menu
nerv-audit

nerv-audit

Leader posted 2 min read

We needed an audit trail Envers couldn’t handle — so I built one

“Who changed this record?”
“What was the previous value?”
“When did it happen?”

Simple questions… until you actually need answers in production.

The problem we kept running into

In one of our systems, audit logs weren’t just “nice to have” — they were critical.

We needed:

  • Field-level change tracking
  • Historical queries (point-in-time views)
  • Reliable audit trails across services

So naturally, we tried Hibernate Envers.

At first, it worked.

Until it didn’t.

Where things started breaking

As the system grew, we hit real limitations:

  • Querying audit history became painful
  • Custom audit logic was hard to extend
  • Cross-service audit consistency was messy
  • Performance started becoming a concern

We weren’t just storing audit logs anymore —
we needed to use them as a first-class feature.

That’s where Envers started to feel like a constraint.

The turning point

At some point, we had two options:

  1. Keep patching around the limitations
  2. Build something that actually fits our needs

We chose the second.

What we built

We created nerv-audit — a modular audit framework designed for real-world backend systems.

Instead of treating auditing as a side-effect, we designed it as a core part of the architecture.

Key ideas:

  • Structured audit work units (not just snapshots)
  • Flexible query model for history retrieval
  • Clean separation between capture, storage, and querying
  • Extensible by design

A quick example

Instead of digging through raw audit tables, you can query changes like this:

AuditQuery query = AuditQuery.builder()
    .entity("User")
    .field("email")
    .changed()
    .build();

List<AuditResult> results = auditService.execute(query);

Now you’re not just storing history —
you’re actually asking questions from it.

What I learned building this

A few things became very clear:

  • Audit logs become product features faster than expected
  • If querying is painful, the audit system is incomplete
  • “Just use Envers” works… until scale and complexity kick in
  • Designing audit as a domain, not a utility, changes everything

⚠️ About the project

The project is structured in modules:

  • nerv-audit-core → full engine (commercial)
  • nerv-audit-lite / examples → publicly available

I decided to keep the core commercial, but still share:

  • Public modules
  • Examples
  • Integration ideas

Explore it here

If you’re dealing with similar problems, you might find this useful:

https://github.com/czetsuyatech/nerv-audit

Final thought

Most systems don’t think about audit logs until something breaks.

By then, it’s already too late.

If your system will ever need to answer:

“What changed, and why?”

…it’s worth designing for it early.

2 Comments

This hits real pain points. Querying audit logs is always the worst part. Curious what’s your storage strategy behind the scenes? Append-only or something more custom?

1 vote

@[Barry]

Yeah—querying audit logs is usually where things start to hurt

For nerv-audit, I’m currently using a vertical (per-entity) audit table strategy, which is essentially how Hibernate Envers structures things under the hood.

So instead of a single append-only log, each audited entity gets its own audit table (e.g., order_aud, user_aud). Every change creates a new revision entry, and revisions are tracked separately. This keeps writes simple and consistent with the ORM model, while making it easier to query history for a specific entity.

It’s not a pure append-only event log in the “event sourcing” sense—but it is still append-only at the row level (no updates, just new revisions). The trade-off is that cross-entity queries can get more complex, which is where most of the friction comes in.

That’s actually one of the areas I’m trying to improve with nerv-audit—making those queries more ergonomic without forcing teams into a completely different storage model.

Curious as well—have you seen teams lean more toward centralized append-only logs, or stick with per-entity history like this?

PS: I attached a screenshot of a vertically stored revision in the nerv-audit demo project.

2

This is a great example of when “default tools” stop being enough.

Envers works fine when audit is just a compliance checkbox, but the moment you actually need to use audit data, the cracks show fast — especially around querying and cross-service consistency.

The shift you made (audit as a domain, not a side-effect) feels like the real takeaway here. Once audit becomes something product or ops relies on, the model and query layer matter way more than just capturing snapshots.

The query abstraction you showed is interesting too — it moves audit from “logs you dig through” to “data you can ask questions from,” which is a big shift.

Curious how you’re handling write overhead and storage growth with field-level tracking at scale?

1 vote

More Posts

React Native Quote Audit - USA

kajolshah - Mar 2

The Audit Trail of Things: Using Hashgraph as a Digital Caliper for Provenance

Ken W. Algerverified - Apr 28

Building a Movie Recommendation API with Spring Boot

alejandrotg-codeverified - Apr 28

Let's understand Retries in Spring Boot

Madhu - Oct 17, 2025

Why Email-Only Contact Forms Are Failing in 2026 (And What Developers Should Do Instead)

JayCode - Mar 2
chevron_left

More From czetsuya

Stop Rewriting CI/CD: Reusable GitHub Actions for Maven Projects

Related Jobs

View all jobs →

Commenters (This Week)

5 comments
1 comment

Contribute meaningful comments to climb the leaderboard and earn badges!