[Backlog Discovery] feat(backlog): workflow-log-archival-and-audit-trail

[bestony]

[Backlog Discovery]

• Requirement title: 为自驱工作流增加日志归档与审计留存
• Priority: P2
• Requirement file: backlog/20260221053247-workflow-log-archival-and-audit-trail.md
• Dedupe key: workflow-log-archival-and-audit-trail
• Source run: https://github.com/bestony/self/actions/runs/22251160229

[gemini-code-assist]

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

[github-actions]

[Backlog Discovery]
Reviewer: Product Manager

• Acceptance criteria leaves key parameters undefined (which workflows, what is N, and where “可控存储” lives), so scope/cost are unclear and hard to validate. Suggest: specify target workflow list/labeling rule, default N, and storage/retention choice in the AC.
• Audit value is stated, but the requirement doesn’t define how archived logs are indexed/retrieved or who can access them, which risks building archives that aren’t usable for incident review. Suggest: add AC for metadata index (run id/workflow/event/time) plus retrieval/search path and access control.
• “敏感信息脱敏策略” is mentioned but not scoped (what to mask, where secrets can appear), which creates security risk for an autonomous system. Suggest: add explicit masking rules (e.g., GitHub secrets redaction + additional patterns) and a validation step for safe storage.

[github-actions]

[Backlog Discovery]
Reviewer: Product Manager

需求价值评估

• 是否有价值: 有价值
• 优先级: P2
• Reviewer 视角结论: 面向长期自驱迭代与合规审计的日志留存具有明确价值，优先级与现有影响匹配。

价值点

• 解决默认日志 90 天过期导致的历史运行不可追溯问题，支撑长期故障复盘
• 为 LLM 生成变更提供可核查的执行上下文，提高争议处理与责任追溯效率
• 满足合规/审计留痕需求，降低长期运行系统的风险与信任成本

风险与建议

• 证据仅指向保留期限制与可下载能力，缺少具体合规要求或实际损失案例，建议补充场景量化影响
• 归档范围与存储成本未明确，建议定义 N 次/周期与保留期策略，避免成本失控