audit-v1-permission-adapter-allowtimestampExample: 2026-06-10T09:00:00.000ZsourceModule: permission-adapter-preview · actorRole: Owner · actorType: owneractionType: read · targetResource: local permission adapter preview matrixdecision: allow · severity: low · auditRequired: trueevidenceType: permission-decision · evidenceSummary: Permission adapter allow event shows owner read access to a synthetic Restaurant SaaS settings preview.correlationId: corr-audit-timeline-001 · redactionApplied: falsetenantId: tenant_demo_local_a · restaurantId: restaurant_demo_pomegranate · branchId: branch_demo_mainsafetyNotes: Typed local example only; no permission grant is created.
allowlow
audit-v1-permission-adapter-denytimestampExample: 2026-06-10T09:01:00.000ZsourceModule: permission-adapter-preview · actorRole: Cashier · actorType: cashieractionType: deny · targetResource: owner billing settings previewdecision: deny · severity: high · auditRequired: trueevidenceType: permission-decision · evidenceSummary: Permission adapter deny event blocks cashier access to synthetic owner-only billing controls.correlationId: corr-audit-timeline-002 · redactionApplied: truetenantId: tenant_demo_local_a · restaurantId: restaurant_demo_pomegranate · branchId: branch_demo_mainsafetyNotes: Deny example is visual-only and does not modify auth, RBAC or backend middleware.
denyhighreview
audit-v1-owner-admin-matrix-visibilitytimestampExample: 2026-06-10T09:02:00.000ZsourceModule: owner-admin-permission-matrix · actorRole: Admin · actorType: adminactionType: read · targetResource: owner/admin permission matrix visibility previewdecision: allow · severity: medium · auditRequired: trueevidenceType: permission-decision · evidenceSummary: Owner/Admin permission matrix visibility event proves synthetic module visibility is documented for admin review.correlationId: corr-audit-timeline-003 · redactionApplied: falsetenantId: tenant_demo_local_a · restaurantId: restaurant_demo_pomegranate · branchId: branch_demo_mainsafetyNotes: Matrix is read-only and does not create real role assignments.
allowmedium
audit-v1-same-branch-allowtimestampExample: 2026-06-10T09:03:00.000ZsourceModule: tenant-branch-scope-guard · actorRole: Manager · actorType: manageractionType: read · targetResource: same-branch order queue previewdecision: allow · severity: low · auditRequired: trueevidenceType: scope-guard · evidenceSummary: Tenant/branch same-branch allow event keeps manager reads inside matching tenantId, restaurantId and branchId.correlationId: corr-audit-timeline-004 · redactionApplied: falsetenantId: tenant_demo_local_a · restaurantId: restaurant_demo_pomegranate · branchId: branch_demo_mainsafetyNotes: Static scope guard example only; no real orders or branch data are loaded.
allowlow
audit-v1-cross-branch-denytimestampExample: 2026-06-10T09:04:00.000ZsourceModule: tenant-branch-scope-guard · actorRole: Waiter · actorType: waiteractionType: deny · targetResource: different branch table assignment previewdecision: deny · severity: high · auditRequired: trueevidenceType: scope-guard · evidenceSummary: Tenant/branch cross-branch deny event blocks waiter reads outside the synthetic assigned branch.correlationId: corr-audit-timeline-005 · redactionApplied: truetenantId: tenant_demo_local_a · restaurantId: restaurant_demo_pomegranate · branchId: branch_demo_cross_branchsafetyNotes: Deny is local preview evidence and does not create real branch restrictions.
denyhighreview
audit-v1-cross-tenant-denytimestampExample: 2026-06-10T09:05:00.000ZsourceModule: tenant-branch-scope-guard · actorRole: Courier · actorType: courieractionType: deny · targetResource: different tenant delivery route previewdecision: deny · severity: critical · auditRequired: trueevidenceType: scope-guard · evidenceSummary: Cross-tenant deny event prevents synthetic courier access to another tenant's delivery route metadata.correlationId: corr-audit-timeline-006 · redactionApplied: truetenantId: tenant_demo_foreign_blocked · restaurantId: restaurant_demo_other · branchId: branch_demo_othersafetyNotes: No cross-tenant payload is read; the blocked record is a static example.
denycriticalreview
audit-v1-sensitive-data-redactiontimestampExample: 2026-06-10T09:06:00.000ZsourceModule: sensitive-data-redaction · actorRole: Admin · actorType: adminactionType: redact · targetResource: customer contact placeholder previewdecision: redact · severity: high · auditRequired: trueevidenceType: redaction-proof · evidenceSummary: Sensitive data redaction event masks synthetic customer contact fields before display.correlationId: corr-audit-timeline-007 · redactionApplied: truetenantId: tenant_demo_local_a · restaurantId: restaurant_demo_pomegranate · branchId: branch_demo_mainsafetyNotes: Uses placeholder redacted values only; no real customer data exists in this preview.
redacthighreview
audit-v1-secret-reveal-deniedtimestampExample: 2026-06-10T09:07:00.000ZsourceModule: sensitive-data-redaction · actorRole: Owner · actorType: owneractionType: block · targetResource: runtime secret placeholder revealdecision: block · severity: critical · auditRequired: trueevidenceType: safety-block · evidenceSummary: Secret reveal denied event blocks any reveal workflow and keeps placeholder secret material fully hidden.correlationId: corr-audit-timeline-008 · redactionApplied: truetenantId: tenant_demo_local_a · restaurantId: restaurant_demo_pomegranate · branchId: branch_demo_mainsafetyNotes: No raw secrets, environment files or reveal actions are included.
