member_sessions_revoked_self_others
This page is auto-generated from
src/auth/stytch-invite.ts. Do not edit by hand — seedocs/dev/docs-auto-sync.md.
Event string
Section titled “Event string”member_sessions_revoked_self_others
Emitting helpers
Section titled “Emitting helpers”| Function | Source |
|---|---|
encodeMemberSessionsRevokedSelfOthersAuditReason | src/auth/stytch-invite.ts:698 |
Context fields
Section titled “Context fields”| Field | Type | Required | Notes |
|---|---|---|---|
member_id | string | yes | — |
revoked_count | number | yes | — |
scope | "single_org" | "all_orgs" | no | — |
org_count | number | no | — |
Documentation
Section titled “Documentation”#575 Phase 5 (#616) — scope discriminator extension.
Phase 5 introduces a NEW cross-org variant of this same event: the operator presses “Sign out everywhere” on the /me/security page and we fan revoke calls across every org they belong to, writing ONE aggregate audit row with tenant_id = NULL + actor_account_id NOT NULL (see audit/log.ts + migrations/0056 RLS shape).
To let SIEM saved searches distinguish “single-org self-others revoke” (Phase 1-4 shape: tenant_id = the org, scope omitted) from “cross-org revoke-everywhere” (Phase 5 shape: tenant_id = NULL, scope = ‘all_orgs’), we add an optional scope discriminator and the per-org breakdown is surfaced via org_count. Legacy callers omit the field — JSON.stringify drops undefined so the on-wire envelope stays byte-identical for the /admin/ui/account/* surface, and existing SIEM searches keep matching.
org_count is INCLUDED on the cross-org variant so an auditor can verify the fanout hit the expected breadth (covers the “partial-success across 3 of 9 orgs” UX shape). For single-org calls it’s omitted (the audit_log row’s tenant_id IS the org).
This envelope is stored in audit_log.decision_reason (varchar(256)) as a JSON object with the shape { event, ...ctx }. The audit_log row carries tenant_id, actor_user_id, and timestamp as columns alongside — those are not duplicated in the envelope.