Audit Trails & Tenant Metering

Maintain strict compliance and automatically track API consumption rates for multi-tenant applications.

The `@Audited` Engine (Dual Layer)

By tagging an entity with @Audited inside your GDL file, GO-DUCK injects an advanced two-tier auditing strategy automatically into your microservice.

Note: All Audit Logs are automatically driven completely via Keycloak JWT Token Extraction!

Layer 1: Inline Entity Columns

Instead of generic created_at and updated_at timestamps, an @Audited object inherently gains these columns directly on the database row:

created_by (String - e.g., "John Doe")
created_date (TIMESTAMP)
last_modified_by (String - e.g., "Jane Doe")
last_modified_date (TIMESTAMP)
last_modified_user_id (String - Global Auth Provider UUID)

Layer 2: The Central `audit_log` Tracker Table

A global audit_log timeline is maintained across your database. For every mutable Action (CREATE, UPDATE, DELETE), the middleware diffs the pre-mutation HTTP object and the post-mutation object. It stores the explicit JSON payload changes asynchronously!

# Quickly view all changes securely over REST 
curl -X GET "http://localhost:8080/api/audit?entityName=Entity" \
  -H "Authorization: Bearer YOUR_JWT"

Multi-Tenant Metering

API consumption tracking is inherently built in. When fully enabled, this records usage hits explicitly tracked against the X-Tenant-ID attached to the requests over time. This metric is ideal for setting up a usage-based billing logic or preventing internal abuse.

# The Tenant retrieves their own API request footprints:
curl -X GET "http://localhost:8080/api/metering/usage" \
  -H "Authorization: Bearer YOUR_JWT" \
  -H "X-Tenant-ID: tenant_B_stripe"