improvement(audit): enrich metadata across 23 audit log call sites

[waleedlatif1]

Summary

• Standardize audit log metadata with well-known keys: targetEmail, targetName, targetRole, changes[], affected{}
• Enrich 31 recordAudit calls across 23 API route files with structured metadata
• Tier 1 (security-critical): all member/invitation actions now capture target user email, role changes with from/to values
• Tier 2 (operational): workflow deploy captures version, deletions capture affected resource counts, document uploads capture file metadata
• Add lightweight user joins where needed to resolve target email/name without extra round-trips
• Fix missing workspaceId on credential set invitation resent audit call

Type of Change

• Improvement (enhancement to existing feature)

Testing

• TypeScript: zero errors
• Audit tests: 21/21 passing
• Tested manually

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
docs	Ready	Preview, Comment	Feb 24, 2026 7:38am

[waleedlatif1]

@cursor review

[waleedlatif1]

@greptile

[greptile-apps]

Greptile Summary

This PR systematically enriches audit log metadata across 23 API route files with standardized, well-structured metadata fields. The changes establish consistent patterns for security-critical operations (member management, invitations, permission changes) and operational events (deployments, deletions, uploads).

Key improvements:

• Standardized metadata keys: targetEmail, targetName, targetRole instead of ad-hoc email/role fields
• Added changes[] array with {field, from, to} structure for tracking state transitions in role/permission updates
• Added affected{} object for deletion operations to capture impact (workflows, folders, subfolders counts)
• Added operational metadata: deployment version, file upload details (fileCount, fileNames, fileType, fileSize)
• Fixed missing workspaceId on credential set invitation resend audit log
• Lightweight user table joins added where needed to resolve target user email/name without extra queries

Code quality:

• Changes are focused and consistent across all files
• All modifications follow the same pattern and naming conventions
• User joins are efficient (using innerJoin only where data is needed for audit)
• Two unrelated but safe changes: icon import alphabetization and trailing newline in docs meta.json

Confidence Score: 5/5

• This PR is safe to merge with minimal risk
• Score of 5 reflects that all changes are additive metadata enrichments to existing audit logs with no logic changes, consistent patterns applied uniformly across 23 files, passing tests (21/21 audit tests), and zero TypeScript errors. The bug fix for missing workspaceId improves correctness. Changes are low-risk as they only add data to audit logs without affecting core business logic.
• No files require special attention

Important Files Changed

Filename	Overview
apps/sim/app/api/credential-sets/[id]/invite/[invitationId]/route.ts	Fixed missing workspaceId and standardized email to targetEmail in audit metadata
apps/sim/app/api/knowledge/[id]/documents/route.ts	Added file metadata (fileCount, fileNames, fileName, fileType, fileSize) to document upload audit logs
apps/sim/app/api/organizations/[id]/members/[memberId]/route.ts	Added user joins to capture targetEmail, targetName, and changes[] array with from/to values for role updates and member removals
apps/sim/app/api/permission-groups/[id]/members/route.ts	Added user joins to capture targetEmail when adding/removing members from permission groups
apps/sim/app/api/workspaces/[id]/permissions/route.ts	Added user join to capture targetEmail and changes[] array with from/to permission values
apps/sim/app/api/workspaces/[id]/route.ts	Added pre-deletion count of workflows and metadata with affected resources and deleteTemplates flag

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Audit Log Event] --> B{Event Type}
    
    B -->|Security-Critical| C[Member/Invitation Operations]
    B -->|Operational| D[Resource Operations]
    
    C --> C1[Standard Metadata]
    C1 --> C1a[targetEmail]
    C1 --> C1b[targetName]
    C1 --> C1c[targetRole]
    
    C --> C2[State Changes]
    C2 --> C2a["changes[] array"]
    C2a --> C2b["field: 'role'"]
    C2a --> C2c[from: old value]
    C2a --> C2d[to: new value]
    
    D --> D1[Deletion Operations]
    D1 --> D1a["affected{} object"]
    D1a --> D1b[workflows count]
    D1a --> D1c[folders count]
    D1a --> D1d[subfolders count]
    
    D --> D2[Upload Operations]
    D2 --> D2a[File Metadata]
    D2a --> D2b[fileCount]
    D2a --> D2c[fileNames]
    D2a --> D2d[fileType]
    D2a --> D2e[fileSize]
    
    D --> D3[Deploy Operations]
    D3 --> D3a[version ID]
    
    style A fill:#e1f5ff
    style C fill:#fff4e6
    style D fill:#f3e5f5
    style C1 fill:#c8e6c9
    style C2 fill:#ffccbc
    style D1 fill:#b3e5fc
    style D2 fill:#d1c4e9
    style D3 fill:#ffe0b2

Loading

_{Last reviewed commit: 77eb2f0}

[greptile-apps]

_{25 files reviewed, no comments}

_{Edit Code Review Agent Settings | Greptile}

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{Bugbot Autofix is OFF. To automatically fix reported issues with Cloud Agents, enable Autofix in the Cursor dashboard.}