Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.myme.so/llms.txt

Use this file to discover all available pages before exploring further.

The server records every write — item creation, updates, transitions, deletes, edge mutations, extension writes, key lifecycle events, blob uploads, webhook management — in an append-only audit log. The log is admin-queryable and retained on a rolling window.

Entry shape

Each entry carries:
  • id — UUIDv7. Time-sortable.
  • timestamp — when the action was recorded.
  • key_id — the credential that performed the action. Null for system-originated events (scheduled jobs, server bootstrap).
  • tenant_id — the tenant the action belongs to. Null for system-initiated audits (install pipeline, retention jobs) and for actions performed by tenantless bootstrap-admin keys.
  • client_ip — the resolved peer address of the request, honouring TRUSTED_PROXY_CIDRS. Null when the action originates outside a request handler (system-initiated audits) or when no proxy trust is configured and the peer can’t be resolved.
  • action — the verb: item.create, item.update, edge.create, blob.upload, blob.reconcile, key.revoke, etc.
  • resource_type — what was acted on: item, edge, key, type, webhook, blob, extension.
  • resource_id — the resource’s id. Null when the action doesn’t target a single row.
  • details — structured context. Shape varies by action.
Full schema lives in the GET /audit reference.

Querying

Admin-only. GET /audit accepts filters for action, resource_type, resource_id, and a since / until timestamp range; results paginate via cursor: 
GET /audit?resource_type=item&since=2026-04-01T00:00:00Z
GET /audit?action=key.revoke
GET /audit?resource_id=<item-id>
A non-admin credential that calls /audit gets 403 forbidden. Space-scoped admin keys see only their own space’s rows; tenantless bootstrap-admin keys see every row — the same admit-all-when-tenantless pattern items reads use.

Retention

AUDIT_RETENTION_DAYS controls how long entries live — older rows are removed by a periodic cleanup job on the interval set by AUDIT_CLEANUP_INTERVAL_MS. See Configuration for defaults. Retention is lossy by design. The audit log is for investigating recent activity, compliance spot-checks, and reconciling unexpected state; it is not a long-term event-sourcing substrate. Deployments with legal or contractual retention needs should mirror the audit stream into external storage.

What is and isn’t logged

  • Logged: every state-changing API call, plus administrative reads that touch credentials or tenant config.
  • Not logged: item and edge reads, search queries, SSE subscribe/unsubscribe. Read traffic lands in structured request logs rather than the audit log — the audit log is about writes.

Relationship to webhooks and SSE

Audit entries are independent of event delivery. Webhooks and SSE stream item lifecycle events to subscribers; the audit log records all writes, including those that produce no event (e.g. no-op updates). Don’t reconcile one against the other — they answer different questions.