Vaulx records every significant user action in an append-onlyDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/noelzappy/vaulx/llms.txt
Use this file to discover all available pages before exploring further.
audit_log table. Each entry captures the acting user, the action name, the affected resource type and ID, an optional JSONB metadata blob, and a creation timestamp. The admin audit page exposes this log with two query modes: paginated browsing (50 entries per page) and action-filtered search (up to 100 entries). Soft-deleted files are managed through the separate /admin/trash endpoints, which also write to the audit log on restore.
All endpoints in this group require the admin role. Non-admin requests receive a 403 HTML error page.
Paginated audit log
GET /admin/audit
Renders the HTML admin audit page. Without an action filter, results are paginated at 50 entries per page and include a total count for pagination controls. With an action filter, returns up to 100 matching entries without pagination.
Authentication: admin only.
Page number for paginated browsing. Defaults to
1. Ignored when action is supplied.Filter results to a single action name (e.g.
file.upload, share.revoke). When present, returns up to 100 entries and disables pagination. See the full action reference table below for valid values.Unique audit log entry identifier.
The action name, e.g.
file.upload or share.revoke.Type of resource affected:
file, folder, or share. Null for actions with no associated resource (e.g. auth.login).UUID of the affected resource. Null when
resource_type is null.Timestamp of when the action was recorded.
Display name of the user who performed the action.
Email address of the user who performed the action.
Soft-deleted files (trash)
GET /admin/trash
Renders the HTML admin trash page listing all files with status = 'deleted'. Files reach the trash via soft deletion — the row is retained in the files table but excluded from all normal file listings until restored or hard-deleted.
Authentication: admin only.
Response fields per trash item
File UUID, used as
fileID in the restore endpoint.Original filename at the time of deletion.
Human-readable file size (e.g.
4.2 MB).Display name of the user who originally uploaded the file.
Human-readable upload date (e.g.
Jan 2, 2006).Restore file from trash
POST /admin/trash/{fileID}/restore
Restores a soft-deleted file by setting its status back to active. The file immediately reappears in folder listings and becomes accessible for download.
Authentication: admin only.
The UUID of the deleted file to restore.
- 200 OK with
HX-Triggerheader:{"showToast":{"message":"File restored","type":"success"}}. - 404 Not Found if no file with that UUID exists in the database.
- 400 Bad Request if
fileIDis not a valid UUID. - Writes a
file.restoreentry to the audit log.
Audit log entry model
| Field | Type | Notes |
|---|---|---|
id | UUID | Primary key |
user_id | UUID | null | FK → users.id; null if the actor’s account was deleted |
action | text | Action name (see table below) |
resource_type | text | null | file, folder, or share |
resource_id | UUID | null | UUID of the affected resource |
meta | JSONB | null | Optional structured metadata for the action |
created_at | timestamptz | When the action was recorded |
Action reference
| Action | Resource Type | Description |
|---|---|---|
auth.login | — | User successfully authenticated |
file.upload | file | File upload confirmed and status set to active |
file.delete | file | File soft-deleted (moved to trash) |
file.hard_delete | file | File permanently deleted by an admin |
file.rename | file | File renamed |
file.move | file | File moved to a different folder |
file.restore | file | File restored from trash by an admin |
folder.create | folder | New folder created |
folder.delete | folder | Folder deleted |
folder.rename | folder | Folder renamed |
folder.zip_download | folder | Folder downloaded as a ZIP archive |
share.revoke | share | Share link revoked |
profile.name_updated | — | User updated their display name |
profile.password_updated | — | User changed their password |