# mage-os/module-admin-activity-log

> The Admin Activity extension makes it easy to track all admin activity with comprehensive audit logging.

`composer require mage-os/module-admin-activity-log`

Canonical URL: https://packagento.com/mage-os/module-admin-activity-log

## At a glance

- **Vendor**: mage-os (https://packagento.com/mage-os.md)
- **Latest version**: 2.0.1 — released 2026-05-19
- **Pricing**: Free
- **Package type**: Magento 2 module
- **Status**: active, accepting new buyers

## Installation

Packagento is licence-gated, so even free packages need a licence on a project before Composer can resolve them.

1. **Sign in or create an account** at https://packagento.com/customer/account/.

2. **Add the package to your account.** Open https://packagento.com/mage-os/module-admin-activity-log and complete the free checkout. A licence is minted automatically.

3. **Create or pick a project, then activate the licence on it.**
   - Projects represent the Magento installs you deploy to. Manage them at https://packagento.com/projects/.
   - Activate the new licence on the project you'll deploy this package to. Activation is what generates the Composer credentials scoped to that project.

4. **Add the project credentials to your Magento codebase.**

   Grab the project's public + private key from https://packagento.com/projects/ (open the project, then its Credentials tab), and add them to `auth.json`:

   ```json
   {
     "http-basic": {
       "packagento.com": {
         "username": "ppk_live_...",
         "password": "psk_live_..."
       }
     }
   }
   ```

   Add the Packagento Composer repository to `composer.json`:

   ```json
   {
     "repositories": [
       { "type": "composer", "url": "https://packagento.com" }
     ]
   }
   ```

5. **Install and apply.**

   ```bash
   composer require mage-os/module-admin-activity-log:*
   bin/magento setup:upgrade
   bin/magento setup:di:compile
   bin/magento cache:flush
   ```

## What it does

The Admin Activity extension makes it easy to track all admin activity with comprehensive audit logging.

## README

[![Latest Stable Version](https://poser.pugx.org/mage-os/module-admin-activity-log/v/stable)](https://packagist.org/packages/mage-os/module-admin-activity-log)
[![License](https://poser.pugx.org/mage-os/module-admin-activity-log/license)](https://packagist.org/packages/mage-os/module-admin-activity-log)
[![Total Downloads](https://poser.pugx.org/mage-os/module-admin-activity-log/downloads)](https://packagist.org/packages/mage-os/module-admin-activity-log)

A comprehensive admin activity logging extension for Mage-OS and Magento 2 that provides complete audit trails for
administrative actions, login attempts, and page visits.

Huge thanks to KiwiCommerce for publishing this extension, and for their support and contributions. This extension is a 
fork of the original [Magento Admin Activity Log](https://github.com/kiwicommerce/magento2-admin-activity) by KiwiCommerce.

### ✨ Key Features

- **Admin Action Logging**: Track all admin activities including add, edit, delete, print, view, and mass update operations
- **Login Monitoring**: Record successful and failed login attempts with detailed information
- **Field-Level Changes**: Track specific field modifications with before/after values
- **IP Address Logging**: Capture IP addresses and user agent information for security analysis
- **Extensible Configuration**: Customize tracked entities and skip fields via XML configuration

### 📋 Requirements

| Component | Version |
|-----------|---------|
| **Magento Open Source** | 2.4.x |
| **Mage-OS** | 1.0+ |
| **PHP** | 8.1+ |

### 🚀 Installation

```bash
composer require mage-os/module-admin-activity-log
php bin/magento setup:upgrade
```

### ⚙️ Configuration

#### Basic Configuration

Navigate to **Stores → Configuration → Advanced → Admin → Admin Activity**

##### General Settings
- **Enable Admin Activity Logs**: Enable/disable the extension
- **Record Login Activity**: Track login and logout activities
- **Record Page Visits**: Monitor admin page navigation
- **Clear Admin Activity Logs After**: Set how many days to keep logs (default: 90 days)

### 📖 Usage Guide

#### Viewing Activity Logs

Navigate to **System → Admin Activity → Admin Activity Logs**

Click View on any log entry to see detailed info.

