ahmido
28cfe38ba4
## Summary - turn the Monitoring audit log placeholder into a real workspace-scoped audit review surface - introduce a shared audit recorder, richer audit value objects, and additive audit log schema evolution - add audit outcome and actor badges, permission-aware related navigation, and durable audit retention coverage ## Included - canonical `/admin/audit-log` list and detail inspection UI - audit model helpers, taxonomy expansion, actor/target snapshots, and recorder/builder services - operation terminal audit writes and purge command retention changes - spec 134 design artifacts and focused Pest coverage for audit foundation behavior ## Validation - `vendor/bin/sail bin pint --dirty --format agent` - `vendor/bin/sail artisan test --compact tests/Unit/Audit tests/Unit/Badges/AuditBadgesTest.php tests/Feature/Filament/AuditLogPageTest.php tests/Feature/Filament/AuditLogDetailInspectionTest.php tests/Feature/Filament/AuditLogAuthorizationTest.php tests/Feature/Monitoring/AuditCoverageGovernanceTest.php tests/Feature/Monitoring/AuditCoverageOperationsTest.php tests/Feature/Console/TenantpilotPurgeNonPersistentDataTest.php` ## Notes - Livewire v4.0+ compliance is preserved within the existing Filament v5 application. - No provider registration changes were needed; panel provider registration remains in `bootstrap/providers.php`. - No new globally searchable resource was introduced. - The audit page remains read-only; no destructive actions were added. - No new asset pipeline changes were introduced; existing deploy-time `php artisan filament:assets` behavior remains unchanged. Co-authored-by: Ahmed Darrazi <ahmed.darrazi@live.de> Reviewed-on: #163
4.8 KiB
4.8 KiB
Quickstart: Audit Log Foundation
Feature: 134-audit-log-foundation | Date: 2026-03-11
Scope
This feature turns the existing Audit Log placeholder into a real enterprise Monitoring surface by:
- evolving the current
audit_logsstore into a first-class audit event model, - consolidating the existing audit writers behind one shared recorder foundation,
- standardizing event taxonomy, actor kinds, target snapshots, summaries, and outcomes,
- instrumenting first-wave governance, backup or restore, operations, and admin-change event sources,
- replacing the placeholder
/admin/audit-logpage with a filterable, summary-first audit list and detail inspection surface, - enforcing workspace and tenant-safe visibility through
audit.viewand existing target entitlements, - making retention explicit so audit history is no longer treated as short-lived operational noise.
Implementation order
- Expand the audit taxonomy and outcome model, using the current
AuditActionIdregistry as the starting point. - Design and implement the additive
audit_logsmigration path, including stronger indexes and compatibility-safe backfills. - Introduce the shared audit recorder and adapt the existing tenant, workspace, and system loggers to use it.
- Tighten
AuditContextSanitizerusage and codify context-shaping rules for summaries, before/after snapshots, and safe metadata. - Normalize first-wave workspace and governance audit writes from
WorkspaceMembershipManager,SettingsWriter, findings workflow, and baseline workflows. - Normalize first-wave backup, restore, and operation outcome audit writes without changing
OperationRunlifecycle ownership. - Replace the placeholder
App\Filament\Pages\Monitoring\AuditLogsurface with a real workspace-scoped table, filters, badges, and detail inspection affordance. - Ensure related target links are canonical and permission-aware through existing navigation helpers.
- Update retention-related commands or purge flows so durable audit history is no longer deleted as regeneratable noise.
- Run focused Sail-based tests and Pint.
Reference files
- app/Models/AuditLog.php
- database/migrations/2025_12_10_000160_create_audit_logs_table.php
- database/migrations/2026_02_01_002054_add_workspace_id_to_audit_logs_table.php
- app/Services/Intune/AuditLogger.php
- app/Services/Audit/WorkspaceAuditLogger.php
- app/Support/Audit/AuditActionId.php
- app/Support/Audit/AuditContextSanitizer.php
- app/Filament/Pages/Monitoring/AuditLog.php
- resources/views/filament/pages/monitoring/audit-log.blade.php
- app/Filament/Resources/OperationRunResource.php
- app/Filament/Resources/AlertDeliveryResource.php
- app/Services/Findings/FindingWorkflowService.php
- app/Services/Auth/WorkspaceMembershipManager.php
- app/Services/Settings/SettingsWriter.php
- app/Console/Commands/TenantpilotPurgeNonPersistentData.php
Suggested validation commands
vendor/bin/sail artisan test --compact tests/Unit/Audit
vendor/bin/sail artisan test --compact --filter=AuditLog
vendor/bin/sail artisan test --compact --filter=FindingWorkflow
vendor/bin/sail artisan test --compact --filter=WorkspaceMembership
vendor/bin/sail artisan test --compact --filter=SettingsWriter
vendor/bin/sail artisan test --compact --filter=RestoreRun
vendor/bin/sail artisan test --compact --filter=Baseline
vendor/bin/sail bin pint --dirty --format agent
Expected outcome
/admin/audit-logbecomes a real canonical Monitoring page with meaningful filtering and event inspection.- Audit events consistently capture actor, action, target, scope, timestamp, outcome, and safe structured context.
- Existing tenant and workspace audit writes converge on one shared recorder and one stable taxonomy.
- Covered governance and operational workflows emit readable audit entries without requiring raw JSON or source-record survival to understand what happened.
- Audit history is treated as durable evidence rather than short-lived tenant noise.