Feature — Audit Log
Better Auth Infrastructure (their paid cloud product) ships audit logs, but you can build a lightweight version yourself that's good enough for self-hosted v0.2.
Why it matters for open source
Self-hosters deploying this as a real auth server need visibility: who logged in when, from where, which admin did what. It's also a common compliance ask (SOC2, GDPR access logs).
Minimal schema addition (Drizzle)
export const auditLog = pgTable('audit_log', {
id: text('id').primaryKey().$defaultFn(() => generateId()),
userId: text('user_id').references(() => user.id, { onDelete: 'set null' }),
action: text('action').notNull(), // 'sign_in' | 'sign_out' | 'admin.ban_user' | 'admin.delete_user' | etc.
ipAddress: text('ip_address'),
userAgent: text('user_agent'),
metadata: jsonb('metadata'),
createdAt: timestamp('created_at').notNull().defaultNow(),
})Hook points
Better Auth exposes hooks in the config:
export const auth = betterAuth({
hooks: {
after: [
{ matcher: (ctx) => ctx.path === '/sign-in/email', handler: async (ctx) => {
// log successful sign-in
}},
],
},
})Admin panel integration
Add an "Audit Log" tab to the existing admin panel table UI. Filterable by user, action type, and date range.
Scope for v0.2
Feature — Audit Log
Better Auth Infrastructure (their paid cloud product) ships audit logs, but you can build a lightweight version yourself that's good enough for self-hosted v0.2.
Why it matters for open source
Self-hosters deploying this as a real auth server need visibility: who logged in when, from where, which admin did what. It's also a common compliance ask (SOC2, GDPR access logs).
Minimal schema addition (Drizzle)
Hook points
Better Auth exposes
hooksin the config:Admin panel integration
Add an "Audit Log" tab to the existing admin panel table UI. Filterable by user, action type, and date range.
Scope for v0.2