feat(audit): readable host-scoped Audit log tab + audit message/resource filters (Phase 2b)#619
Merged
Merged
Conversation
…e/resource filters (Phase 2b)
api-audit-events-query v1.2.0 (C-07, AC-12) + frontend-host-detail v1.8.0
(AC-44). Phase 2b of the activity readability initiative.
Backend: GET /api/v1/audit/events now returns a server-rendered readable
'message' ('<actor> <predicate>', e.g. 'alice@example.com created a host'),
built by the shared activity.FormatAudit (exported from internal/activity so
the audit-events endpoint and the activity feed's audit leg render audit the
SAME way — no duplicate map). It also exposes actor_label and accepts
resource_type + resource_id query filters for a single resource's trail.
Frontend: the host-detail Audit log tab goes live (HostAuditLogTab) — the
host-scoped forensic trail via /audit/events?resource_type=host&resource_id=X,
rendered with the readable message, gated on audit:read. Removed from the
stub registry. Both deferred host tabs (Activity in 2a, Audit log here) are
now live.
This is decision #2 from the Phase 2 discussion (keep the Audit log tab, make
it a real per-host audit view) and de-risks Phase 3 (the settings audit log
gets the same readable message field for free).
Verified live: owas-tst01 Audit log shows 'Someone completed host discovery',
'Someone mounted a filesystem' — readable, host-scoped. Full frontend suite
(321) + backend audit suite + specter (111, structural 100%) green.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Phase 2b of the activity readability initiative — completes the deferred host-detail tabs (decision #2: keep the Audit log tab, make it a real per-host audit view).
Backend (
api-audit-events-queryv1.2.0 — C-07/AC-12)GET /api/v1/audit/eventsnow returns a server-rendered readablemessage("<actor> <predicate>", e.g. "alice@example.com created a host"), built byactivity.FormatAudit— exported so the audit-events endpoint and the activity feed's audit leg render audit the same way (one formatter, no duplicate map). New action codes never surface as raw dotted enums.actor_labeland acceptsresource_type+resource_idquery filters for a single resource's audit trail.Frontend (
frontend-host-detailv1.8.0 — AC-44)HostAuditLogTab): the host-scoped forensic trail via/audit/events?resource_type=host&resource_id=X, rendered with the readablemessage, paginated, gated onaudit:read. Removed from the stub registry.Why this shape
This de-risks Phase 3 (the settings audit log inherits the same readable
messagefield for free), and keeps audit a first-class compliance surface per your commitment.Verified live on
owas-tst01: "Someone completed host discovery", "Someone mounted a filesystem" — readable, host-scoped (Someoneis the graceful actor fallback whenactor_labelis empty on system-emitted events).Full frontend suite (321) + backend audit suite + specter (111, structural 100%) green. Ran
specter coverage --strictness annotationpre-push.