Operational Audit Taxonomy (CCTV v1)
This document defines the minimum audit event taxonomy for operational accountability. It complements the compliance ledger by capturing who did what, when, and to which entity.
Goals
- Provide a consistent, searchable audit trail for high-risk actions.
- Avoid PII leakage (no raw emails, answers, or tokens in audit metadata).
- Support correlation via request IDs and stable event names.
Naming Rules
domain.actionformat (e.g.,assignment.redeemed).target_typedescribes the primary entity affected.target_idis the primary UUID when available.metadatacontains non-sensitive context and counts.
Common Metadata Fields
requestId: injected by the audit service for correlation.tenantId/orgUnitId: resolved via RLS (not emitted in metadata).actorUserId: stored inactor_user_id(not in metadata).
Event Taxonomy (CCTV v1)
Auth / Security
auth.failure(target:auth)reason
auth.csrf.failure(target:csrf)reason
auth.magiclink.invalid(target:magic_link)reason
auth.magiclink.redeem(target:magic_link)emailHash(if available),expiresAt(if available)
auth.session.revoke(target:auth_session)reason
auth.session.revoke_all(target:auth_session)reason
RBAC
role.created/role.updated/role.deleted(target:role)slug,name(where applicable)
role.cloned(target:role)sourceRoleId
role.assigned/role.unassigned(target:user_role)userId,roleId
authoring
question.created/question.updated/question.archived/question.deletedquestionId
question.version.created/question.version.publishedquestionVersionId,questionId
evaluation.created/evaluation.updated/evaluation.archived/evaluation.deletedevaluationId
evaluation.version.created/evaluation.version.publishedevaluationVersionId,evaluationId
Delivery & Assignments
assignment.created(target:assignment)evaluationVersionId,targetType,targetRefId?,runLabel?,allowedAttempts?,timeLimitOverride?
assignment.redeemed(target:assignment)assignmentId?,sessionId,evaluationVersionId,userId?,runLabel?
assignment.override.created(target:assignment_override)assignmentId,userId,extraAttempts?,timeLimitExtension?
assignment.schedule.created(target:assignment_schedule)scheduleId,evaluationId,targetType,targetRefId?,cronExpression,runLabelTemplate?
session.created(target:delivery_session)sessionId,evaluationVersionId,userId?,assignmentId?,mode,runLabel?,allowedAttempts?,timeLimitOverride?
session.submitted(target:submission)submissionId,sessionId?,evaluationVersionId,userId,attemptNo,status,outcomeCode?,score?,maxScore?
Results Remediation
remediation.batch.created(target:correction_batch)evaluationVersionId?,correctionsCount,correctionTypes,status
remediation.batch.applied(target:correction_batch)rescored
remediation.batch.reverted(target:correction_batch)rescored,originalBatchId,revertBatchId
Reporting / Exports
report.export(target:report)report,format,scope,evaluationVersionId?,groupId?,runLabel?,from?,to?
Data Handling Rules
- No raw tokens or email addresses in audit metadata.
- No answers or response content in audit metadata.
- Prefer IDs and counts; if a reference is not a UUID, omit it or hash it.
Roadmap Notes
- Add proctoring actions (pause/resume/terminate) when implemented.
- Add export events for any new report surfaces.
- Expand coverage to programmes, certificates, and compliance flows once APIs exist.