Crewship maintains an append-only audit log that records every mutation in the system. The audit log provides a complete trail for security review, compliance, and debugging.
The audit_logs table currently captures these mutations. Other
entities (crews, missions, credentials) emit journal events but do
not yet have WriteAuditLog calls wired into their handlers:
CREATE TABLE audit_logs ( id TEXT PRIMARY KEY, workspace_id TEXT NOT NULL, user_id TEXT, action TEXT NOT NULL, entity_type TEXT NOT NULL, entity_id TEXT, metadata TEXT, -- JSON object ip_address TEXT, user_agent TEXT, created_at TEXT NOT NULL -- ISO 8601);
Column
Type
Description
id
TEXT
Random hex ID (32 chars)
workspace_id
TEXT
Workspace the action occurred in
user_id
TEXT
User who performed the action (null for system actions)
action
TEXT
Action type — CRUD verbs (create, update, delete) for agent mutations, backup.* for backup lifecycle events
entity_type
TEXT
Entity type (AGENT, CREW, MISSION, etc.)
entity_id
TEXT
ID of the affected entity
metadata
TEXT
JSON object with action-specific details
ip_address
TEXT
Client IP address
user_agent
TEXT
Client user agent string
created_at
TEXT
ISO 8601 timestamp
The audit log is append-only. There is no API or mechanism to delete or modify audit log entries. This ensures an immutable record for security review.
The function generates a random hex ID, writes the row in the same request context, and — when j is non-nil — dual-emits a typed audit.entity_* entry into the unified Crew Journal. If the write fails, a warning is logged but the original operation is not rolled back — the audit log is best-effort to avoid blocking user operations.