//////////////////////////////////////////////////////////////////////////////////////////////
// DO NOT MODIFY THIS FILE //
// This file is automatically generated by ZenStack CLI and should not be manually updated. //
// Source: schema.zmodel · Generated: 2026-02-23 //
//////////////////////////////////////////////////////////////////////////////////////////////
A record in the append-only audit log for compliance and debugging.
Every significant state change in the system generates an audit log entry. Entries are immutable — they cannot be updated or deleted, even by owners. The log is retained for 7 years per compliance requirements.
The
payloadfield stores a JSON snapshot of the changed fields (before/after values). TheipAddressanduserAgentfields are captured for security forensics.
Category: Audit · Since: 1.0 · Defined in: content.zmodel
Declaration · content.zmodel
model AuditLog with Timestamps {
id String @id @default(cuid())
action String @length(1, 100) @meta('doc:example', 'article.published')
description String?
payload Json?
ipAddress String? @meta('doc:example', '203.0.113.42')
userAgent String?
actorId String?
resourceId String? @meta('doc:example', 'article:clx9abc123def')
resourceType String? @meta('doc:example', 'article')
@@allow('read', true)
@@deny('create,update,delete', true)
@@index([action])
@@index([resourceType, resourceId])
@@index([actorId])
@@meta('doc:category', 'Audit')
@@meta('doc:since', '1.0')
}On this page: Mixins · Fields · Access Policies · Indexes · Validation Rules
Reusable field groups mixed into this model.
All fields defined on this entity, including inherited fields from mixins and parent models.
| Field | Type | Required | Default | Attributes | Source | Description |
|---|---|---|---|---|---|---|
createdAt |
DateTime |
Yes | now() |
— | Timestamps | When the record was first created. Immutable after insert. |
updatedAt |
DateTime |
Yes | — | @updatedAt |
Timestamps | When the record was last modified. Updated automatically. |
id |
String |
Yes | cuid() |
@id |
— | — |
action |
String |
Yes | — | @length(1, 100) |
— | Example: article.published Machine-readable action identifier (e.g. article.published, |
member.invited, subscription.canceled). |
||||||
description |
String? |
No | — | — | — | Human-readable description of what changed. |
payload |
Json? |
No | — | — | — | JSON payload containing before/after field values. |
ipAddress |
String? |
No | — | — | — | Example: 203.0.113.42 IP address of the client that initiated the action. |
userAgent |
String? |
No | — | — | — | User-Agent header from the originating request. |
actorId |
String? |
No | — | — | — | ID of the user who performed the action. Null for system-initiated |
| events (e.g. scheduled jobs, webhook handlers). | ||||||
resourceId |
String? |
No | — | — | — | Example: article:clx9abc123def Fully qualified resource identifier (e.g. article:clx9abc123). |
resourceType |
String? |
No | — | — | — | Example: article Resource type for filtering (e.g. article, subscription, member). |
ZenStack access control rules that determine who can read, create, update, or delete records.
Important
Operations are denied by default. @@allow rules grant access; @@deny rules override any allow.
| Operation | Rule | Effect |
|---|---|---|
| read | true |
Allow |
| create,update,delete | true |
Deny |
Database indexes defined on this model for query performance.
| Fields | Type |
|---|---|
[action] |
Index |
[resourceType, resourceId] |
Index |
[actorId] |
Index |
Field-level and model-level validation constraints enforced at the ORM layer.
| Field | Rule |
|---|---|
action |
@length |