Audit Log Strategy
A tamper-evident, append-only audit pipeline that captures every licensing event, enrichment step, and admin action in Meridian.
Overview
Meridian emits structured audit records for license activations, hardware fingerprint changes, key rotations, and dashboard mutations. Every record is hashed into a local append-only log, then periodically sealed into an immutable external store.
Record Schema
| Field | Type | Purpose |
|---|---|---|
| event_id | UUIDv7 | Time-sortable unique identifier |
| actor | string | User, license key, or system |
| action | enum | activate, revoke, enrich, rotate |
| payload | jsonb | Contextual diff or full snapshot |
| prev_hash | sha256 | Chain integrity link |
Integrity Chain
Each record includes the SHA-256 hash of the previous record. The head hash is published hourly to an external witness (Upstash KV with a TTL guard). Any gap or mismatch triggers an alert in the Discord operations channel.
Retention & Pruning
Hot storage retains 90 days of full records in Upstash KV. Older records are compacted into daily summary blocks and moved to cold storage. The integrity chain is never pruned — head hashes remain verifiable indefinitely.
Related recipes