blockcriticalreview
audit-v1-pos-manager-approval-requiredtimestampExample: 2026-06-10T09:08:00.000ZsourceModule: pos-manager-approval · actorRole: Cashier · actorType: cashieractionType: block · targetResource: POS void order action previewdecision: block · severity: high · auditRequired: trueevidenceType: approval-log · evidenceSummary: POS manager approval required event blocks a synthetic risky cashier action until manager approval is present.correlationId: corr-audit-timeline-009 · redactionApplied: falsetenantId: tenant_demo_local_a · restaurantId: restaurant_demo_pomegranate · branchId: branch_demo_mainsafetyNotes: No real POS order, payment or approval record is created.
blockhighreview
audit-v1-pos-approval-audit-recordedtimestampExample: 2026-06-10T09:09:00.000ZsourceModule: pos-approval-audit · actorRole: Manager · actorType: manageractionType: approve · targetResource: POS discount approval previewdecision: allow · severity: medium · auditRequired: trueevidenceType: approval-log · evidenceSummary: POS approval audit recorded event shows synthetic approval evidence for a manager-approved discount action.correlationId: corr-audit-timeline-010 · redactionApplied: falsetenantId: tenant_demo_local_a · restaurantId: restaurant_demo_pomegranate · branchId: branch_demo_mainsafetyNotes: Approval log is preview data only and is not persisted to a backend.
allowmedium
audit-v1-public-receipt-redactiontimestampExample: 2026-06-10T09:10:00.000ZsourceModule: public-receipt-redaction · actorRole: System Receipt Renderer · actorType: systemactionType: redact · targetResource: public receipt payload previewdecision: redact · severity: high · auditRequired: trueevidenceType: redaction-proof · evidenceSummary: Public receipt redaction event hides internal ids, provider targets and raw contact placeholders in customer-facing output.correlationId: corr-audit-timeline-011 · redactionApplied: truetenantId: tenant_demo_local_a · restaurantId: restaurant_demo_pomegranate · branchId: branch_demo_mainsafetyNotes: Synthetic receipt evidence only; no receipt link, provider send or customer record is generated.
redacthighreview
audit-v1-customer-consent-ledgertimestampExample: 2026-06-10T09:11:00.000ZsourceModule: customer-consent-ledger · actorRole: System Consent Gate · actorType: systemactionType: read · targetResource: customer consent ledger previewdecision: allow · severity: medium · auditRequired: trueevidenceType: permission-decision · evidenceSummary: Customer consent ledger event confirms synthetic consent state is checked before notification send decisions.correlationId: corr-audit-timeline-012 · redactionApplied: truetenantId: tenant_demo_local_a · restaurantId: restaurant_demo_pomegranate · branchId: branch_demo_mainsafetyNotes: No real customer consent ledger entry is created or modified.
allowmedium
audit-v1-provider-command-safety-blockedtimestampExample: 2026-06-10T09:12:00.000ZsourceModule: provider-command-safety · actorRole: System Provider Guard · actorType: systemactionType: block · targetResource: external provider command previewdecision: block · severity: critical · auditRequired: trueevidenceType: safety-block · evidenceSummary: Provider command safety blocked event prevents synthetic provider command execution during QA preview.correlationId: corr-audit-timeline-013 · redactionApplied: truetenantId: tenant_demo_local_a · restaurantId: restaurant_demo_pomegranate · branchId: branch_demo_mainsafetyNotes: No provider API call, credential or outbound command is used.
blockcriticalreview
audit-v1-service-kill-switchtimestampExample: 2026-06-10T09:13:00.000ZsourceModule: service-kill-switch · actorRole: Owner · actorType: owneractionType: block · targetResource: optional notification provider previewdecision: block · severity: high · auditRequired: trueevidenceType: safety-block · evidenceSummary: Service kill-switch event shows an optional external provider remaining disabled while LAN authority continues.correlationId: corr-audit-timeline-014 · redactionApplied: falsetenantId: tenant_demo_local_a · restaurantId: restaurant_demo_pomegranate · branchId: branch_demo_mainsafetyNotes: Local preview only; it does not toggle any real service.
blockhighreview
audit-v1-qa-script-pass-markertimestampExample: 2026-06-10T09:14:00.000ZsourceModule: audit-evidence-timeline-qa-script · actorRole: Local QA Script · actorType: qaactionType: qa-pass · targetResource: scripts/qa/run-mupza-audit-evidence-timeline-preview-v1.ps1decision: pass · severity: low · auditRequired: trueevidenceType: qa-marker · evidenceSummary: QA script PASS marker event records local validation coverage for files, fields, examples and safety exclusions.correlationId: corr-audit-timeline-015 · redactionApplied: falsetenantId: tenant_demo_local_a · restaurantId: restaurant_demo_pomegranate · branchId: branch_demo_mainsafetyNotes: PASS evidence is local QA only and not deployment evidence.
passlow
audit-v1-build-typecheck-lint-passtimestampExample: 2026-06-10T09:15:00.000ZsourceModule: frontend-local-validation · actorRole: Local Build Checker · actorType: qaactionType: build-pass · targetResource: npm run typecheck; npm run lint --if-present; npm run builddecision: pass · severity: low · auditRequired: trueevidenceType: build-output · evidenceSummary: Build/typecheck/lint PASS event represents local validation output only, not staging or production deployment evidence.correlationId: corr-audit-timeline-016 · redactionApplied: falsetenantId: tenant_demo_local_a · restaurantId: restaurant_demo_pomegranate · branchId: branch_demo_mainsafetyNotes: Local command evidence only; no deploy, staging, SSH or Docker command is part of this preview.
passlow