PHPackages                             ledgerly-app/core - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Security](/categories/security)
4. /
5. ledgerly-app/core

ActiveLibrary[Security](/categories/security)

ledgerly-app/core
=================

Trusted audit logs and activity timelines for Laravel applications.

0.9.0(2mo ago)1721[9 issues](https://github.com/ledgerly-app/core/issues)MITPHPPHP ^8.2CI passing

Since Feb 10Pushed 2mo ago1 watchersCompare

[ Source](https://github.com/ledgerly-app/core)[ Packagist](https://packagist.org/packages/ledgerly-app/core)[ Docs](https://ledgerly-app.github.io/)[ GitHub Sponsors](https://github.com/ntoufoudis)[ RSS](/packages/ledgerly-app-core/feed)WikiDiscussions main Synced 2mo ago

READMEChangelog (10)Dependencies (6)Versions (16)Used By (0)

Ledgerly Core
=============

[](#ledgerly-core)

[![Packagist Version](https://camo.githubusercontent.com/c66c3a4a175eb7c7fd6b5199f53988fa21d17202831e38f3114b79b2d23754f1/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6c65646765726c792d6170702f636f7265)](https://camo.githubusercontent.com/c66c3a4a175eb7c7fd6b5199f53988fa21d17202831e38f3114b79b2d23754f1/68747470733a2f2f696d672e736869656c64732e696f2f7061636b61676973742f762f6c65646765726c792d6170702f636f7265)[![Tests](https://github.com/ledgerly-app/core/actions/workflows/run-tests.yml/badge.svg)](https://github.com/ledgerly-app/core/actions)[![Documentation](https://camo.githubusercontent.com/eb567096536ee297e99fabe9de6f9d5fa5de471650cd6486f5b7ef3304ba43ee/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f446f63732d4c65646765726c792d626c7565)](https://ledgerly-app.github.io/)[![License](https://camo.githubusercontent.com/8bb50fd2278f18fc326bf71f6e88ca8f884f72f179d3e555e20ed30157190d0d/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f6c6963656e73652d4d49542d677265656e2e737667)](LICENSE)[![OpenSSF Scorecard](https://camo.githubusercontent.com/ad5bed9a844058b955b8b88482bca3ed4a296cf4d7402a9a74e431e1b73ec736/68747470733a2f2f6170692e73636f7265636172642e6465762f70726f6a656374732f6769746875622e636f6d2f6c65646765726c792d6170702f636f72652f6261646765)](https://scorecard.dev/viewer/?uri=github.com/ledgerly-app/core)

**Ledgerly Core** is a structured, **append-only audit logging engine** for Laravel.

It is built for correctness and long-term traceability: immutable entries, deterministic exports, chain/checkpoint verification, policy enforcement, and transport-agnostic metadata.

Ledgerly Core focuses on core audit guarantees. UI and SaaS concerns live in separate packages.

---

Philosophy
----------

[](#philosophy)

Ledgerly Core is built around a few non-negotiable principles:

- **Append-only**: audit data must never change
- **Explicit intent**: every log entry must declare *who*, *what*, and *to what*
- **Stable contracts**: exported data shapes must not drift
- **Low magic**: no observers, no implicit logging
- **Transport-agnostic**: works in HTTP, queues, CLI, jobs

If you want “logs everywhere automatically,” this is **not** that package. If you want **trustworthy audit trails**, this *is*.

---

Documentation
-------------

[](#documentation)

Full documentation is available at:

👉

The documentation includes:

- Quick Start
- Core Concepts
- Guides and Best Practices
- Architecture Overview
- Upgrade Guides

If you're new to Ledgerly, start here:

👉

---

Capabilities (1.x)
------------------

[](#capabilities-1x)

- Immutable, append-only ledger entries
- Strict action contract: `..`
- Actor/target polymorphic relations and structured diffs
- Metadata resolver pipeline (HTTP, queue, console safe)
- Correlation IDs, transaction grouping, and scoped/global context
- Policy engine with global and action-pattern bindings
- Versioned export pipeline with transformers and queued execution
- Export drivers: file, gzip, csv
- Export integrity manifest (`ledger_id`, `entry_count`, `checksum`)
- Hash-chain integrity verification
- Checkpoints with file/http anchors and verification commands
- Federation status/proof support for remote checkpoint validation
- Webhook dispatch with signed payloads and retry policy
- Extension points for drivers, export versions, policies, and metadata resolvers
- Helper and facade access (`ledgerly()` and `Ledgerly` facade)

---

Requirements
------------

[](#requirements)

- PHP 8.2+
- Laravel 11+

---

Installation
------------

[](#installation)

```
composer require ledgerly-app/core
```

Publish the migration:

```
php artisan vendor:publish --tag=ledgerly-migrations
php artisan migrate
```

For a full tutorial, see:
---------------------------------------------------------------------------

[](#for-a-full-tutorial-seehttpsledgerly-appgithubiodocsquick-start)

Basic Usage
-----------

[](#basic-usage)

### Logging an action

[](#logging-an-action)

```
ledgerly()
    ->actor(auth()->user())
    ->action('billing.invoice.updated')
    ->target($invoice)
    ->withDiff([
        'amount' => [1200, 1450],
    ])
    ->log();
```

This results in **exactly one insert**.

