Audit Logging
Immutable tracking of user actions and system events for compliance and security, with automatic Prisma middleware and API route auditing.
What's Included#
- Audit log database schema with user, action, entity, old/new values, and metadata
- AuditLogger service with request context (IP, user agent) extraction
- Audit wrapper function for decorating any async operation
- Prisma middleware for automatic logging of create, update, and delete operations
- API route auditing wrapper with timing and status tracking
- Admin audit log viewer with filtering and pagination
Usage#
Via CLI#
Loading code block...
Via AI Assistant#
Ask your AI assistant:
- "Use the audit logging pattern from Bootspring"
- "Apply the Bootspring audit logging pattern to my project"
Key Considerations#
- Never modify or delete audit log entries; they must be immutable for compliance
- Include full context (IP address, user agent, timestamps) in every log entry
- Capture old values before changes so diffs can be reconstructed
- Use a consistent action naming convention like entity.action (e.g., user.create, post.delete)
- Add database indexes on userId, entityType, action, and timestamp for common query patterns
- Implement retention policies to archive old logs and manage storage costs
Related Patterns#
- Secrets Management - Track secret access
- Soft Delete - Keep deleted data for audit trails
- RBAC - Control who can view audit logs