Skip to main content

Documentation Index

Fetch the complete documentation index at: https://grantmaster.dev/llms.txt

Use this file to discover all available pages before exploring further.

shared/audit

Central audit logging service. Every significant action in GrantMaster writes an audit trail entry via this module.

Module Map

FileRole
auditService.tslogAuditEvent(params) and queryAuditLogs(filters)

Primary API

import { logAuditEvent, queryAuditLogs } from '@/shared/audit/auditService';

// Write an audit log entry
await logAuditEvent({
  organizationId: 'org123',
  userId: 'user456',
  userName: 'Alice Smith',
  userEmail: 'alice@example.org',   // optional
  action: AuditAction.EXPENSE_APPROVED,
  resourceType: 'expense',
  resourceId: 'exp789',
  resourceName: 'Travel expense — Project A',
  result: 'success',                // 'success' | 'failure'
  metadata: {
    note: 'Approved as per budget',
    amount: 250,
  },
});

// Query audit logs
const logs = await queryAuditLogs({
  organizationId: 'org123',
  startDate: '2026-01-01T00:00:00Z',   // optional
  endDate: '2026-01-31T23:59:59Z',     // optional
  userId: 'user456',                    // optional filter by actor
  resourceType: 'expense',             // optional filter by resource type
  limitCount: 100,
});

AuditLog Schema

interface AuditLog {
  id: string;
  organizationId: string;
  userId: string;
  userName: string;
  userEmail?: string;
  action: AuditAction;
  resourceType: string;
  resourceId: string;
  resourceName: string;
  result: 'success' | 'failure';
  timestamp: string;
  metadata?: Record<string, unknown>;
}

AuditAction Enum

Key values (see the owning auth/shared contract modules for the full list): EXPENSE_APPROVED, EXPENSE_REJECTED, JOURNAL_APPROVED, JOURNAL_REJECTED, PROJECT_CREATED, PROJECT_ARCHIVED, ORG_SETTINGS_UPDATED, USER_INVITED, USER_DEACTIVATED, GRANT_WON, GRANT_LOST, COMPLIANCE_RULE_UPDATED

Firestore Collection

auditLogs/{logId} — ordered by timestamp desc. Queried with compound filters (organizationId, timestamp).

Callers

All approval and rejection workflows, settings changes, and entity lifecycle operations write to the audit log:
  • features/adminapplyAdminApprovalAction
  • features/expenses → approve/reject
  • features/journals → approve/reject
  • features/settingslogSettingsAuditEvent
  • features/superadmin → platform operations
  • extensions/compliance-vaultAuditTrailService (separate compliance-specific audit trail)