🏠 Overview 🧩 Components 🧩 Proxy Audit Logger

Proxy Audit Logger

Component Detail

Infrastructure low complexity backend
0
Dependencies
0
Dependents
0
Entities
0
Integrations

Description

Records an immutable audit log entry for every proxy registration action. Captures who acted (coordinator), on whose behalf (mentor), what was registered, and when — supporting accountability and dispute resolution.

Feature: Coordinator Proxy Registration for Contacts

proxy-audit-logger

Summaries

The Proxy Audit Logger creates a tamper-evident record of every registration action performed on behalf of a peer mentor, establishing clear accountability for all proxy activity. When disputes arise — whether from a mentor contesting a registration or a funder querying a submission — this component provides the authoritative answer: who acted, on whose behalf, and exactly when. This reduces legal and compliance exposure, supports Bufdir accountability requirements, and builds trust with both mentors and programme stakeholders by ensuring all proxy actions are traceable.

Low-complexity backend component with no external dependencies, making it straightforward to deliver. The critical planning consideration is timing: the audit logger must be integrated before any proxy registration feature goes to production, not added retrospectively — retroactive audit gaps undermine its compliance value. Coordinate with the proxy activity and bulk submission teams to ensure logProxyCreated, logProxyUpdated, and logBulkSubmission are called at the correct transaction boundaries. Write test cases covering concurrent bulk submissions to verify no audit entries are dropped under load.

Storage growth should be monitored as audit tables accumulate indefinitely.

Append-only audit log component writing to a Supabase table with no update or delete operations permitted at the application layer — enforce this via RLS or a database trigger that rejects modifications. Each log entry captures coordinator_id, mentor_id, activity_id, action_type (CREATE/UPDATE/DELETE/BULK), timestamp, and a changes map for updates. logBulkSubmission should write one entry per mentor in the batch, linked by a shared batchId for grouped querying. getAuditHistory queries by activityId with descending timestamp order.

Index on activity_id and coordinator_id. Consider partitioning by month for long-term query performance on large audit tables.

Responsibilities

  • Write audit log entries to Supabase on every proxy create/update/delete
  • Include acting user identity, target mentor, timestamp, and action type
  • Support querying audit history for compliance review

Interfaces

logProxyCreated(String coordinatorId, String mentorId, String activityId)
logProxyUpdated(String coordinatorId, String activityId, Map changes)
logProxyDeleted(String coordinatorId, String activityId)
logBulkSubmission(String coordinatorId, List<String> mentorIds, String batchId)
getAuditHistory(String activityId)

API Contract

View full contract →
REST /api/v1/proxy-audit-logs 6 endpoints
GET /api/v1/proxy-audit-logs List audit log entries
GET /api/v1/proxy-audit-logs/:id Get a specific audit log entry
POST /api/v1/proxy-audit-logs Create an audit log entry (internal/system use)
PUT /api/v1/proxy-audit-logs/:id Annotate an audit log entry (admin correction only)
DELETE /api/v1/proxy-audit-logs/:id Delete an audit log entry (admin/compliance only)
GET /api/v1/proxy-audit-logs/by-coordinator/:coordinator_id Get all audit logs for a coordinator