S4FN Audit Trail
Demo operator Tenant: demo-customer Logout

Audit Events Inbox

Latest SAP audit events received through POST /api/audit-events.

Total events0
Successful events0
Failed/rejected events0
Documents with evidence0

Loading events...

Document Audit Timeline

Load one document by correlation ID. Known lifecycle events are ordered by compliance flow, then receipt time.

Load a timeline to inspect document-level audit history.

Evidence

Evidence references will appear here when events include payloadHash, authorityReference, responseCode, archiveObjectId, evidenceUrl, rawResponseReference, providerMessageId, or signedPayloadReference.

Evidence references will appear here when events include payloadHash, authorityReference, responseCode, archiveObjectId, evidenceUrl, rawResponseReference, providerMessageId, or signedPayloadReference.

Exceptions

Rejected, failed, warning, and retry-relevant events that need follow-up.

Loading exceptions...

Settings

Current ingestion and storage configuration for the MVP deployment.

Implementation Settings

SAP SM59 DestinationZS4FN_AUDIT_TRAIL_HTTP
Target Hosts4fn-audit-trail-demo.vercel.app
Path Prefix/api/audit-events
Storagedurable-postgres
Tenantdemo-customer
UI AuthenticationOptional Basic Auth with AUDIT_UI_BASIC_USER and AUDIT_UI_BASIC_PASSWORD
SAP Ingestion AuthOptional x-api-key header with AUDIT_INGEST_API_KEY
Immutable ModelAppend-only events with document-level SHA-256 hash chain
ModeSAP read-only reference event collection

Implementation Notes

S4FN Audit Trail collects minimal audit metadata and evidence references rather than replicating SAP tables. SAP sends events through a Basis-managed SM59 destination, while PostgreSQL stores the received event payload and extracted document fields for inbox, exceptions, evidence, and timeline views.

This productization build adds optional dashboard authentication, tenant-scoped reads, append-only hash-chain metadata, and evidence reference extraction. Full legal archive operation still requires customer-specific retention policy, backups, SSO, protected evidence downloads, and operational monitoring.