0ef78e13ff
- Backend (FastAPI): - AuditLog and AuditAlert models with Alembic migration - AuditService with SHA-256 checksum for log integrity - AuditMiddleware for request metadata extraction (IP, user_agent) - Integrated audit logging into Task, Project, Blocker APIs - Query API with filtering, pagination, CSV export - Integrity verification endpoint - Sensitive operation alerts with acknowledgement - Frontend (React + Vite): - Admin AuditPage with filters and export - ResourceHistory component for change tracking - Audit service for API calls - Testing: - 15 tests covering service and API endpoints - OpenSpec: - add-audit-trail change archived 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
1.2 KiB
1.2 KiB
Proposal: add-audit-trail
Why
半導體產業對資料追溯有嚴格的合規需求。目前系統缺乏統一的稽核日誌機制,無法追蹤:
- 誰在何時修改了什麼資料
- 關鍵操作(如權限變更、資料刪除)的完整記錄
- 異常行為的即時警示
此變更建立系統級稽核追蹤功能,為未來 document-management 模組提供基礎。
What Changes
Backend
- 新增 AuditLog、AuditAlert models
- 新增 AuditService (中間件自動記錄)
- 新增
/api/audit-logs查詢 API - 新增稽核報告匯出功能 (CSV)
- 整合 NotificationService 發送敏感操作警示
Frontend
- 新增稽核日誌查詢頁面 (Admin only)
- 新增資源變更歷史元件 (Task/Project 詳情頁)
Database
- 新增
pjctrl_audit_logs表 (append-only) - 新增
pjctrl_audit_alerts表
Impact
- 依賴: 使用現有 NotificationService 發送警示
- 被依賴: document-management 將使用此稽核功能
- 權限: 稽核查詢限 system_admin
- 效能: 使用非同步寫入避免影響主流程
Out of Scope
- 時間序列資料庫(先用 MySQL,未來可擴展)
- PDF 匯出(先實作 CSV)
- 資料庫觸發器(使用應用層中間件)