---
id: add-audit-log-context
name: Add Session and Org Context to Audit Logs
status: completed
depends_on: []
scope: narrow
risk: low
impact: component
level: implementation
---

## Description

W12: `audit_logs` has `ownerId` and `keyId` but no `sessionId` or `orgId`. For LLM accounts in sessions, session correlation is a traceability gap. Multi-tenant auditing requires org filtering.

Add `sessionId` (nullable FK → sessions.id, SET NULL) and `orgId` (nullable FK → organizations.id, SET NULL) to the `audit_logs` table spec. Expand `action` types to cover account, membership, and organization lifecycle events, or document the `action` enum as extensible.

## Acceptance Criteria

- [ ] `identity.md` audit_logs table includes nullable `sessionId` and `orgId` columns
- [ ] FK cascade behavior documented (SET NULL for both)
- [ ] `table-reference.md` cascade table includes the two new FK entries
- [ ] `action` enum either expanded with lifecycle event types or documented as extensible
- [ ] `table-reference.md` enum section updated

## References

- docs/reviews/storage-architecture-review-2026-04-21.md#W12
- docs/architecture/storage/identity.md:103-117

## Notes

> To be filled by implementation agent

## Summary

> To be filled on completion