umputun / stash / 20632463775

coverage: 83.735% (-0.2%) from 83.964%
20632463775

push

github

web-flow 
feat(audit): add audit trail logging (#52)

* docs: add audit trail implementation plan

Related to audit logging feature with admin-only access,
middleware-based capture, and POST /audit/query API.

* feat(audit): add audit trail foundation (tasks 1-3)

- Add AuditAction, AuditResult, ActorType enums
- Add admin flag to auth config with IsAdmin() method
- Add audit_log table (SQLite + PostgreSQL)
- Implement LogAudit, QueryAudit, DeleteAuditOlderThan methods
- Update plan with completed tasks

Related to audit trail feature

* feat(audit): add audit trail foundation (tasks 1-3)

- AuditAction, AuditResult, ActorType enums with go-pkgz/enum
- Admin flag in auth config with IsAdmin() method
- AuditEntry and AuditQuery types in store layer
- LogAudit, QueryAudit, DeleteAuditOlderThan store methods
- auditor middleware capturing status/bytes for /kv/* routes
- POST /audit/query handler with admin access check
- CLI flags: --audit.enabled, --audit.retention, --audit.query-limit
- Background cleanup goroutine for expired audit entries

* fix(audit): reorder middleware to capture denied requests

- Audit middleware now runs before auth to capture 401/403 rejections
- Add test for 401 mapping to denied result
- Add test verifying audit captures when auth short-circuits

* feat(api): return 201 Created for new keys, 200 OK for updates

- store.Set now returns (created bool, err) to distinguish create vs update
- api handler returns 201 Created when key is new, 200 OK when existing
- audit trail distinguishes create vs update actions based on response
- token masking in audit logs now uses 4 chars (matching auth.go)
- added composite index idx_audit_ts_key for better query performance
- updated Go, Python SDKs to accept 201 status code

related #51

* test: add audit trail integration test, fix e2e for 201 status

- add TestIntegration_AuditTrail verifying audit log for KV operations
- update e2e tests to accept 201 Created for new key creation

447 of 545 new or added lines in 10 files covered. (82.02%)

1 existing line in 1 file now uncovered.

3748 of 4476 relevant lines covered (83.74%)

82.77 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

89.2
/app/server/api/handler.go


Source Not Available