feat: add audit log for feature usage tracking#717
Merged
nicoloboschi merged 7 commits intomainfrom Mar 27, 2026
Merged
Conversation
Add full auditability for all mutating and core API operations across HTTP, MCP, and system (worker) transports. Audit entries record raw request/response as JSONB, timing (started_at/ended_at), action, and transport type. Backend: - New audit_log table with JSONB columns for expandability without future migrations (merge migration of 3 existing heads) - AuditLogger with fire-and-forget writes via asyncio.create_task - @Audited decorator on 28 HTTP route handlers - MCP tool audit wrapping for 16 auditable tools - Worker task execution wrapped with audit_context - List endpoint with action, transport, date range filters + pagination - Stats endpoint with per-day counts for charting - Configurable retention sweep (concurrent-safe DELETE) Config (env-only, static): - HINDSIGHT_API_AUDIT_LOG_ENABLED (default: false) - HINDSIGHT_API_AUDIT_LOG_ACTIONS (comma-separated allowlist, empty=all) - HINDSIGHT_API_AUDIT_LOG_RETENTION_DAYS (default: -1, keep forever) Control Plane: - New "Audit Logs" tab on bank configuration page - Line chart showing request volume (today/7d/30d) with action filter - Filterable table with action, transport, date range filters - Paginated list with detail dialog showing raw request/response JSON Tests: - 13 tests covering list, filters, pagination, stats, disabled mode, action allowlist, and ordering
Alembic doesn't support 3-parent merge migrations. Split into a no-op merge of 2 heads (b1c2d3e4f5g6) followed by the audit_log table migration merging the third head.
The original analysis incorrectly identified 3 heads. There were only 2 (a3b4c5d6e7f8 and c8e5f2a3b4d1). Remove the unnecessary intermediate merge migration and fix the audit_log migration to merge these 2 heads.
Alembic's upgrade('head') fails when multiple heads exist (e.g. from
namespace package overlaps between hindsight-api and hindsight-api-slim).
Using 'heads' (plural) handles this gracefully by upgrading all branches.
Python and Go clients still need regeneration (requires Docker).
Adds generated audit log API clients for Python (audit_api.py), Go (api_audit.go), and TypeScript client type updates.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
AUDIT_LOG_ENABLED,AUDIT_LOG_ACTIONS(allowlist),AUDIT_LOG_RETENTION_DAYSTest plan