Audit Log

Owning Knowledge Area
Integration Management
Typical Process Group
Monitoring & Controlling

established project management guidelines definition

An append-only, tamper-evident record of every state-changing operation in the system.

AI_PM requirements that support this deliverable (19)

IDDescriptionKnowledge AreaProcess Group
REQ-FUN-006Store sign-off events (requested, approved, rejected, delegated) tied to sign-off idQuality ManagementMonitoring & Controlling
REQ-FUN-007Append-only audit log of every create/update/approve/reject/transitionIntegration ManagementMonitoring & Controlling
REQ-FUN-013Store attachments with id, parent_kind, parent_id, filename, content_hash, storage_uriIntegration ManagementExecuting
REQ-FUN-026Claimed item cancellable by original poster or sponsor; cancellation auditedCommunications ManagementMonitoring & Controlling
REQ-FUN-033Approve via REST/MCP/web UI with identical audit rowsQuality ManagementMonitoring & Controlling
REQ-FUN-052MCP tools produce same audit rows as their REST counterpartsIntegration ManagementExecuting
REQ-FUN-064Web UI allows audit log search by entity, actor, date rangeIntegration ManagementMonitoring & Controlling
REQ-FUN-070Every state-changing operation produces exactly one audit rowIntegration ManagementMonitoring & Controlling
REQ-FUN-071Audit log append-only at DB level (no UPDATE or DELETE granted to app role)Integration ManagementMonitoring & Controlling
REQ-FUN-072Audit log includes tamper-detection (hash chain or equivalent)Integration ManagementMonitoring & Controlling
REQ-FUN-073Audit log retrievable via REST and UICommunications ManagementMonitoring & Controlling
REQ-FUN-074Audit log retains rows indefinitely in MVP (no automatic purge)Integration ManagementMonitoring & Controlling
REQ-FUN-117Actual cost capture with cash / non-cash dimension and category taxonomyCost ManagementExecuting
REQ-NFR-013Audit log append-only at the DB role levelIntegration ManagementMonitoring & Controlling
REQ-NFR-020Every mutation produces exactly one audit row regardless of API surfaceIntegration ManagementMonitoring & Controlling
REQ-NFR-021Audit rows include actor, ts (UTC ISO 8601), entity kind/id, before/after, change reasonIntegration ManagementMonitoring & Controlling
REQ-NFR-022Audit log exportable in CSV/JSON/NDJSON for offline analysisCommunications ManagementMonitoring & Controlling
REQ-NFR-074Cost ledger entries are append-only and tamper-evident via audit logCost ManagementExecuting
REQ-STK-005Auditor receives an exportable, tamper-evident audit log (STK-009)Stakeholder ManagementMonitoring & Controlling