Audit Log
Immutable log of admin actions — who did what and when.
What gets logged
- Order status changes (who marked it shipped, refunded, etc.)
- User permission changes (before/after values)
- Client TIN edits (triggers SMS alert)
- Admin impersonation sessions
- Configuration changes (tenant config, pricing rules)
- API key creation, revocation
- Bulk operations (mass updates, imports)
- Webhook registrations + deletions
- Return status transitions
Log format
Stored in commerce__audit_log and vendoruser_permission_log:
| Field | Purpose |
|---|---|
userId | Who made the change |
action | What they did (string code) |
entity_type | What was changed (order, user, client, etc.) |
entity_id | Which specific record |
old_value / new_value | Before/after (JSON for structured changes) |
ip_address | Source IP |
timestamp | When it happened |
Viewing the log
Admin UI: filter by user, entity type, date range, action type
SQL query example:
SELECT * FROM commerce__audit_log
WHERE entity_type = 'order' AND entity_id = 1234
ORDER BY timestamp DESC;Retention
Logs are retained indefinitely by default. For GDPR compliance you can purge logs older than N days, but most jurisdictions require keeping financial-related logs for 7 years.
Tamper protection
- Log entries are append-only in the app — no edit or delete UI
- For real immutability, enable MySQL audit plugin or mirror to a write-once store
- Checksums per-row are a planned enhancement