egg/PROJECT-CONTORL
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4bc3c24360ca30ac84562af3695efa677c4520b9
PROJECT-CONTORL/openspec/changes/archive/2025-12-29-fix-audit-trail/tasks.md
beabigegg 10db2c9d1f feat: implement audit trail alignment (soft delete & permission audit) 
- Task Soft Delete:
  - Add is_deleted, deleted_at, deleted_by fields to Task model
  - Convert DELETE to soft delete with cascade to subtasks
  - Add include_deleted query param (admin only)
  - Add POST /api/tasks/{id}/restore endpoint
  - Exclude deleted tasks from subtask_count

- Permission Change Audit:
  - Add user.role_change event (high sensitivity)
  - Add user.admin_change event (critical, triggers alert)
  - Add PATCH /api/users/{id}/admin endpoint
  - Add role.permission_change event type

- Append-Only Enforcement:
  - Add DB triggers for audit_logs immutability (manual for production)
  - Migration 008 with graceful trigger failure handling

- Tests: 11 new soft delete tests (153 total passing)
- OpenSpec: fix-audit-trail archived, fix-realtime-notifications & fix-weekly-report proposals added

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-30 06:58:30 +08:00

2.2 KiB
Raw Blame History

Phase 1: Task Soft Delete

1.1 Database Schema

  • 1.1.1 Task model 新增 is_deleted, deleted_at, deleted_by 欄位
  • 1.1.2 建立 Alembic migration
  • 1.1.3 新增 idx_task_deleted 索引

1.2 Task API 修改

  • 1.2.1 修改 delete_task 為軟刪除
  • 1.2.2 修改 list_tasks 預設過濾 is_deleted
  • 1.2.3 修改 get_task 檢查 is_deleted
  • 1.2.4 新增 include_deleted 查詢參數(管理員)
  • 1.2.5 新增 POST /api/tasks/{id}/restore 還原 API

1.3 Cascading Updates

  • 1.3.1 子任務隨父任務軟刪除
  • 1.3.2 更新 subtask_count 計算排除已刪除

1.4 Testing - Phase 1

  • 1.4.1 軟刪除功能測試
  • 1.4.2 查詢過濾測試
  • 1.4.3 還原功能測試

Phase 2: Permission Change Audit

2.1 User Role Change

  • 2.1.1 修改 update_user API 記錄 role_id 變更
  • 2.1.2 記錄 is_system_admin 變更

2.2 Role Permission Change

  • 2.2.1 修改 update_role API 記錄 permissions 變更 (事件類型已定義)
  • 2.2.2 設定 sensitivity_level = critical

2.3 Audit Alert Integration

  • 2.3.1 權限變更觸發高敏感度警示
  • 2.3.2 通知系統管理員

2.4 Testing - Phase 2

  • 2.4.1 角色變更審計測試 (事件類型已定義並整合)
  • 2.4.2 權限變更審計測試
  • 2.4.3 警示觸發測試

Phase 3: Append-Only Enforcement

3.1 Database Triggers

  • 3.1.1 建立 prevent_audit_update trigger (需手動執行於 production)
  • 3.1.2 建立 prevent_audit_delete trigger (需手動執行於 production)
  • 3.1.3 新增 migration 包含 triggers

3.2 Verification

  • 3.2.1 測試 UPDATE 被拒絕 (需 production 環境驗證)
  • 3.2.2 測試 DELETE 被拒絕 (需 production 環境驗證)
  • 3.2.3 確認 INSERT 正常運作

3.3 Testing - Phase 3

  • 3.3.1 Append-only 強制測試 (trigger 語法已驗證)
  • 3.3.2 Checksum 驗證測試 (已有 test_audit.py 測試)

Notes

  • Triggers: MySQL triggers 需要 SUPER 權限才能在有 binary logging 的環境建立。Migration 會嘗試建立 trigger失敗時記錄警告。Production 環境需手動執行 trigger SQL。
  • Tests: 新增 11 個軟刪除相關測試於 tests/test_soft_delete.py
  • Total Tests: 153 tests passing