PanelAuditLog¶
The PanelAuditLog table provides an immutable, append-only audit trail of all administrative actions performed through the QS-Bridge platform. Every ban, unban, kick, configuration change, role grant, and announcement is recorded with the acting admin's identity, a description of the action, and a timestamp.
Scope¶
🌍 Global — The audit log is accessible to all panel subscribers. It is append-only by design — rows are never updated or deleted.
Schema¶
| Column | Type | Constraints | Description |
|---|---|---|---|
log_id |
u64 |
Primary Key, auto-increment | Unique, monotonically increasing log entry ID |
actor_player_id |
String |
— | Platform-wide player identifier of the admin who performed the action |
action |
String |
— | Machine-readable action identifier (e.g., "ban", "set_motd", "grant_role") |
details |
String |
— | Human-readable description of the action with context |
timestamp |
Timestamp |
— | When the action was performed |
Rust Definition¶
#[spacetimedb::table(public, name = panel_audit_log)]
pub struct PanelAuditLog {
#[primary_key]
#[auto_inc]
pub log_id: u64,
pub actor_player_id: String,
pub action: String,
pub details: String,
pub timestamp: Timestamp,
}
Usage Patterns¶
Logging Pattern¶
The panel_log_action reducer is called by panel wrapper reducers after successfully executing an administrative action:
// Pseudocode — logging a ban action
pub fn panel_ban_player(ctx: &ReducerContext, actor_player_id: String, target: String, reason: String) {
// ... authorization checks ...
admin_ban(ctx, target.clone(), reason.clone());
// Record the action in the audit log
panel_log_action(
ctx,
actor_player_id,
"ban".to_string(),
format!("Banned player {} — Reason: {}", target, reason),
);
}
Action Identifiers¶
The action column uses short, machine-readable identifiers for filtering and categorization:
| Action | Description |
|---|---|
"ban" |
Player banned |
"unban" |
Player unbanned |
"kick" |
Player kicked |
"whitelist_add" |
Player added to whitelist |
"whitelist_remove" |
Player removed from whitelist |
"set_password" |
Server password changed |
"toggle_whitelist" |
Whitelist enabled/disabled |
"set_max_players" |
Max players changed |
"set_motd" |
MOTD updated |
"grant_role" |
Admin role granted |
"revoke_role" |
Admin role revoked |
"announce" |
Announcement broadcast |
"session_start" |
Panel session started |
"session_end" |
Panel session ended |
Immutability¶
The audit log is append-only by design. No reducer exists to update or delete audit log entries. This ensures the integrity of the audit trail — even the platform owner cannot retroactively alter the record of administrative actions.
Details Format¶
The details column contains a human-readable string that provides context for the action. There is no enforced format, but the convention is:
Examples:
- "Banned player steam_76561198012345 — Reason: Cheating"
- "Set MOTD on us-east-pvp-1 — Welcome to Season 3!"
- "Granted Admin role to player steam_76561198099999"
Querying the Log¶
The panel UI presents the audit log as a filterable, paginated table. Common queries:
-- Recent actions
SELECT * FROM panel_audit_log ORDER BY log_id DESC LIMIT 50
-- Actions by a specific admin
SELECT * FROM panel_audit_log WHERE actor_player_id = 'steam_76561198012345'
-- All ban-related actions
SELECT * FROM panel_audit_log WHERE action = 'ban' OR action = 'unban'
Related Reducers¶
| Reducer | Operation |
|---|---|
panel_log_action |
Inserts a new audit log entry |
All panel wrapper reducers (panel_ban_player, panel_unban_player, panel_kick_player, etc.) call panel_log_action after executing their primary operation.
Related Subscriptions¶
| Subscriber | Query | Purpose |
|---|---|---|
| Admin Panel | SELECT * FROM panel_audit_log |
Audit log display, compliance review |
For full subscription architecture, see Subscriptions.
Related Pages¶
- PanelSession — Active sessions (source of
actor_player_id) - AdminRole — Role assignments that authorize logged actions
- Reducers — Panel wrapper reducers that generate audit entries