SquareOS Docs
Troubleshooting

Audit Trail

Audit Trail records operational changes, security events, outbox messages, and dead-letter failures for accountability and troubleshooting.

What this page is for

Audit Trail records operational changes, security events, outbox messages, and dead-letter failures for accountability and troubleshooting.

Who should use it

Owner, manager, finance, platform admin

Where to find it

/audit-trail

Before you start

  • Audit trail flow completion gate: this page must explain filters, surfaces, event detail, system events, payload masking, and how managers use audit evidence before reversing or escalating an operation.
  • Top metrics are Total Events Today, Active Users, Most Active Entity, and Error Rate.
  • Use filters by entity type, staff member, operation, source, date range, and row count.
  • Audit filters are Search audit, Entity Type, Staff Member, Operation, Source, Date Range, From, To, Rows, and Include system events.
  • Search audit can match actor, entity, request ID, correlation ID, and other indexed audit fields returned by the backend.
  • Operation filter options are All Operations, CREATE, UPDATE, DELETE, STATUS, SCHEDULE, CANCEL, and REFUND.
  • Source filter options are All sources, Staff App, System, Worker, and Platform Admin.
  • Date range options are Today, Last 7 days, Last 30 days, and Custom. Rows options are 50, 100, 250, and 500.
  • Audit surfaces are Audit Events, Security Events, Outbox, and Dead Letters.
  • Audit Events initially show a preview list, with Show all and Show fewer controls when more than eight records match.
  • Audit event cards show actor, action verb, entity type, entity name/id, first before/after changes, relative time, source, and correlation/request id.
  • Security Events cover authentication, impersonation, and privileged actions.
  • Outbox shows queued, processed, suppressed, and failed async events with status, event name, queue, entity, request/correlation id, last error, and suppressed reason.
  • Dead Letters show worker queue, job name, status, outbox/dead-letter id, created time, and reason.
  • Audit event detail tabs are Changes, Context, Payload, and Related.
  • Context shows Request ID, Correlation ID, Brand, Gym, and metadata. Payload shows masked before and after JSON.
  • Related can show related audit logs, security events, outbox events, and dead letters tied to the selected record.
  • Audit masks password, secret, token, signature, API key, and webhook values before displaying JSON payloads.
  • Before/after values explain what changed. Use them for dispute resolution and internal control review.
  • Outbox and dead letters are technical delivery evidence for messages, jobs, and integrations.
  • Dead-letter requeue and discard endpoints exist in the API, but the current staff UI lists dead letters only. Requeue/discard should be handled through approved backend/admin escalation until Staff app exposes explicit buttons.

Daily workflow

  • Review high-risk actions such as refund, void, freeze, transfer, upgrade, permission change, gateway setup, and invoice sequence change.
  • Use dead letters when a background action appears stuck or provider delivery failed.
  • When investigating a dispute, search by customer/invoice/request id, open the detail drawer, compare Changes, confirm actor/source/time in Context, then review Related outbox/dead-letter records before reversing anything.

Watch out

  • Audit data is staff-only. Do not share raw audit payloads with customers.
  • Use the left menu to open related pages in Troubleshooting.
  • Use Ask Docs for questions that are already covered in this public documentation.

On this page