Skip to content

Implement comprehensive access logging for security auditing#398

Merged
Xhristin3 merged 5 commits into
rinafcode:mainfrom
Just-Bamford:feat/access-logging-security
Apr 28, 2026
Merged

Implement comprehensive access logging for security auditing#398
Xhristin3 merged 5 commits into
rinafcode:mainfrom
Just-Bamford:feat/access-logging-security

Conversation

@Just-Bamford
Copy link
Copy Markdown
Contributor

@Just-Bamford Just-Bamford commented Apr 23, 2026
edited
Loading

Summary

Implements a dedicated AccessLogger module providing a unified, tamper-evident
audit trail for all significant contract invocations across the TeachLink smart
contract workspace.

Problem

Access logging is insufficient for security auditing. Individual modules emit
domain-specific events but there is no unified mechanism to:

  • Record all access attempts with caller identity
  • Distinguish successful operations from failures with error codes
  • Capture temporal patterns for anomaly detection
  • Support structured audit queries for compliance reporting

this pr Closes #267

Changes

New Module: access_logger.rs

  • AccessLogger::log_access — records every access attempt with caller,
    operation tag, outcome, and timestamp into persistent storage
  • AccessLogger::get_log_entry — retrieves a single log entry by ID
  • AccessLogger::get_total_log_count — returns total entries ever recorded
  • AccessLogger::query_logs — conjunctive filter queries (caller, operation,
    outcome, time range) with most-recent-first ordering
  • AccessLogger::get_temporal_pattern — returns per-address call count for
    a given hourly window

New Types (types.rs)

  • AccessOutcome enum — Success / Failure { error_code: u32 }
  • AccessLogEntry struct — immutable record per access attempt
  • AuditQuery struct — filter parameters for audit queries

New Storage Keys (storage.rs)

  • LOG_COUNTER (persistent) — monotonically increasing entry ID
  • ACCESS_LOGS (persistent) — all log entries, survives TTL expiry
  • ACCESS_TEMPORAL (instance) — per-address hourly call counts

New Events (events.rs)

  • AccessAttemptEvent — emitted for every recorded entry
  • AccessLogFailedEvent — emitted when a log write itself fails

New Errors (errors.rs)

  • AccessLogErrorStorageWriteFailed (500), InvalidOperationTag (501),
    InvalidLimit (502)

Acceptance Criteria

  • Log all access attempts — persistent, monotonic entry IDs
  • Track success/failure — AccessOutcome with error code preservation
  • Record temporal patterns — hourly window buckets per address
  • Enable audit analysis — conjunctive query filters, most-recent-first

Audit Trail Guarantees

  • Append-only: no delete or modify functions exposed
  • Read-open: query functions require no authorization
  • Persistent storage: entries survive ledger TTL expiry
  • Off-chain observable: events emitted for every attempt

Base

rinafcode/teachLink_contract:main

@Just-Bamford
feat: implement comprehensive access logging for security auditing
6aae909 
- Add AccessOutcome, AccessLogEntry, AuditQuery types to types.rs
- Add LOG_COUNTER, ACCESS_LOGS, ACCESS_TEMPORAL storage keys to storage.rs
- Add AccessAttemptEvent, AccessLogFailedEvent events to events.rs
- Add AccessLogError (500-502) to errors.rs
- Create access_logger.rs with AccessLogger module:
  - log_access: persistent entry storage + hourly temporal window tracking
  - get_log_entry: retrieve entry by ID (no auth required)
  - get_total_log_count: monotonic counter (no auth required)
  - query_logs: conjunctive filters, most-recent-first, limit-capped
  - get_temporal_pattern: per-address hourly call count
- Wire AccessLogger into lib.rs as public contract entry points
- Append-only design: no delete/modify functions exposed
@Just-Bamford
Merge branch 'main' into feat/access-logging-security
4d86c67
@Just-Bamford
Update storage.rs
4484060
@drips-wave
Copy link
Copy Markdown

drips-wave Bot commented Apr 23, 2026

@Just-Bamford Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits

@Just-Bamford
Copy link
Copy Markdown
Contributor Author

Just-Bamford commented Apr 28, 2026

@Xhristin3

Kindly review and merge this PR. Ongoing changes are causing recurring conflicts.

@Xhristin3 Xhristin3 merged commit 04db20c into rinafcode:main Apr 28, 2026
1 of 2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Implement comprehensive backup and recovery procedures

2 participants

@Just-Bamford @Xhristin3