auth()->id(), 'action' => $action, 'auditable_type' => $model ? get_class($model) : null, 'auditable_id' => $model?->getKey(), 'old_values' => self::redact($oldValues), 'new_values' => self::redact($newValues), 'ip_address' => request()->ip(), 'user_agent' => substr(request()->userAgent() ?? '', 0, 500), ]); } catch (\Throwable) { // Audit log failure must not break the main flow. } } private static function redact(array $values): array { // Never log these sensitive fields. $sensitive = ['no_kp', 'password', 'token', 'remember_token']; return array_diff_key($values, array_flip($sensitive)); } }