Audit Trail

Every credential access, share, revocation, and policy check is recorded in the encrypted audit log. Entries are append-only and cannot be modified.

Logging

`logAction(vault, input)`

Record an audit entry. Called automatically by passport operations, but can also be called directly.

input

LogActionInput

required

Fields: passportId, action, actor, and optional platform, details, metadata.

Returns: Promise<AuditEntry>

Audit Actions

Querying

`getAuditLog(vault, passportId?, filters?)`

Retrieve audit entries, optionally filtered by passport and additional criteria.

`searchAuditLog(vault, searchTerm, passportId?)`

Full-text search across audit entry details and metadata.

`getRecentActivity(vault, limit?)`

Most recent audit entries across all passports.

`getAccessHistory(vault, passportId)`

All accessed entries for a specific passport.

`wasAccessedRecently(vault, passportId, withinMinutes?)`

Check if a passport was accessed within a time window. Default: 5 minutes.

Statistics

`getAuditStats(vault, passportId?)`

Aggregate stats: total actions, breakdown by action/actor/platform, first/last action, actions in last 24h and 7d.

`getSuspiciousActivity(vault, passportId?)`

Detect anomalies: rapid access (multiple accesses within short windows), unusual actors, and after-hours access.

Export

`exportAuditLog(vault, format, filters?)`

Export the audit log as JSON or CSV.

SDK Reference

​Audit Trail

​Logging

​logAction(vault, input)

​Audit Actions

​Querying

​getAuditLog(vault, passportId?, filters?)

​searchAuditLog(vault, searchTerm, passportId?)

​getRecentActivity(vault, limit?)

​getAccessHistory(vault, passportId)

​wasAccessedRecently(vault, passportId, withinMinutes?)

​Statistics

​getAuditStats(vault, passportId?)

​getSuspiciousActivity(vault, passportId?)

​Export

​exportAuditLog(vault, format, filters?)