feat(admin): add system_settings audit history (#3002)#3007
Merged
Conversation
Contributor
|
All contributors have agreed to the IPR Policy. Thank you! |
Adds an append-only audit log for system_settings changes: - Migration 426: system_settings_audit table - setSetting writes atomically via a writable CTE - getSettingAuditHistory returns last 50 entries - GET /api/admin/settings/audit endpoint - Admin UI: 'Recent changes' card on the settings page Rebased against current main (3004/3005 had moved admin-settings.html); HTML audit block + init + per-save refresh calls spliced onto current main's channel-fetch implementation. Closes #3002 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
bokelley
force-pushed
the
claude/issue-3002-system-settings-audit
branch
from
e9dab72 to
824bf32
Compare
3 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #3002
Summary
Adds a complete audit trail for all
system_settingschanges — the pre-existing gap flagged in the #3000 security review.Migration
426_system_settings_audit.sql: new append-onlysystem_settings_audit(id, key, old_value JSONB, new_value JSONB NOT NULL, changed_by, changed_at NOT NULL)table with indexes on key, changed_by, and changed_at DESC.setSettingrewrite: replaced the plain two-query (SELECT + UPSERT) approach with a single writable CTE that atomically captures the pre-update value, runs the UPSERT, and inserts the audit row — one round-trip, no TOCTOU gap.New
getSettingAuditHistory(limit): DB helper with aMath.min/maxclamp (1–200) to prevent unbounded queries.New
GET /api/admin/settings/auditendpoint (requireAuth + requireAdmin), returns last 50 entries.admin-settings.htmlupdates:Non-breaking justification: pure addition — new table, new INSERT side-effect in
setSetting(callers are unaffected), new read endpoint, new UI section. No existing field or behavior changed.Expert consensus: internal-tools-strategist and security-reviewer both reviewed; both approved. Key design requirements from review both incorporated: writable CTE for atomicity (vs. separate SELECT + UPSERT), and
NOT NULLonchanged_at.old_valuenot shown in the UI table: intentional — the "Recent changes" panel is a quick-glance "who changed what" view. Full diff (old vs. new) is available via the API for any admin who needs it; the data is fetched and stored.Session: https://claude.ai/code/session_01FGtbRG15ixXm4FNtSpaqkg
Generated by Claude Code