feat(ee): add enterprise audit logs settings page#4111
feat(ee): add enterprise audit logs settings page#4111waleedlatif1 wants to merge 17 commits intostagingfrom
Conversation
…arch Add a new audit logs page under enterprise settings that displays all actions captured via recordAudit. Includes server-side search, resource type filtering, date range selection, and cursor-based pagination. - Add internal API route (app/api/audit-logs) with session auth - Extract shared query logic (buildFilterConditions, buildOrgScopeCondition, queryAuditLogs) into app/api/v1/audit-logs/query.ts - Refactor v1 and admin audit log routes to use shared query module - Add React Query hook with useInfiniteQuery and cursor pagination - Add audit logs UI with debounced search, combobox filters, expandable rows - Gate behind requiresHosted + requiresEnterprise navigation flags - Place all enterprise audit log code in ee/audit-logs/ Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
The latest updates on your projects. Learn more about Vercel for GitHub. |
PR SummaryMedium Risk Overview Introduces a new Broadly enhances audit event coverage/consistency by adding missing audit records (e.g., password reset requested, BYOK key updated, schedule created/deleted, workspace updated, env var deleted) and enriching many existing Reviewed by Cursor Bugbot for commit 4a996f4. Configure here. |
Greptile SummaryThis PR adds an enterprise audit logs settings page with server-side search, resource type filtering, date range selection, and cursor-based pagination, behind Confidence Score: 5/5Safe to merge — all prior P0/P1 concerns are resolved and only minor style suggestions remain. Previously flagged issues (empty orgMemberIds crash, debounce no-op on mount) have both been addressed. The shared query module is clean, auth gating is consistent with other internal routes, and the infinite-query hook follows project conventions. The two remaining comments are P2 TypeScript hygiene and a future UX edge case for endDate that doesn't affect the current UI. No files require special attention. Important Files Changed
Sequence DiagramsequenceDiagram
participant UI as AuditLogs Component
participant Hook as useAuditLogs
participant Route as /api/audit-logs GET
participant Auth as validateEnterpriseAuditAccess
participant Query as query.ts
participant DB as Database
UI->>Hook: filters change
Hook->>Route: fetch with search params
Route->>Auth: check session + enterprise membership
Auth-->>Route: orgMemberIds
Route->>Query: buildOrgScopeCondition
Query->>DB: workspace lookup (if includeDeparted)
DB-->>Query: workspace ids
Query-->>Route: scope SQL
Route->>Query: buildFilterConditions
Query-->>Route: filter conditions
Route->>Query: queryAuditLogs(conditions, limit, cursor)
Query->>DB: SELECT with AND conditions, cursor pagination
DB-->>Query: rows
Query-->>Route: data and nextCursor
Route-->>Hook: JSON response
Hook-->>UI: pages for infinite scroll
Reviews (7): Last reviewed commit: "fix(audit-logs): fix OAuth label display..." | Re-trigger Greptile |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
- Fix import path: @/lib/utils → @/lib/core/utils/cn - Guard against empty orgMemberIds array in buildOrgScopeCondition - Skip debounce effect on mount when search is already synced Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
@greptile |
|
@cursor review |
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 36a1aa4. Configure here.
Use ternary instead of && chain to prevent unknown type from being returned as ReactNode. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
@greptile |
|
@cursor review |
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add PASSWORD_RESET_REQUESTED audit on forget-password with user lookup - Add CREDENTIAL_CREATED/UPDATED/DELETED audit on credential CRUD routes with metadata (credentialType, providerId, updatedFields, envKey) - Add SCHEDULE_CREATED audit on schedule creation with cron/timezone metadata - Fix SCHEDULE_DELETED (was incorrectly using SCHEDULE_UPDATED for deletes) - Enhance existing schedule update/disable/reactivate audit with structured metadata (operation, updatedFields, sourceType, previousStatus) - Add CREDENTIAL resource type and Credential filter option to audit logs UI - Enhance password reset completed description with user email Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Add actorName/actorEmail to all new credential and schedule audit calls to match the established pattern (e.g., api-keys, byok-keys, knowledge) - Add resourceId and resourceName to forget-password audit call - Enhance forget-password description with user email Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…ype entries Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Instead of maintaining a separate hardcoded list, the filter dropdown now derives its options directly from the AuditResourceType const object. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Move resource type filter options to ee/audit-logs/constants.ts (derived from AuditResourceType, no separate list to maintain) - Remove export from internal cursor helpers in query.ts - Add 5 new AuditAction entries: BYOK_KEY_UPDATED, ENVIRONMENT_DELETED, INVITATION_RESENT, WORKSPACE_UPDATED, ORG_INVITATION_RESENT - Enrich ~80 recordAudit calls across the codebase with structured metadata (knowledge bases, connectors, documents, workspaces, members, invitations, workflows, deployments, templates, MCP servers, credential sets, organizations, permission groups, files, tables, notifications, copilot operations) - Sync audit mock with all new entries Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…dit fields Remove metadata entries that duplicate resourceName, workspaceId, or other top-level recordAudit fields. Also remove noisy fileNames arrays from bulk document upload audits (kept fileCount). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Extract AuditAction, AuditResourceType, and their types into lib/audit/types.ts (client-safe, no @sim/db dependency). The server-only recordAudit stays in log.ts and re-exports the types for backwards compatibility. constants.ts now imports from types.ts directly, breaking the postgres -> tls client bundle chain. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
@greptile |
|
@cursor review |
Escape %, _, and \ characters in the search parameter before embedding in the LIKE pattern to prevent unintended broad matches. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
@greptile |
|
@cursor review |
The description was using keys.length (requested count) instead of deletedCount (actual count), which could differ if some keys didn't exist. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
@greptile |
|
@cursor review |
…down ACRONYMS set stored 'OAuth' but lookup used toUpperCase() producing 'OAUTH' which never matched. Now store all acronyms uppercase and use a display override map for special casing like OAuth. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
@greptile |
|
@cursor review |
There was a problem hiding this comment.
✅ Bugbot reviewed your changes and found no new issues!
Comment @cursor review or bugbot run to trigger another review on this PR
Reviewed by Cursor Bugbot for commit 4a996f4. Configure here.
1 participant
Summary
buildFilterConditions,buildOrgScopeCondition,queryAuditLogs) into a reusable module used by all 3 audit log API routesrequiresHosted+requiresEnterprisenavigation flags, with all enterprise code inee/audit-logs/Test plan