Audit Log
established project management guidelines definition
An append-only, tamper-evident record of every state-changing operation in the system.
AI_PM requirements that support this deliverable (19)
| ID | Description | Knowledge Area | Process Group |
|---|---|---|---|
| REQ-FUN-006 | Store sign-off events (requested, approved, rejected, delegated) tied to sign-off id | Quality Management | Monitoring & Controlling |
| REQ-FUN-007 | Append-only audit log of every create/update/approve/reject/transition | Integration Management | Monitoring & Controlling |
| REQ-FUN-013 | Store attachments with id, parent_kind, parent_id, filename, content_hash, storage_uri | Integration Management | Executing |
| REQ-FUN-026 | Claimed item cancellable by original poster or sponsor; cancellation audited | Communications Management | Monitoring & Controlling |
| REQ-FUN-033 | Approve via REST/MCP/web UI with identical audit rows | Quality Management | Monitoring & Controlling |
| REQ-FUN-052 | MCP tools produce same audit rows as their REST counterparts | Integration Management | Executing |
| REQ-FUN-064 | Web UI allows audit log search by entity, actor, date range | Integration Management | Monitoring & Controlling |
| REQ-FUN-070 | Every state-changing operation produces exactly one audit row | Integration Management | Monitoring & Controlling |
| REQ-FUN-071 | Audit log append-only at DB level (no UPDATE or DELETE granted to app role) | Integration Management | Monitoring & Controlling |
| REQ-FUN-072 | Audit log includes tamper-detection (hash chain or equivalent) | Integration Management | Monitoring & Controlling |
| REQ-FUN-073 | Audit log retrievable via REST and UI | Communications Management | Monitoring & Controlling |
| REQ-FUN-074 | Audit log retains rows indefinitely in MVP (no automatic purge) | Integration Management | Monitoring & Controlling |
| REQ-FUN-117 | Actual cost capture with cash / non-cash dimension and category taxonomy | Cost Management | Executing |
| REQ-NFR-013 | Audit log append-only at the DB role level | Integration Management | Monitoring & Controlling |
| REQ-NFR-020 | Every mutation produces exactly one audit row regardless of API surface | Integration Management | Monitoring & Controlling |
| REQ-NFR-021 | Audit rows include actor, ts (UTC ISO 8601), entity kind/id, before/after, change reason | Integration Management | Monitoring & Controlling |
| REQ-NFR-022 | Audit log exportable in CSV/JSON/NDJSON for offline analysis | Communications Management | Monitoring & Controlling |
| REQ-NFR-074 | Cost ledger entries are append-only and tamper-evident via audit log | Cost Management | Executing |
| REQ-STK-005 | Auditor receives an exportable, tamper-evident audit log (STK-009) | Stakeholder Management | Monitoring & Controlling |