Moonborn — Developers

Audit log export

Export the hash-chained audit log as a signed archive. Verify the chain offline; archive in your own retention system.

The audit log is hash-chained and immutable. Export it for offline archival in your retention system; verify the chain hasn't been tampered with.

Request an export

const exportJob = await client.audit.requestExport({
  workspaceId: 'ws_...',
  range: { from: '2026-01-01', to: '2026-12-31' },
  format: 'jsonl',
});
 
console.log(exportJob.id); // poll for status

format: jsonl (default), csv, parquet.

Poll for completion

let status = exportJob.status;
while (status === 'pending' || status === 'running') {
  await new Promise((r) => setTimeout(r, 5000));
  const fresh = await client.audit.getExport({ id: exportJob.id });
  status = fresh.status;
  if (status === 'ready') {
    console.log(fresh.downloadUrl); // signed S3 URL, valid 24h
    console.log(fresh.sha256);      // archive checksum
    console.log(fresh.chainSeed);   // hash chain root for verification
  }
}

Verify the chain offline

import { createHash } from 'node:crypto';
 
let expected = exportJob.chainSeed;
for (const event of events) {
  const computed = createHash('sha256')
    .update(JSON.stringify(event.payload) + expected)
    .digest('hex');
  if (computed !== event.hash) {
    throw new Error(`Tamper at event ${event.id}`);
  }
  expected = event.hash;
}

If verification passes, your archive is provably untouched.

Retention

Export artifacts are kept 30 days, then deleted from Moonborn-side storage. Download to your own system within the grace window.

Scope

Workspace-scoped by default. Org-wide exports require the owner role and an explicit orgWide: true flag.

Tier