#### Login Activity Monitoring

Go to **System → Admin Activity → Admin Login Logs**

### Architecture

The module is built around interface-driven services for clean extensibility:

| Interface | Description |
|-----------|-------------|
| `ActivityConfigInterface` | Configuration settings (enabled state, log retention) |
| `FieldTrackerInterface` | Tracks field-level changes with before/after values |
| `ModelResolverInterface` | Resolves and loads models for activity logging |
| `ActivityRepositoryInterface` | CRUD operations for activity log entries |
| `LoginRepositoryInterface` | CRUD operations for login log entries |

All interfaces are marked `@api` and can be customized via DI preferences.

### Extensibility

#### Customizing Tracked Entities

The module uses `adminactivity.xml` to define which entities are tracked and which fields are skipped during logging.
Third-party modules can extend this configuration by creating their own `etc/adminactivity.xml` file.

Example configuration to add a custom entity:

```xml
<?xml version="1.0"?>
<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
        xsi:noNamespaceSchemaLocation="urn:magento:module:MageOS_AdminActivityLog:etc/adminactivity.xsd">
    <modules>
        <module name="customer_group">
            <label translate="true">Customer Group</label>
            <models>
                <class name="Magento\Customer\Model\Group" />
            </models>
            <events>
                <event controller_action="customer_group_save" action_alias="save" />
                <event controller_action="customer_group_delete" action_alias="delete" />
            </events>
            <config>
                <skip_fields>
                    <field>customer_group_id</field>
                    <field>check_if_is_new</field>
                </skip_fields>
                <configpath constant="MODULE_CUSTOMER" />
                <editurl url="{{module}}/{{controller}}/edit/id/{{id}}" />
                <itemfield field="customer_group_code" />
            </config>
        </module>
    </modules>
</config>
```

#### Skip Fields

To exclude specific fields from being logged (e.g., timestamps, internal IDs), add them to the `skip_fields` node for the relevant module in your `adminactivity.xml`.

#### Protected Fields

Sensitive fields (passwords, tokens, payment data) are automatically excluded from logging. To add custom protected fields:

```xml
<type name="MageOS\AdminActivityLog\Model\FieldChecker">
    <arguments>
        <argument name="protectedFields" xsi:type="array">
            <item name="my_secret_field" xsi:type="string">my_secret_field</item>
        </argument>
    </arguments>
</type>
```

### Security

- **Model Allowlist**: Only explicitly allowed model classes can be loaded during activity logging, preventing arbitrary class instantiation.
- **Protected Fields**: Sensitive data (passwords, API keys, tokens, payment info) is never logged, configured via DI.
- **ACL Permissions**: Control access to activity logs via permission rules.
- **CSRF Protection**: All admin actions are protected with form keys.

### Performance Notes

- **Page Visit Logging**: Disabled by default. Enable only if needed, as it creates a log entry for every admin page view.
- **Database Indexes**: The module includes indexes on frequently queried columns for optimal filtering performance.
- **Bulk Operations**: Log cleanup and activity logging use bulk database operations to minimize overhead.
- **Field Truncation**: Large values are truncated at ~64KB to prevent database bloat.

### Contributing

Issues and pull requests welcome on GitHub.

### License

_(README truncated for .md surface. Full README on https://packagento.com/mage-os/module-admin-activity-log.)_

## Recent Versions

| Version | Released |
|---|---|
| 2.0.1 | 2026-05-19 |
| 2.0.0 | 2026-04-24 |
| 2.0.0-rc2 | 2026-04-19 |
| 2.0.0-rc1 | 2026-04-13 |
| 2.0.0-beta9 | 2026-04-09 |
| 2.0.0-beta8 | 2026-03-26 |
| 2.0.0-beta7 | 2026-03-10 |
| 2.0.0-beta6 | 2026-01-28 |
| 2.0.0-beta5 | 2026-01-20 |
| 2.0.0-beta4 | 2026-01-13 |

Showing 10 of 13 versions. Full release history on https://packagento.com/mage-os/module-admin-activity-log.

