Skip to content

[Feature] Add an admin action audit log #141

Description

@grantfox-oss

Getting Started

  1. Fork the repository: https://github.com/JointSave-org/Joint_Save
  2. Clone your fork:
   git clone https://github.com/<your-username>/Joint_Save.git
   cd Joint_Save
  1. Create a new branch:
   git checkout -b feat/admin-audit-log

Overview

Pool admins can now pause/unpause pools, add/remove members, and trigger emergency withdrawals — all real, consequential actions. Checked the codebase and confirmed there's no audit trail anywhere showing who did what and when, beyond whatever's visible in the general activity feed (which is focused on deposits/payouts, not admin actions specifically).

Requirements

  • Add a new Supabase table admin_actions (pool_id, admin_address, action_type, target_address nullable, metadata jsonb, created_at)
  • When any admin-only contract function succeeds (pause, unpause, add_member, remove_member, emergency_withdraw, set_treasury, etc.), log an entry to this table from the relevant API route or hook, right after the transaction confirms
  • Add RLS so this table is readable by any actual member of the pool (not just the admin), since transparency about admin actions benefits everyone in the pool — but not writable by anyone except server-side code, following the pattern already established for other write-restricted tables
  • Add a simple "Admin Activity" section on the group detail page showing this log, visible to all members

Acceptance Criteria

  • Every admin-only action gets logged correctly with the right action type and target (if applicable)
  • Log is visible to all pool members, not just the admin
  • RLS correctly blocks any client-side write to this table
  • No duplicate log entries if a transaction is retried after a network hiccup

Metadata

Metadata

Assignees

Labels

GrantFox OSSIssue tracked in GrantFox OSSOfficial CampaignCampaign: Official Campaignhigh-complexityLarge scope, multiple systems/files. Needs planning

Type

No type
No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions