dereuromark / cakephp-audit-stash
Flexible and rock solid audit log tracking plugin for cakephp
Maintainers
Package info
github.com/dereuromark/cakephp-audit-stash
Type:cakephp-plugin
pkg:composer/dereuromark/cakephp-audit-stash
Requires
- php: >=8.2
- ext-json: *
- cakephp/orm: ^5.3.0
- sebastian/diff: ^6.0 || ^7.0 || ^8.0
Requires (Dev)
- cakephp/cakephp: ^5.3.0
- cakephp/elastic-search: ^4.0.0 || ^5.0.0
- cakephp/migrations: ^5.0.0
- dereuromark/cakephp-templating: ^0.2.7
- php-collective/code-sniffer: dev-master
- phpunit/phpunit: ^11.5 || ^12.1 || ^13.0
Suggests
- cakephp/elastic-search: Optional Elasticsearch persister for high-volume audit log storage
- jfcherng/php-diff: For enhanced word-level diff rendering in AuditHelper (falls back to sebastian/diff if not installed)
- dev-master
- 2.0.1
- 2.0.0
- 1.2.3
- 1.2.2
- 1.2.1
- 1.2.0
- 1.1.1
- 1.1.0
- 1.0.1
- 1.0.0
- 0.3.12
- 0.3.11
- 0.3.10
- 0.3.9
- 0.3.8
- 0.3.7
- 0.3.6
- 0.3.5
- 0.3.4
- 0.3.3
- 0.3.2
- 0.3.1
- 0.3.0
- 0.2.0
- 0.1.0
- dev-fix-phpcs-after-sniffer-update
- dev-fix-savemany-no-audit
- dev-fix-deletemany-duplicate-audit
- dev-audit-stash-static-analysis-fix
- dev-rector-cleanup-20260524
This package is auto-updated.
Last update: 2026-05-27 16:28:35 UTC
README
This branch is for CakePHP 5.3+. See version map for details.
Audit-trail plugin: records every create / update / delete on your Table classes, together with who made the change and from which request.
Features
- Entity audit trail — single behavior captures changed fields, before/after values, user, and request context.
- Tamper-evidence — optional SHA-256 hash chain for GoBD / SOX / HIPAA-grade integrity, verifiable via CLI.
- Admin viewer — built-in dashboard, coverage report, search, diffs, timeline, and CSV/JSON export under
/admin/audit-stash. - Monitoring & alerting — rules for mass-deletion and off-hours activity, notifications via email, webhook, or log channel.
- Retention & cleanup — per-table retention policies and a dry-run-friendly cleanup CLI.
- GDPR helpers — redaction and subject-access-export tooling.
- Custom event types — log arbitrary actions (logins, exports, permission grants) through the same persister and viewer.
- Flexible storage — database persister out of the box, optional Elasticsearch driver, or plug in your own.
Installation
composer require dereuromark/cakephp-audit-stash bin/cake plugin load AuditStash bin/cake migrations migrate -p AuditStash
Then enable the behavior on any Table you want tracked — see the Getting Started guide for the full walkthrough.
Documentation
Full docs: https://dereuromark.github.io/cakephp-audit-stash/
- Getting Started — installation, behavior setup, request metadata
- Configuration — persisters, table list, route prefix
- Usage — behavior options, custom events, custom persisters
- Testing —
AuditAssertionsTraitfor your own test suite - Features overview — viewer, monitoring, retention, tamper-evidence, GDPR
Demo
https://sandbox.dereuromark.de/sandbox/audit-stash
Related Plugins
If you need to moderate or approve changes before they happen (rather than auditing them after), check out the Bouncer plugin. AuditStash records what already changed; Bouncer gates changes before they're persisted.