[Feature] Add an admin action audit log

[grantfox-oss]

Getting Started

1. Fork the repository: https://github.com/JointSave-org/Joint_Save
2. Clone your fork:

   git clone https://github.com/<your-username>/Joint_Save.git
   cd Joint_Save

3. Create a new branch:

   git checkout -b feat/admin-audit-log

---

Overview

Pool admins can now pause/unpause pools, add/remove members, and trigger emergency withdrawals — all real, consequential actions. Checked the codebase and confirmed there's no audit trail anywhere showing who did what and when, beyond whatever's visible in the general activity feed (which is focused on deposits/payouts, not admin actions specifically).

Requirements

• Add a new Supabase table admin_actions (pool_id, admin_address, action_type, target_address nullable, metadata jsonb, created_at)
• When any admin-only contract function succeeds (pause, unpause, add_member, remove_member, emergency_withdraw, set_treasury, etc.), log an entry to this table from the relevant API route or hook, right after the transaction confirms
• Add RLS so this table is readable by any actual member of the pool (not just the admin), since transparency about admin actions benefits everyone in the pool — but not writable by anyone except server-side code, following the pattern already established for other write-restricted tables
• Add a simple "Admin Activity" section on the group detail page showing this log, visible to all members

Acceptance Criteria

• Every admin-only action gets logged correctly with the right action type and target (if applicable)
• Log is visible to all pool members, not just the admin
• RLS correctly blocks any client-side write to this table
• No duplicate log entries if a transaction is retried after a network hiccup

[Ebenezer199914]

can i work on this issue

[phalap1]

Hello I would love to work on this, can this be assigned to me? I have experience in the necessary field.

[JuliobaCR]

Hello! I would like to work on this issue.

Estimated Time: 1–2 days

Problem

Administrative actions such as pausing a pool, adding or removing members, changing the treasury, or triggering emergency withdrawals have a direct impact on all pool members. Currently, there is no dedicated audit trail for these operations, making it difficult for members to verify administrative activity or investigate changes over time. While general activity is tracked, it does not provide the level of transparency and accountability expected for privileged actions.

Proposed Solution

I will implement a complete audit logging system for all admin-only actions, ensuring transparency while following the existing architecture and security model.

My implementation will include:

• Creating the new admin_actions Supabase table with the required fields (pool_id, admin_address, action_type, target_address, metadata, and created_at).
• Logging every successful admin-only operation immediately after transaction confirmation from the appropriate API routes or hooks.
• Configuring Row-Level Security (RLS) so that all pool members can read the audit log while preventing any client-side writes, following the existing server-side write pattern.
• Adding an Admin Activity section to the group detail page, allowing members to easily review the history of administrative actions.
• Ensuring idempotent logging so duplicate entries are not created if a transaction confirmation is retried after a network interruption.

Experience

I have experience working with full-stack applications, Supabase, database design, frontend integration, and open-source development. I focus on writing clean, maintainable code, implementing secure access controls, and ensuring features are thoroughly tested before submission.

I would be happy to take ownership of this issue and deliver a robust implementation that satisfies all acceptance criteria.

[Unclebaffa]

Hello Maintainer,
I'm interested in contributing to this amazing project of yours, I'm confident i will deliver the best result that aligns with this project.
Kindly assign me.
Thank you

[real-venus]

Hey, I've read through the issue and I understand it.

Could you assign it to me? I can finish this within 24 hrs.

[grantfox-oss]

🦊 GrantFox — @Unclebaffa has been assigned to this issue as part of the Official Campaign campaign!

Next steps:

1. Open a Pull Request referencing this issue (e.g., Closes #141)
2. Your PR will be reviewed by the JointSave-org maintainers

Good luck! Track your progress on GrantFox.

[Yerimahjr]

I recently completed PR #103 (contract fuzz tests — merged), PR #79 (transaction signing queue — merged), and PR #104 (API rate limiting) on this repo. Familiar with the full stack including Supabase RLS patterns, the existing activity logging in pool routes, and the group detail page.
For this issue I'll add the admin_actions Supabase table with the required schema, wire logging into the relevant API routes after transaction confirmation, add RLS (readable by pool members, not client-writable), add an "Admin Activity" section on the group detail page, and add idempotency guards to prevent duplicate entries on transaction retries.

[grantfox-oss]

🎉 This issue has been marked as completed on GrantFox as part of the Official Campaign campaign!

@Unclebaffa's PR #164 was approved and merged by @Sendi0011.

🏆 @Unclebaffa: You earned 45 FoxPoints for this contribution! Your current tier: Specialist (3,481 total points). Track your full progress on GrantFox.

👏 Great work, @Unclebaffa! Keep contributing to JointSave-org.