Add compliance audit log export endpoint for regulatory reporting

[robertocarlous]

Summary

Financial platforms are subject to AML/KYC and data-residency regulations that require producing a verifiable, tamper-evident audit trail on demand. Currently, audit log data exists in the database but there is no export mechanism for regulators or internal compliance teams.

Proposed Solution

Add GET /api/admin/audit-log/export endpoint:

Query params: from, to (ISO 8601), userId (optional), eventType (optional), format=json|csv

Response fields per record:
eventId, occurredAt, userId, adminKeyId, eventType, ipAddress, userAgent, requestId (correlation ID), metadata (JSONB)

Tamper-evidence:

• Each exported batch includes an HMAC-SHA256 digest of the full payload, signed with a dedicated AUDIT_EXPORT_SECRET
• Recipients can verify the digest to confirm the export has not been modified

Access control:

• Requires admin key with super scope
• Every export request is itself logged to the audit log (who exported, what range)
• Exports rate-limited to 5 per hour per admin key

Acceptance Criteria

• Export endpoint returns JSON and CSV formats
• HMAC digest included in response header X-Audit-Digest
• Export action itself recorded in audit log
• Date range enforced: max 90-day window per request
• Integration test verifies digest integrity (tamper a record, assert digest mismatch)
• AUDIT_EXPORT_SECRET documented in .env.example
• Endpoint documented in docs/API_REFERENCE.md

[Glam26]

I'd like to take this issue.

I've contributed to similar features in the past, delivering production-ready implementations with a strong focus on maintainability, test coverage, and consistency with existing architecture. I take time to understand the project's patterns before making changes, which helps keep reviews straightforward and minimizes regressions.

I'll provide a clean implementation, comprehensive tests, and clear documentation where applicable, ensuring the final solution integrates seamlessly with the rest of the codebase.

[Glam26]

I'd like to take this issue.

I've contributed to similar features in the past, delivering production-ready implementations with a strong focus on maintainability, test coverage, and consistency with existing architecture. I take time to understand the project's patterns before making changes, which helps keep reviews straightforward and minimizes regressions.

I'll provide a clean implementation, comprehensive tests, and clear documentation where applicable, ensuring the final solution integrates seamlessly with the rest of the codebase.

[Glam26]

I'd like to take this issue.

I've contributed to similar features in the past, delivering production-ready implementations with a strong focus on maintainability, test coverage, and consistency with existing architecture. I take time to understand the project's patterns before making changes, which helps keep reviews straightforward and minimizes regressions.

I'll provide a clean implementation, comprehensive tests, and clear documentation where applicable, ensuring the final solution integrates seamlessly with the rest of the codebase.

[Glam26]

I'd like to take this issue.

I've contributed to similar features in the past, delivering production-ready implementations with a strong focus on maintainability, test coverage, and consistency with existing architecture. I take time to understand the project's patterns before making changes, which helps keep reviews straightforward and minimizes regressions.

I'll provide a clean implementation, comprehensive tests, and clear documentation where applicable, ensuring the final solution integrates seamlessly with the rest of the codebase.

[Adiz4415]

I would love to work on this issue, please assign the issues to me so i Can work on it ASAP

[gloskull]

Hi, I’d love to work on this issue. I have 4 years of experience across backend, frontend, full-stack, and smart contract development. I understand the task clearly and can deliver a clean, efficient, well-tested solution on time, with strong focus on code quality and maintainability. My PR will be submitted in under 10 hours.

[Escelit]

@Escelit has applied to work on this issue as part of the Stellar Wave Program's 6th wave.

I can work on this please assign me

ℹ️ Repo Maintainers: To accept this application, review their application or assign @Escelit to this issue.