Troubleshooting
Audit Trail
Audit Trail records operational changes, security events, outbox messages, and dead-letter failures for accountability and troubleshooting.
What this page is for
Audit Trail records operational changes, security events, outbox messages, and dead-letter failures for accountability and troubleshooting.
Who should use it
Owner, manager, finance, platform admin
Where to find it
/audit-trail
Before you start
- Audit trail flow completion gate: this page must explain filters, surfaces, event detail, system events, payload masking, and how managers use audit evidence before reversing or escalating an operation.
- Top metrics are Total Events Today, Active Users, Most Active Entity, and Error Rate.
- Use filters by entity type, staff member, operation, source, date range, and row count.
- Audit filters are Search audit, Entity Type, Staff Member, Operation, Source, Date Range, From, To, Rows, and Include system events.
- Search audit can match actor, entity, request ID, correlation ID, and other indexed audit fields returned by the backend.
- Operation filter options are All Operations, CREATE, UPDATE, DELETE, STATUS, SCHEDULE, CANCEL, and REFUND.
- Source filter options are All sources, Staff App, System, Worker, and Platform Admin.
- Date range options are Today, Last 7 days, Last 30 days, and Custom. Rows options are 50, 100, 250, and 500.
- Audit surfaces are Audit Events, Security Events, Outbox, and Dead Letters.
- Audit Events initially show a preview list, with Show all and Show fewer controls when more than eight records match.
- Audit event cards show actor, action verb, entity type, entity name/id, first before/after changes, relative time, source, and correlation/request id.
- Security Events cover authentication, impersonation, and privileged actions.
- Outbox shows queued, processed, suppressed, and failed async events with status, event name, queue, entity, request/correlation id, last error, and suppressed reason.
- Dead Letters show worker queue, job name, status, outbox/dead-letter id, created time, and reason.
- Audit event detail tabs are Changes, Context, Payload, and Related.
- Context shows Request ID, Correlation ID, Brand, Gym, and metadata. Payload shows masked before and after JSON.
- Related can show related audit logs, security events, outbox events, and dead letters tied to the selected record.
- Audit masks password, secret, token, signature, API key, and webhook values before displaying JSON payloads.
- Before/after values explain what changed. Use them for dispute resolution and internal control review.
- Outbox and dead letters are technical delivery evidence for messages, jobs, and integrations.
- Dead-letter requeue and discard endpoints exist in the API, but the current staff UI lists dead letters only. Requeue/discard should be handled through approved backend/admin escalation until Staff app exposes explicit buttons.
Daily workflow
- Review high-risk actions such as refund, void, freeze, transfer, upgrade, permission change, gateway setup, and invoice sequence change.
- Use dead letters when a background action appears stuck or provider delivery failed.
- When investigating a dispute, search by customer/invoice/request id, open the detail drawer, compare Changes, confirm actor/source/time in Context, then review Related outbox/dead-letter records before reversing anything.
Watch out
- Audit data is staff-only. Do not share raw audit payloads with customers.
Related help
- Use the left menu to open related pages in Troubleshooting.
- Use Ask Docs for questions that are already covered in this public documentation.
Marketing and Communications
Communications manages channel accounts, sender identities, templates, campaigns, automations, suppression, provider health, and failed delivery queues.
Self-Serve Links
Self-serve pages are token links sent to customers for verification, signup, waiver completion, booking blocked recovery, invoice review, PDF download, and payment link collection.