Track every change to flags, services, members, and tokens with comprehensive audit logs

Audit Logging

Flaggr automatically records an audit trail for every state-changing operation. Every flag toggle, member addition, token creation, and configuration change is logged with full context.

What's Logged

Every audit entry captures:

Field	Description
`action`	What happened (e.g., `flag.update`)
`resourceType`	Type of resource affected
`resourceId`	ID of the affected resource
`resourceName`	Human-readable resource name
`userId`	Who performed the action
`before`	Resource state before the change
`after`	Resource state after the change
`changes`	Diff of changed fields
`timestamp`	When it happened (ISO 8601)
`ipAddress`	Client IP address
`userAgent`	Client user agent string

Actions

Flag Actions

Action	Trigger
`flag.create`	New flag created
`flag.update`	Flag configuration changed (targeting, variants, metadata)
`flag.delete`	Flag removed
`flag.toggle`	Flag enabled/disabled state flipped

Service Actions

Action	Trigger
`service.create`	New service created
`service.update`	Service configuration changed
`service.delete`	Service removed

Member Actions

Action	Trigger
`member.add`	User added to project
`member.remove`	User removed from project
`member.role_change`	User's role updated

Invitation Actions

Action	Trigger
`invitation.create`	Invitation sent
`invitation.accept`	Invitation accepted
`invitation.cancel`	Invitation cancelled

Token Actions

Action	Trigger
`token.create`	API token generated
`token.update`	Token permissions changed
`token.revoke`	Token revoked

Querying Audit Logs

Basic Query

GET /api/audit?projectId=proj-1&limit=50

Filter by Action

GET /api/audit?projectId=proj-1&action=flag.toggle

Filter by Resource

GET /api/audit?projectId=proj-1&resourceType=flag&resourceId=checkout-v2

Filter by Date Range

GET /api/audit?projectId=proj-1&startDate=2025-07-01&endDate=2025-07-31

Filter by User

GET /api/audit?projectId=proj-1&userId=user-123

Combined Filters

GET /api/audit?projectId=proj-1&action=flag.update&resourceId=checkout-v2&startDate=2025-07-15&limit=20

Response Format

{
  "logs": [
    {
      "id": "audit-abc123",
      "projectId": "proj-1",
      "userId": "user-123",
      "action": "flag.update",
      "resourceType": "flag",
      "resourceId": "checkout-v2",
      "resourceName": "Checkout V2",
      "before": {
        "enabled": false,
        "targeting": []
      },
      "after": {
        "enabled": true,
        "targeting": [
          {
            "id": "beta-users",
            "conditions": [{ "property": "betaUser", "operator": "equals", "value": true }],
            "value": true
          }
        ]
      },
      "changes": [
        { "field": "enabled", "oldValue": false, "newValue": true },
        { "field": "targeting", "oldValue": [], "newValue": "[1 rule]" }
      ],
      "metadata": {},
      "timestamp": "2025-07-20T10:30:00Z",
      "ipAddress": "203.0.113.1",
      "userAgent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7)..."
    }
  ],
  "total": 150,
  "limit": 50,
  "offset": 0
}

Permissions

Audit logs require project-level read access. Any project member (viewer, member, admin, or owner) can view audit logs for their project.

Storage

Audit logs are stored in Firestore with an in-memory cache of the most recent 1,000 entries for fast queries. Older entries are read directly from storage.

Use Cases

Compliance — Track who changed what, when, and from where
Debugging — Trace a flag misconfiguration back to the change that caused it
Rollback decisions — View the before/after state to decide whether to rollback
Team visibility — See what your teammates have been working on
Incident response — Correlate flag changes with production incidents