Stop Grepping Unstructured Logs. Deploy Queryable, Enterprise Audit Trails.
A high-throughput Go microservice built for multi-tenant B2B platforms. Ingest, store, and query exactly "Who did What, Where, When and Why" via REST, gRPC, and native MCP server. Powered by PostgreSQL, OpenTelemetry, and NATS—ready for compliance teams and AI agents alike.
The Problem: "Who Changed This?" is a Nightmare to Answer
When an enterprise customer asks your support team why their production configuration changed, pointing them to a massive, unstructured Kibana dashboard isn't acceptable. You need a highly structured, queryable, and tenant-isolated ledger of every business-critical action. Building this correctly—with cursor pagination, JSON diffs, and strict data isolation—takes months of engineering.
The Solution: Immutable, Structured Truth
The Launch Rail Audit Log service is a standalone, production-ready engine designed strictly for compliance, debugging, and operational transparency. It exposes a ConnectRPC gRPC/JSON API, meaning you get perfectly typed REST and gRPC endpoints out of the box.
Core Architectural Capabilities
Engineered for extreme data throughput, deep queryability, and uncompromising tenant isolation.
Native Multi-Tenancy
Tenant isolation is enforced at the service and repository layer. The tenant_id is a strictly mandatory parameter for all list requests, guaranteeing that an admin can only retrieve logs belonging to their specific organization.
Structured Diffs (ChangeSets)
Stop guessing what a user updated. The service captures a precise ChangeSet in a PostgreSQL JSONB column. It natively records the old_value, the new_value, and an array of exactly which changed_fields were modified.
High-Performance Ingestion
Write single events synchronously for low-volume actions, or publish and consume massive batches asynchronously via Watermill NATS integration.
Lightning-Fast Queries
Built on a partitioned PostgreSQL table keyed by (occurred_at, id) to handle immense data volume. Uses cursor-based pagination encoding the exact microsecond timestamp and event UUID.
Built for High Throughput
A clean, stateless architecture that scales horizontally. Decoupled inputs and outputs ensure zero-downtime operations.
REST / gRPC
ConnectRPC Gateway
MCP Server
AI Agent Interface
Service Logic
Domain Engine
PostgreSQL
ACID Compliant Storage
NATS / CloudEvents
Async Broadcasting
Deep Observability & Context
Every event is more than just a log; it is a fully contextualized snapshot of your distributed system.
Traceability
Every recorded action captures the OpenTelemetry trace_id, the request correlation_id, and the source_service (e.g., 'schedule-service').
Actor & Resource Context
Precisely track the Actor (User, System, Service, or API Key) including their IP address, User-Agent, and a snapshot of their display name. Link actions to polymorphic ResourceRef objects.
Pre-Instrumented
The h2c server ships with native OTLP tracing, instrumented pgx database connections, and structured slog logging.
Implementation Examples
Developer-first by design. Access full-featured gRPC, REST, and MCP endpoints out of the box. Our services use ConnectRPC for lightweight, production-grade communication.
The Launch Rail Ecosystem Advantage
While the Audit Log service works perfectly as a standalone drop-in for your existing architecture, its true power is unlocked when combined with the rest of Launch Rail.
Pre-Integrated by Default: If you purchase the complete Launch Rail ecosystem, the Audit Log service is already deeply integrated. From day one, every role change in the Identity service, every permission check in the Authz service, and every orchestration event in the Notifications service is automatically routed, batched, and stored here.
Manage your infrastructure from the Terminal.
One-command provisioning
Create users, tenants, and roles without touching the UI.
Secure Key Management
Easily rotate API keys and manage workspace secrets.
Environment Sync
Synchronize permissions across staging and production.
AI Agents Talk to Audit Log Natively
Every Launch Rail service ships with a built-in MCP server. Your AI agents can discover tools, read resources, and execute actions—no wrappers, no custom integrations.
MCP Tools
Actions agents can execute
record_eventLog a structured audit event with actor, resource, and changeset
query_eventsSearch audit trail by actor, resource, action, or time range
get_event_diffRetrieve structured before/after changeset for a specific event
MCP Resources
Data agents can read
audit://events/{id}Full event record with actor context, diffs, and trace IDs
audit://tenants/{id}/timelineChronological audit trail for a tenant with cursor pagination
audit://actors/{id}/activityAll actions performed by a specific actor across resources
In Practice
What this looks like
“Show me all permission changes made by admin@acme.com in the last 24 hours”
Calls query_events with actor filter and time range → returns 3 role-change events → each includes structured diffs showing old_value → new_value with exact changed_fields.
Build vs. Buy Launch Rail
Why spend 4 months building table structures and plumbing when you can start shipping features tomorrow?
Build it Yourself
The "Not Invented Here" approach
Diving into low-level plumbing means your engineers aren't building your core product features. You risk security vulnerabilities and maintenance debt.
Buy Launch Rail
The "Speed of Light" approach
Get the source code, deploy it in minutes, and focus on what makes your business unique. Zero technical debt, enterprise-ready from day one.
| Feature Comparison | Self-Built | Launch Rail |
|---|---|---|
| Partitioned PostgreSQL | ||
| JSONB Content Diffs | ||
| Watermill NATS Ingestion | ||
| Cursor-based API | ||
| Strict Multi-tenancy | ||
| Native MCP Support |
Real-World Value: Audit Log in Action
See how teams across industries use Audit Log to ship faster, reduce costs, and deliver enterprise-grade experiences from day one.
SOC2 & PCI-DSS Compliance Trails
Every permission change, data access, and configuration update is immutably recorded with actor IP, user-agent, and OpenTelemetry trace IDs. Auditors query structured data, not messy logs.
HIPAA Access Logging
Track exactly who accessed patient records, when, from which device, and what they changed. Structured diffs provide court-admissible evidence of data handling compliance.
Incident Response & Forensics
When a breach occurs, correlate audit events using trace_id and correlation_id across your entire microservice mesh. Pinpoint the exact sequence of actions that led to unauthorized access.
Customer-Facing Activity Feeds
Expose a tenant-isolated activity log in your UI. Show customers who changed their billing plan, who invited a team member, and who modified a critical configuration—building trust and transparency.
Why Buy the License? (The ROI)
Passing a SOC2 compliance audit requires a rock-solid audit trail. Building a partitioned PostgreSQL architecture with strict tenant isolation, SQLC-generated types, and full gRPC/REST APIs takes a specialized engineering team.
Buy the Launch Rail Audit Log module today and get the complete, Go source code.
Zero SaaS Fees
No per-event ingestion fees. Ever.
Complete Ownership
Full data ownership for strict security compliance.
Docker Ready
Deploy to your own infra via provided Docker images & migrations.
Ready to secure your audit trails?
Common Questions & Answers
Everything you need to know about integrating and hosting this Launch Rail service.