Skip to main content
Use this playbook when an AI agent is modifying a codebase.

1. Find the committed action

Locate the server-side function that performs the business change. Do not record evidence before the change commits. Good examples:
  • member removed from organization
  • user role changed
  • invoice paid
  • policy accepted
  • data export requested

2. Add or reuse a Lodger client

Create one shared server-side client: 
import { Lodger } from "@lodger/sdk"

export const lodger = new Lodger({
  apiKey: process.env.LODGER_API_KEY!,
  workspaceId: process.env.LODGER_WORKSPACE_ID!,
  projectId: "core",
  environment: process.env.NODE_ENV,
})

3. Record the event

Use a stable action name, structured actor, structured target, and reviewable metadata. 
await lodger.event(
  "organization.member.removed",
  {
    actor: { id: user.id, type: "user", email: user.email },
    target: { id: member.id, type: "organization_member" },
    metadata: {
      organizationId: organization.id,
      reason,
    },
  },
  {
    idempotencyKey: `member_removed_${member.id}_${requestId}`,
    request: { requestId, sessionId },
  }
)

4. Preserve the receipt

If the application has a durable row for the action, store the returned receipt ID. If there is no durable row, log it to the internal operation result or return it to the caller that owns persistence.

5. Check failure behavior

Decide whether an audit write failure should block the user action. For high-risk compliance flows, fail closed. For low-risk activity trails, record the error in application telemetry and retry with the same idempotency key.

6. Keep scope narrow

Do not add Lodger calls to every log statement. Lodger is for audit evidence, not debug logging.