Audit Log
Immutable audit trail captured at the PostgreSQL level. Every INSERT, UPDATE, and DELETE on every entity table is recorded automatically. No code required, no way to bypass.
How It Works
The Core installs an AFTER INSERT OR UPDATE OR DELETE trigger on every entity table. The trigger calls rootcx_system.audit_trigger_fn(), which writes a structured entry to rootcx_system.audit_log within the same transaction.
If the data changes, the audit entry is written. If the transaction rolls back, the audit entry rolls back with it. No phantom records.
Log Schema
Each entry captures a full before/after snapshot:
{
"id": 1001,
"table_schema": "crm",
"table_name": "contacts",
"record_id": "a1b2c3d4-...",
"operation": "UPDATE",
"old_record": { "id": "a1b2c3d4-...", "status": "lead" },
"new_record": { "id": "a1b2c3d4-...", "status": "customer" },
"changed_at": "2024-12-01T10:30:00Z"
}| Field | Type | Description |
|---|---|---|
id |
BIGINT | Auto-incrementing primary key. |
table_schema |
TEXT | PostgreSQL schema (matches the app ID). |
table_name |
TEXT | Entity name that was mutated. |
record_id |
TEXT | ID of the affected row. |
operation |
TEXT | INSERT, UPDATE, or DELETE. |
old_record |
JSONB | Full row before the mutation. NULL on INSERT. |
new_record |
JSONB | Full row after the mutation. NULL on DELETE. |
changed_at |
TIMESTAMPTZ | Timestamp of the mutation. |
Browsing the Audit Log
Filter by entity and operation type to narrow results. The Audit panel displays a chronological feed of all mutations with before/after diffs. Expand any entry to see the full JSON snapshot.
Using Code
Query Endpoint
GET /api/v1/audit?entity=contacts&limit=50Requires authentication. Supports filtering by app_id (matches table_schema) and entity (matches table_name). Use limit to control the number of results (default 100, max 1000).
Retention
Audit logs are not automatically purged. For high-volume production, partition rootcx_system.audit_log by month.