Audit-log /api/ai/triage requests#17
Merged
Merged
Conversation
Every triage that passes RBAC + rate-limit now writes an audit_logs row
(action=triage, resource=ai_triage, resource_id=vps_id when supplied).
The details payload captures alert metadata, the resolved provider/model,
and the LLM outcome — but NOT the raw description, recent_logs, or
ebpf_metrics, which can carry sensitive content. Audit logs answer
"who triaged what, when, with what outcome", not "what was in the logs".
403 (RBAC denied) and 429 (rate-limit denied) are intentionally NOT
audit-logged — they're security events visible in the warn!/info!
logs, not operator actions.
Refactored the handler to build the response in a single binding so
all three exit paths (no API key, LLM failed, LLM succeeded) flow
through the same log_audit call.
New integration test triages a fake VPS as an operator, then GETs
/api/audit-logs as admin and verifies action/resource/resource_id/
user_email/details all match.
Docs: docs/ai-triage.{en,zh}.md gain an "Audit logging" subsection
documenting the schema and the deliberate exclusions.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes the last lower-priority gap from the original AI-features review: triage requests left no record. Now every triage that passes RBAC + rate-limit writes an
audit_logsrow, queryable viaGET /api/audit-logs?resource=ai_triage(admin-only).Logged shape
action\"triage\"resource\"ai_triage\"resource_idvps_id(UUID string) when supplied — lets operators filter?resource_id=<vps>to see who has triaged a given hostdetails{alert_name, alert_severity, vps_hostname, fired_at, provider, model, available, confidence}user_id/user_emailCurrentUser(works for both JWT and API-key auth)What's deliberately not logged
description,recent_logs,system_info,ebpf_metrics— these can carry sensitive content (auth tokens, PII, customer data). Audit logs answer "who triaged what", not "what was in the logs".warn!/info!logs already. Audit logs are for legitimate operator actions.Refactor for safety
The handler had three exit paths (no API key → degraded; LLM failed → degraded; LLM succeeded → parsed). Refactored to build the response in a single
let response = match ... { ... };binding so a singlelog_auditcall after the match covers all three. No behaviour change; just makes "every response goes through audit" structurally obvious.Tests
New integration test `test_triage_writes_audit_log`:
vps_id/api/audit-logs?resource=ai_triagetotal=1, action/resource/resource_id/user_email all correct, anddetailscontains the captured alert metadata + resolved provider (anthropicdefault) +available: false(test env has no LLM_API_KEY)cargo build --testsclean locally.Docs
docs/ai-triage.{en,zh}.mdgain an "Audit logging" subsection between rate-limit and OpenAPI, documenting the schema and the deliberate exclusions.Test plan
cargo build --tests— green locally/api/audit-logs?resource=ai_triageshows the row with the expected details🤖 Generated with Claude Code