Dragon Guard records an immutable audit log for every create, update, and delete operation that flows through the API. Audit entries are written automatically by the database context using EF Core’s change-tracker, and additional manual entries cover actions that occur outside of normal entity saves — such as user registration and password changes. The result is a complete, append-only history of all warehouse data mutations, queryable by tenant, table, user, or date range.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/CodexaCP/DG_BACK/llms.txt
Use this file to discover all available pages before exploring further.
How Auditing Works
WmsDbContext overrides SaveChangesAsync to intercept EF Core ChangeTracker entries before and after each save. For every entity that is added, modified, or deleted, the context records:
- The table name (schema-qualified, e.g.,
core.RfidTagRegistry) - The action:
Insert,Update, orDelete - The entity ID (primary key of the changed record)
- The company ID extracted directly from the entity’s
CompanyIdproperty - A JSON snapshot of old values (previous state before the change)
- A JSON snapshot of new values (state after the change)
- The comma-separated list of changed columns
- The user email, user role, and user ID from the active HTTP context JWT
- The client app (
Web,Handheld,API, orSystem) inferred from theX-Client-Appheader orUser-Agent - The request path and HTTP method of the originating API call
- The timestamp (
createdAt) in UTC
SaveChangesAsync call, and audit log entities are explicitly excluded from triggering further audit entries, preventing infinite recursion.
Manual audit entries
For actions that occur outside of EF (such as user registration or a password change), services callWmsDbContext.AddManualAuditLog() directly:
AuditLog Fields
Unique identifier of the audit record.
Schema-qualified table name of the affected entity (e.g.,
core.Items, core.RfidTagRegistry).The operation that triggered this entry. One of
Insert, Update, Delete, or a manual action label such as PasswordChanged.Primary key of the changed record.
Tenant scope of the changed record.
null for system-level events with no tenant.JSON object containing field values before the change.
null for inserts.JSON object containing field values after the change.
null for deletes.Comma-separated, alphabetically sorted list of column names that changed.
ID of the user who performed the operation.
Email address of the user who performed the operation.
Role of the user at the time of the operation (e.g.,
ADMIN, SUPERVISOR, SUPERADMIN_SUPREMO).The HTTP request path that triggered the change (e.g.,
/api/items/123).HTTP method of the originating request (
POST, PUT, DELETE, etc.).Detected client type:
Web, Handheld, API, or System.Raw
User-Agent string from the originating request.Timestamp when the audit record was written.
AuditLogDto also includes three computed display fields:
Human-readable module name derived from
tableName (e.g., "RFID Tag Registry").Human-readable action label (e.g.,
"Created", "Updated", "Deleted").Auto-generated sentence summarising the event (e.g.,
"[email protected] created a record in Items").Audit Endpoints
GET /api/audit/logs
Returns a paginated list of audit records. Results are ordered bycreatedAt descending (most recent first) and capped at 100 records per page.
Filter by tenant. SUPERADMIN_SUPREMO can pass any tenant ID; regular users are always scoped to their own company.
Exact table name to filter on (e.g.,
core.RfidTagRegistry).Exact action to filter on (e.g.,
Insert, Update, Delete).Partial match on the user email that performed the operation.
Filter to audit records for a specific entity (record) ID.
Exact client app label (
Web, Handheld, API, System).Full-text search across
tableName, action, userEmail, changedColumns, requestPath, oldValues, and newValues.Include only records with
createdAt >= from.Include only records with
createdAt <= to (inclusive end of range).Page number (1-based).
Number of records per page. Maximum is 100.
GET /api/audit/modules
Returns the distinct table names (modules) that have audit records, along with a human-readable label for each — suitable for populating filter dropdowns in a UI.The legacy alias
/api/audit/tables is preserved for backward compatibility and delegates directly to /api/audit/modules.GET /api/audit/action-options
Returns all known action types with their human-readable labels. Useful for building action-filter dropdowns.Access Control
| Role | Access |
|---|---|
SUPERADMIN_SUPREMO | Can view audit logs across all tenants by passing any companyId |
ADMIN, SUPERVISOR, DIRECTOR, GENERAL, GENERAL_SUPERVISOR | Can view audit logs scoped to their own company only |
| All other roles | Access denied (403 Forbidden) |