Skip to content

feat(audit): support audit logging for command evaluation results#103

Merged
fohte merged 12 commits intomainfrom
fohte/audit-log
Mar 13, 2026
Merged

feat(audit): support audit logging for command evaluation results#103
fohte merged 12 commits intomainfrom
fohte/audit-log

Conversation

@fohte
Copy link
Copy Markdown
Owner

@fohte fohte commented Feb 25, 2026
edited by devin-ai-integration Bot
Loading

Why

  • Command evaluation results (allow/deny/ask) should be persistently recorded to enable tracking unintended permissions and debugging rule configurations

What

  • Add audit log functionality that records evaluation results in JSONL format
  • Add date-based log rotation to prevent storage growth
  • Add CLI subcommand for browsing and filtering audit log entries
Open with Devin

@fohte @claude
chore(audit): create base branch for audit log feature
78ebad7 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@gemini-code-assist
Copy link
Copy Markdown

gemini-code-assist Bot commented Feb 25, 2026

Note

Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported.

@codecov
Copy link
Copy Markdown

codecov Bot commented Feb 25, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 91.82243% with 70 lines in your changes missing coverage. Please review.
✅ Project coverage is 89.26%. Comparing base (4c57355) to head (3912e05).
⚠️ Report is 2 commits behind head on main.

Files with missing lines Patch % Lines
src/main.rs 59.67% 25 Missing ⚠️
src/config/model.rs 90.94% 21 Missing ⚠️
src/adapter/mod.rs 92.24% 10 Missing ⚠️
src/audit/reader.rs 94.26% 9 Missing ⚠️
src/audit/filter.rs 96.49% 2 Missing ⚠️
src/audit/log_rotator.rs 93.75% 2 Missing ⚠️
src/audit/writer.rs 98.11% 1 Missing ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #103      +/-   ##
==========================================
+ Coverage   89.00%   89.26%   +0.25%     
==========================================
  Files          42       47       +5     
  Lines        8197     9046     +849     
==========================================
+ Hits         7296     8075     +779     
- Misses        901      971      +70
Flag Coverage Δ
Linux 89.12% <91.82%> (+0.23%) ⬆️
macOS 90.60% <91.82%> (+0.19%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

This was referenced Feb 26, 2026
Merged
Merged
fohte and others added 2 commits March 8, 2026 13:50
@fohte @claude
feat(audit): define data models for audit log entries (#109)
02f0871 
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
@fohte @claude
feat(config): add AuditConfig and RotationConfig to Config (#110)
ce05473 
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
This was referenced Mar 8, 2026
Merged
Merged
fohte and others added 2 commits March 9, 2026 02:41
@fohte @claude
feat(audit): implement AuditReader, AuditFilter, TimeSpec, and …
79b2872 
…`audit` CLI subcommand (#172)

Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
@fohte @claude
feat(audit): implement AuditWriter and LogRotator (#170)
f54668f 
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
@fohte fohte mentioned this pull request Mar 12, 2026
Merged
fohte and others added 3 commits March 12, 2026 23:49
@fohte @claude
feat(audit): integrate audit log recording into adapter layer (#194)
d1e7fad 
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
@fohte @claude
test(audit): add integration and E2E tests for audit log (#195)
7c190f9 
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
@fohte @claude
merge origin/main and add audit log documentation
abcb428 
Merge origin/main into the audit-log feature branch. Main introduced
significant changes including `runok init` subcommand, ancestor
directory config traversal, `find_parse_and_resolve` architecture,
`SubCommandDetail` for verbose logging, and removal of `Action::Default`
variant (unmatched commands now resolve to `default_action(config)`
directly).

Key conflict resolutions:
- config/loader: adopt main's `find_parse_and_resolve` architecture
  while preserving `strip_audit` for project/local configs
- rule_engine: keep both `sub_results` (audit) and
  `sub_command_details` (verbose logging) in `CompoundEvalResult`
- cli/mod: merge both `Audit` and `Init` command variants
- adapter/mod: preserve audit log recording in the new dispatch flow
- audit/model: remove `Action::Default` conversion (action is now
  resolved before audit recording)

Add documentation for the audit log feature:
- New `docs/src/content/docs/cli/audit.md` CLI reference
- Add `audit` section to configuration schema docs
- Add `runok audit` to CLI overview page

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@fohte fohte marked this pull request as ready for review March 12, 2026 17:50
devin-ai-integration[bot]

This comment was marked as resolved.

Sign in to view

@fohte @claude
docs: fix retention_days default from 30 to 7
562966b 
The documentation stated the default retention_days is 30, but the
actual code default is 7 (in RotationConfig::default() and
resolved_retention_days()). This mismatch would cause users to expect
30-day retention while actually getting 7-day retention.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
fohte and others added 2 commits March 13, 2026 03:06
@fohte
Merge remote-tracking branch 'origin/main' into fohte/audit-log
c7b01aa 
# Conflicts:
#	docs/src/content/docs/cli/overview.md
@fohte @claude
docs: fix duplicate sidebar order in CLI pages
1d786ee 
audit.md and init.md both had order: 4, causing a collision.
Shift audit to 5 and update-presets to 6.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
devin-ai-integration[bot]
devin-ai-integration Bot reviewed Mar 12, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@devin-ai-integration devin-ai-integration Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Devin Review found 2 new potential issues.

View 8 additional findings in Devin Review.

Open in Devin Review

Comment thread src/cli/mod.rs
Comment thread src/audit/filter.rs
@fohte @claude
audit: fix integer overflow in relative time parsing
3912e05 
Large duration values like `999999999999999999d` caused a multiplication
overflow panic in debug mode (and silent wraparound in release mode).
The wrapped value could further overflow when cast to i64, producing a
negative chrono::Duration that shifts the filter timestamp into the
future instead of the past.

Use checked_mul for the seconds calculation and i64::try_from for the
resolve() cast. Also add audit logging to README.md features list.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@fohte fohte merged commit 25c6749 into main Mar 13, 2026
10 checks passed
@fohte fohte deleted the fohte/audit-log branch March 13, 2026 01:13
@fohte-bot fohte-bot Bot mentioned this pull request Mar 13, 2026
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@devin-ai-integration devin-ai-integration[bot] devin-ai-integration[bot] left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@fohte