No observers. No side effects.

---

Export Contracts
----------------

[](#export-contracts)

Ledgerly exports are versioned and contract-driven:

- Version payload shape is stable per export version (`v1`, etc.)
- JSONL/GZIP exports include an integrity manifest trailer
- CSV schema can be explicitly configured for integration-safe contracts

### CSV Schema Configuration

[](#csv-schema-configuration)

```
// config/ledgerly.php
'export' => [
    'csv' => [
        'columns' => [
            'action',
            'metadata.tenant_id',
            'created_at',
        ],
        'strict' => true,
    ],
],
```

Behavior:

- If `columns` is set, that exact ordered schema is used
- If `strict` is `true`, unknown keys fail export
- If `columns` is `null`, schema is inferred from first row and then fixed

---

Guarantees Snapshot
-------------------

[](#guarantees-snapshot)

Ledgerly 1.x guarantees:

- No updates/deletes of persisted ledger entries
- Exactly explicit logging, no implicit model observers
- Stable export version contracts
- Manifest-aware export immutability/completeness evidence
- Backward-compatible minor releases for documented contracts

Ledgerly 1.x does not guarantee:

- Legal compliance by itself
- Automatic retention policies
- UI features or visualization
- Automatic self-healing for integrity/federation failures

---

Learning Ledgerly
-----------------

[](#learning-ledgerly)

If you're new to Ledgerly, the recommended reading order is:

1. Quick Start

2. Core Concepts

3. Guides

---

Contributing
------------

[](#contributing)

Before contributing, please read:

---

License
-------

[](#license)

[MIT](LICENSE.md)

---

Final Note
----------

[](#final-note)

Ledgerly Core is meant to be **boringly reliable**.

If it ever surprises you — that’s a bug.

###  Health Score

35

—

LowBetter than 80% of packages

Maintenance64

Regular maintenance activity

Popularity15

Limited adoption so far

Community11

Small or concentrated contributor base

Maturity44

Maturing project, gaining track record

 Bus Factor1

Top contributor holds 97.7% of commits — single point of failure

How is this calculated?**Maintenance (25%)** — Last commit recency, latest release date, and issue-to-star ratio. Uses a 2-year decay window.

**Popularity (30%)** — Total and monthly downloads, GitHub stars, and forks. Logarithmic scaling prevents top-heavy scores.

**Community (15%)** — Contributors, dependents, forks, watchers, and maintainers. Measures real ecosystem engagement.

**Maturity (30%)** — Project age, version count, PHP version support, and release stability.

###  Release Activity

Cadence

Every ~1 days

Total

11

Last Release

82d ago

### Community

Maintainers

![](https://www.gravatar.com/avatar/9a0e4562d814e61aaa5dc698cc667c6d6c90c98516142b60c0924b337c418355?d=identicon)[ntoufoudis](/maintainers/ntoufoudis)

---

Top Contributors

[![ntoufoudis](https://avatars.githubusercontent.com/u/93659348?v=4)](https://github.com/ntoufoudis "ntoufoudis (216 commits)")[![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4)](https://github.com/dependabot[bot] "dependabot[bot] (4 commits)")[![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?v=4)](https://github.com/github-actions[bot] "github-actions[bot] (1 commits)")

---

Tags

laravelsecurityAudittimelineactivity-logcomplianceaudit-logledgerly

###  Code Quality

TestsPest

Static AnalysisPHPStan

Code StyleLaravel Pint

### Embed Badge

![Health badge](/badges/ledgerly-app-core/health.svg)

```
[![Health](https://phpackages.com/badges/ledgerly-app-core/health.svg)](https://phpackages.com/packages/ledgerly-app-core)
```

###  Alternatives

[muhammadsadeeq/laravel-activitylog-ui

A beautiful, modern UI for Spatie's Activity Log with advanced filtering, analytics, and real-time features.

17510.1k](/packages/muhammadsadeeq-laravel-activitylog-ui)[alizharb/filament-activity-log

A powerful, feature-rich activity logging solution for FilamentPHP v4 & v5 with timeline views, dashboard widgets, and revert actions.

2326.6k](/packages/alizharb-filament-activity-log)[mradder/filament-logger

Audit logging, activity tracking, exports, alerts, and dashboards for Filament admin panels.

141.1k](/packages/mradder-filament-logger)

PHPackages © 2026

[Directory](/)[Categories](/categories)[Trending](/trending)[Changelog](/changelog)[Analyze](/analyze)