Columns: organization_id, status
idx_accounting_sync_logs_triggered_by
Columns: triggered_by
idx_accounting_sync_logs_period
Columns: organization_id, period_start, period_end
idx_accounting_sync_logs_status
Columns: status
Validation Rules
period_end_after_period_start
error
Validation failed
completed_at_after_started_at
error
Validation failed
records_counts_non_negative
error
Validation failed
valid_status_transition
error
Validation failed
organization_id_exists
error
Validation failed
external_reference_id_format
warning
Validation failed
Business Rules
immutable_on_terminal_status
Once a record reaches status 'success', 'partial', or 'failed' it becomes immutable. No field may be updated after a terminal state is set, preserving the audit chain.
one_active_sync_per_organization
An organization may not have more than one sync record in 'pending' or 'in_progress' status simultaneously. A new sync is blocked until the active one reaches a terminal state.
accounting_module_must_be_enabled
A sync record may only be created for an organization that has the 'admin-accounting' module enabled in its module_configurations. Syncs for disabled organizations are rejected.
records_count_consistency
On completion, records_synced + records_failed must equal records_total. A mismatch causes the status to be set to 'partial' rather than 'success', and a warning is appended to error_details.
org_admin_cannot_delete
Organization Admins may not delete sync log records. Deletion is restricted to Global Admins acting via the audit-log-service for compliance or data-subject-request purposes only.
failed_sync_retains_error_details
When status transitions to 'failed' or 'partial', error_details must be populated. A sync completion without error context is rejected to ensure debuggability.