Skip to main content
Alforse treats file traceability as a commercial requirement, not a convenience. Two views cover it: GET /audit/evidence lists invoice and receipt evidence (filterable by kind — invoice, proof, or all — and by subject company), backed by the same files uploaded through the Files API’s presign → upload → confirm flow. Every download is authorized and scan-policy checked server-side, not just hidden in the UI.

Operation log

GET /audit/operations lists audit events: contract create/edit/delete/import/export, field definition changes, workflow transitions/approvals/returns/unlocks, payment and invoice changes, file upload/download/delete, and permission/member changes. Each event is typed (see the OpType values in Audit) and searchable.
Reading the full operation log requires the admin module permission; reading evidence only requires contract_view. See Roles & Permissions.