Audit Logging Skill
Record every action with complete traceability for compliance and debugging.
Log Format
json
{
"timestamp": "2026-01-07T10:30:00Z",
"action_type": "email_send | payment | social_post | file_create",
"action_id": "unique-identifier",
"actor": "claude-code",
"source": "process-inbox | execute-approved | orchestrator",
"target": "recipient@email.com | social_platform | payment_account",
"parameters": {
"subject": "Invoice #123",
"amount": 500.00,
"platform": "twitter"
},
"approval_status": "auto | human_approved | human_rejected",
"approved_by": "human_user | null",
"approval_timestamp": "2026-01-07T10:25:00Z",
"result": "success | failure",
"error_code": "null | AUTH_FAILED | TIMEOUT",
"error_message": "null | Detailed error",
"duration_ms": 1250,
"retry_count": 0
}
Log Storage
- •Location:
/Vault/Logs/YYYY-MM-DD.json - •Format: One JSON object per line (newline-delimited)
- •Retention: Minimum 90 days, queryable by date
- •Access: Read-only after 24 hours (audit integrity)
Logging Requirements
Every action MUST log:
- •Timestamp (ISO 8601 UTC)
- •Action type
- •Actor (always "claude-code" for now)
- •Approval status (who approved, when)
- •Result (success/failure + error code)
- •Duration in milliseconds
Never log:
- •Passwords or API keys
- •Personally identifiable information (beyond first/last name)
- •Full email addresses (anonymize as xxx@domain.com)
- •Complete payment card numbers (last 4 digits only)
Query Examples
bash
# Find all payments grep '"action_type": "payment"' /Vault/Logs/2026-01-07.json # Find failures grep '"result": "failure"' /Vault/Logs/2026-01-07.json # Find human approvals grep '"approval_status": "human_approved"' /Vault/Logs/2026-01-*.json
Script Location
~/.claude/skills/audit-logging/scripts/audit_logger.py
References
See references/compliance_requirements.md for regulatory standards.