For platform admins

System

Audit log

Every mutation traces back to an actor + entity + timestamp.

/admin/audit is searchable by entity (offering, tenant, user, booking, …), actor (user id or "system:<reason>"), tenant, and date range. Every admin and provider mutation writes an AuditLog row with the before / after snapshot when available.

Audit rows are append-only. Use them to investigate "who changed this when" — never deleted, even if the entity is.