Omnigraph Atlas Omnigraph's documentation, bound to its Rust workspace
79 documents
docs/user/operations/audit.md

Explains that every write records who made it: the actor id is persisted on the graph commit, making commit history an audit trail. Actor resolution differs by front end — the HTTP server derives it server-side from the bearer token (clients cannot set it), while CLI/embedded self-declares through --as → operator.actor in ~/.omnigraph/config.yaml → none. You read the trail with `omnigraph commit list`, and system-initiated writes use reserved actor ids (automatic recovery records omnigraph:recovery, filterable via --filter actor=omnigraph:recovery) so machine repairs are distinguishable from operator changes. Read when you need to attribute graph changes to actors, inspect commit history, or distinguish system-initiated writes from operator ones.

Audit & Actor Tracking

Every write in OmniGraph records who made it. The actor id is persisted on the graph commit, so the commit history is an audit trail of which actor changed the graph and when.

Where the actor comes from

The actor is resolved differently depending on the front end, but it always lands on the commit:

  • HTTP server — the actor is resolved server-side from the bearer token. A client cannot set its own actor id; it is derived from the authenticated token. See policy for how tokens map to actors.

  • CLI / embedded — the actor is self-declared through one resolution chain:

    1. --as <actor> on the command,
    2. then operator.actor in ~/.omnigraph/config.yaml (see the CLI reference),
    3. otherwise none.

This difference is intentional: storage credentials imply a self-declared actor, while a server resolves the actor from a token it trusts.

Reading the audit trail

Actor ids are stored on each commit in the commit graph. List commits to see who made each change:

omnigraph commit list graph.omni

System-initiated writes use reserved actor ids — for example, automatic recovery of an interrupted write records omnigraph:recovery, so operator changes and machine repairs are distinguishable in the history:

omnigraph commit list --filter actor=omnigraph:recovery graph.omni

What is tracked

Every successful publish — load, change, branch merge, and schema apply — appends a commit carrying the resolving actor. Because publishes are atomic, the actor on a commit is exactly the actor responsible for that whole change.