Audit Logging
grlx records every significant action performed through the farmer in an append-only audit log. Each entry captures who did what, when, on which target, and whether it succeeded.
What Gets Logged
Section titled “What Gets Logged”- Recipe executions (
cook) - Command dispatch (
cmd.run) - SSH sessions
- Key accept and reject operations
- Configuration changes
Each entry includes:
| Field | Description |
|---|---|
| Timestamp | When the action occurred |
| Username | The authenticated user who acted |
| Action | The type of operation |
| Target | The sprout or cohort affected |
| Result | Success or failure with detail |
Storage
Section titled “Storage”Audit logs are stored as JSONL (one JSON object per line) in the farmer’s data directory, partitioned by date. This makes them easy to process with standard tools like jq, grep, or any log aggregation system.
CLI Commands
Section titled “CLI Commands”List available dates
Section titled “List available dates”grlx audit datesShows all dates that have audit log entries, along with entry counts and file sizes.
Query audit entries
Section titled “Query audit entries”# All entries for todaygrlx audit list
# Filter by dategrlx audit list --date 2026-03-15
# Filter by action typegrlx audit list --action cook
# Filter by usergrlx audit list --pubkey UABC...XYZ
# Show only failuresgrlx audit list --failed
# Limit resultsgrlx audit list --limit 50JSON output
Section titled “JSON output”grlx audit list --out jsonAPI Access
Section titled “API Access”The audit log is also available through the farmer’s API at GET /api/v1/audit, supporting the same query parameters as the CLI. This endpoint requires at least view permission.