fix: audit FK + file logging (0.7.1)#21
Merged
Merged
Conversation
blackaxgit
added a commit
that referenced
this pull request
May 2, 2026
PR #20 burned 6h on a hung instrumented coverage step; PR #21 hung 58 min on the same pattern. Three mitigations: 1. `timeout-minutes: 30` at job level + `timeout-minutes: 20` on the LCOV step. Hangs fail in 20-30 min instead of 6h. 2. `RUST_TEST_THREADS: 1` to serialize under instrumentation. Likely cause of the hang is wiremock + serial_test + tokio + llvm-cov parallelism deadlock. 3. `continue-on-error: true` so coverage flakes do not block PRs from merging while we investigate the root cause separately. Coverage stays informational. Quality gates (clippy, tests, build, audit) still block merges. --------- Co-authored-by: blackax <blackaxgit@users.noreply.github.com>
blackaxgit
force-pushed
the
fix/audit-fk-and-log-tilde
branch
from
56487e0 to
0eb6183
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two bug fixes uncovered during real-tenant smoke testing of 0.7.0.
Fix 1 — Audit log FK constraint failure on every L0-decided call
Symptom:
WARN clx_hook::audit: Failed to create audit log: Storage error: FOREIGN KEY constraint failedfires every time L0 deterministic validation makes the decision (no L1 LLM call needed). The audit log table has a FK tosessions(id)but the session row doesn't exist for fast-path / synthetic IDs.Fix:
Storage::create_audit_lognow doesINSERT OR IGNORE INTO sessions (id, project_path, started_at, source, status) VALUES (?1, '', datetime('now'), 'audit-placeholder', 'active')before the audit insert. Idempotent — no-op when the session was already created bySessionStart.Fix 2 —
logging.filewas never wired upSymptom: Config has
logging.file: ~/.clx/logs/clx.log. The~expansion was already implemented (Config::log_file_path()), but no code actually opened the file. Hooks logged to stderr only — and stderr is ERROR-only by design (Claude Code treats hook stderr as failure noise), so users got nothing.Fix:
clx-hook/src/main.rsnow opens the configured log path on init and adds it as a second tracing-subscriber layer (WARN+). stderr stays ERROR-only. No new dep needed (smallMutexFileadapter forArc<Mutex<File>>→MakeWriter).Verification
cargo build/clippy/test/fmt— all clean locally.cat ~/.clx/logs/clx.logafter hook fire — populated with INFO/WARN events.Test plan
brew upgrade clx→ 0.7.1 → re-run the 0.7.0 fallback smoke test → confirm no FK warnings, log file populated