> ## Documentation Index
> Fetch the complete documentation index at: https://memberpulseptyltd.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Audit Log

> System audit trail entity

System audit trail entity

Records all significant actions for security and compliance.

## Fields

### Core Fields

| Field        | Type   | Required | Description                                |
| ------------ | ------ | -------- | ------------------------------------------ |
| id           | UUID   | Auto     | Primary key                                |
| action       | enum   | Yes      | create, update, delete, login, impersonate |
| resourceType | string | Yes      | Entity type affected                       |
| resourceId   | UUID   | No       | Entity ID affected                         |

### Actor Fields

| Field          | Type   | Required | Description               |
| -------------- | ------ | -------- | ------------------------- |
| actorId        | UUID   | Yes      | User who performed action |
| impersonatorId | UUID   | No       | Admin ID if impersonating |
| ipAddress      | string | No       | Client IP address         |
| userAgent      | string | No       | Browser/client info       |

### Change Tracking

| Field   | Type | Required | Description     |
| ------- | ---- | -------- | --------------- |
| changes | json | No       | Diff of changes |

Changes structure:

```json theme={null}
{
  "fieldName": {
    "oldValue": "previous",
    "newValue": "current"
  }
}
```

### System Fields

| Field     | Type     | Required | Description      |
| --------- | -------- | -------- | ---------------- |
| createdAt | datetime | Auto     | Action timestamp |

## Logged Actions

| Action           | When Logged                  |
| ---------------- | ---------------------------- |
| create           | New entity created           |
| update           | Entity modified              |
| delete           | Entity deleted               |
| login            | User login (success/failure) |
| impersonate      | Admin impersonating member   |
| export           | Data exported                |
| password\_change | Password updated             |
| mfa\_change      | MFA enabled/disabled         |

## Retention

* Logs retained for 2 years
* Immutable (cannot be modified or deleted)
* Used for compliance and security audits

## Features

### Audit Log

#### Acceptance Criteria

##### Frontend

* [ ] Admin/client UI can view and manage `Audit Log` records where applicable.

##### Backend / API

* [ ] CRUD operations exist for `Audit Log` (create, read, update, delete/archive).

##### Permissions

* [ ] Access is restricted to appropriate roles (tenant-scoped).

##### Business Rules

* [ ] Fields and relationships documented on this page are enforced for `Audit Log`.

##### Error Handling

* [ ] Invalid payloads return field-level validation errors.
