egg/PROJECT-CONTORL
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implement audit trail alignment (soft delete & permission audit)

Browse Source 
- Task Soft Delete:
  - Add is_deleted, deleted_at, deleted_by fields to Task model
  - Convert DELETE to soft delete with cascade to subtasks
  - Add include_deleted query param (admin only)
  - Add POST /api/tasks/{id}/restore endpoint
  - Exclude deleted tasks from subtask_count

- Permission Change Audit:
  - Add user.role_change event (high sensitivity)
  - Add user.admin_change event (critical, triggers alert)
  - Add PATCH /api/users/{id}/admin endpoint
  - Add role.permission_change event type

- Append-Only Enforcement:
  - Add DB triggers for audit_logs immutability (manual for production)
  - Migration 008 with graceful trigger failure handling

- Tests: 11 new soft delete tests (153 total passing)
- OpenSpec: fix-audit-trail archived, fix-realtime-notifications & fix-weekly-report proposals added

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
beabigegg
2025-12-30 06:58:30 +08:00
parent 95c281d8e1
commit 10db2c9d1f
18 changed files with 1455 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
openspec/changes/fix-realtime-notifications/specs/collaboration/spec.md Normal file
View File

@@ -0,0 +1,36 @@
## MODIFIED Requirements
### Requirement: Real-time Notifications
系統 SHALL 透過 WebSocket 與 Redis Pub/Sub 推播即時通知。
#### Scenario: 即時通知推播
- **GIVEN** 發生需要通知的事件(如:被指派任務、被 @提及、阻礙標記)
- **WHEN** NotificationService.create_notification() 執行
- **THEN** 系統透過 Redis Pub/Sub 發布通知至 `notifications:{user_id}` channel
- **AND** 訂閱該 channel 的 WebSocket 連線接收訊息
- **AND** ConnectionManager 推送通知給使用者的 WebSocket
#### Scenario: 連線時補送未讀
- **GIVEN** 使用者建立 WebSocket 連線
- **WHEN** 連線驗證成功
- **THEN** 系統查詢該使用者的未讀通知 (is_read = false)
- **AND** 透過 unread_sync 訊息一次推送所有未讀通知
- **AND** 開始訂閱 Redis channel 接收新通知
#### Scenario: 心跳偵測
- **GIVEN** 使用者已建立 WebSocket 連線
- **WHEN** 連線超過心跳間隔無回應
- **THEN** 系統將連線標記為斷線並從 ConnectionManager 移除
## MODIFIED Technical Notes
- 使用 Redis Pub/Sub 處理即時通知推播
- WebSocket 連線管理:
- ConnectionManager 維護 user_id → WebSocket[] 映射
- 心跳偵測清理斷線連線
- Token 驗證透過 query parameter
- 通知推播流程:
1. NotificationService.create_notification() 建立通知
2. 呼叫 redis_pubsub.publish_notification() 發布
3. 訂閱該 user channel 的 worker 收到訊息
4. ConnectionManager.send_to_user() 推送給連線的 WebSocket