## Dependencies

### Require

| Package | Constraint |
|---|---|
| magento/framework | >=100.0.0 |
| magento/module-backend | >=100.0.0 |
| magento/module-store | >=100.0.0 |
| magento/module-ui | >=100.0.0 |
| magento/module-user | >=100.0.0 |
| php | >=8.2 |

### Require (dev)

| Package | Constraint |
|---|---|
| phpunit/phpunit | ^9.5\|\|^10.0 |

### Replace

| Package | Constraint |
|---|---|
| kiwicommerce/module-admin-activity | 1.0.8 |

## Quality

Latest release (2.0.1) fails the Packagento QA pipeline. Verdicts below are per-cell (Magento line × PHP version) for the matrixed tools, and run-once for the static / security tiers.


### Compatibility

Each Magento line is installed on its supported PHP versions, then the module is built (DI compile + static-content deploy). Cells show passed / failed / untested; staircase gaps render as `–`.

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | Pass | Pass | – | – |
| 2.4.8 | – | Pass | Pass | – |
| 2.4.9 | – | – | not tested | not tested |


### Code Quality

Advisory checks against the module's source. Never affect the Compatibility verdict — a phpcs finding can't make a module incompatible.

#### Static Analysis

Coding standards (phpcs), mess detection (phpmd), copy-pasted code (cpd), PHP cross-version compatibility, composer.json validity. Each runs once for the whole module.

| Tool | Status | Findings | Summary |
|---|---|---|---|
| PHPCS | Fail | 247 | 4 errors, 243 warnings (ruleset: Magento2) — 93 auto-fixable with phpcbf |
| PHPMD | Warning | 39 | 39 rule violations (MissingImport:15, CyclomaticComplexity:5, TooManyPublicMethods:5, TooManyMethods:3, ExcessiveClassComplexity:3) |
| Cpd | Warning | 1 | 1 duplicated chunk spanning 32 total lines (min-lines=5, min-tokens=70) |
| Composer validate | Info | 5 | valid; 5 advisory notes (composer validate --strict) |

#### PHPStan

Type-checks the module against a real Magento install. Re-runs per Magento + PHP version because resolvable symbols differ between releases.

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | 21 | 21 | – | – |
| 2.4.8 | – | 21 | 21 | – |
| 2.4.9 | – | – | 21 | 21 |


### Tests

Unit and integration suites run per Magento + PHP cell. Test failures speak to the module's behaviour, not its compatibility with a line, so they're reported here separately.

#### Unit Tests

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | Pass | Pass | – | – |
| 2.4.8 | – | Pass | not tested | – |
| 2.4.9 | – | – | 29 | not tested |

#### Integration Tests

| Magento | PHP 8.2 | PHP 8.3 | PHP 8.4 | PHP 8.5 |
|---|---|---|---|---|
| 2.4.7 | N/A | N/A | – | – |
| 2.4.8 | – | N/A | N/A | – |
| 2.4.9 | – | – | N/A | N/A |


### Security

Dependency-advisory audit (composer audit) plus a source malware scan. A malware detection fails the version outright.

| Tool | Status | Findings | Summary |
|---|---|---|---|
| Composer audit | Pass | 0 |  |
| Malware scan | Pass | 0 |  |

## Licence and pricing

Free. A licence is still minted on checkout and bound to your project for Composer access — no payment step.

Refundable within 14 days of first purchase via https://packagento.com/account/refunds/.

## Install via Claude Code or any MCP client

The Packagento MCP server can run the licence + project + Composer steps above in one tool call:

```
purchase_and_install_packages(
  composer_names=["mage-os/module-admin-activity-log"],
  project_id="proj_xxx"
)
```

This handles cart, checkout, licence minting, project activation, and writes auth.json credentials. Connect a client with `claude mcp add packagento https://mcp.packagento.com`. Full setup at https://packagento.com/docs/mcp-setup.

## Vendor

mage-os is a Magento 2 vendor on Packagento. See https://packagento.com/mage-os.md for their full catalogue.

