Audit log

Create events with redacted payloads. Extend capture to updates and deletes as workflows grow.

Recent events

Sensitive identifiers are masked in stored JSON. Direct PHI should not appear in audit entries.

No audit rows yet, or the database migration has not been applied.