Skip to content

docs: add audit logging documentation #148

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
pat-s wants to merge 4 commits into
base: main
Choose a base branch
from
Open

docs: add audit logging documentation #148

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ba6eb2a
docs: add audit logging documentation
pat-s Feb 23, 2026
1c5228c
docs: move audit logging page to dev section only
pat-s Feb 23, 2026
009d483
Merge branch 'main' into docs/audit-logging
pat-s Feb 23, 2026
b3a2289
format
pat-s Feb 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
60 changes: 60 additions & 0 deletions src/content/docs/dev/admin/technical/audit-logging.mdx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
---
title: "Audit Logging"
---

Ricochet writes an audit log for security-related and administrative operations.
Each entry is appended as a single JSON line to `RICOCHET_HOME/logs/audit/audit.log`.

## Audited operations

| Action | Event | Details |
| ----------------------------- | ------------------ | ----------------------------------------------- |
| User role change | `user.role_change` | Old role, new role, actor, target user |
| First admin bootstrap | `user.first_admin` | User promoted to admin as first registered user |
| Execution environment created | `exec_env.create` | Environment name, actor |
| Execution environment updated | `exec_env.update` | Environment name, changes, actor |
| Execution environment deleted | `exec_env.delete` | Environment name, actor |
| Content access granted | `access.grant` | Content ID, target user, role |
| Content access revoked | `access.revoke` | Content ID, target user, role |

## Log format

Each line is a JSON object with the following fields:

```json
{
"timestamp": "2026-02-23T14:30:00+01:00",
"action": "user.role_change",
"actor": "<user_id>",
"target": "<target_user_id>",
"details": { "old_role": "consumer", "new_role": "developer" },
"success": true
}
```

| Field | Description |
| ----------- | ----------------------------------------------------------- |
| `timestamp` | ISO 8601 timestamp with timezone |
| `action` | The operation that was performed |
| `actor` | The user or system component that initiated the action |
| `target` | The resource or user the action was performed on (optional) |
| `details` | Additional context as a JSON object (optional) |
| `success` | Whether the operation succeeded |
| `error` | Error message when `success` is `false` (optional) |

## Log rotation

Audit logs are rotated daily.
When rotation occurs, the previous day's log is compressed with gzip and renamed to `audit-YYYY-MM-DD.log.gz`.
Archived logs are never automatically deleted.

## File location

```
RICOCHET_HOME/
└── logs/
└── audit/
├── audit.log # current day
├── audit-2026-02-22.log.gz
└── audit-2026-02-21.log.gz
```