Sync wiki after docs cleanup

2026-07-09 12:03:39 +02:00
parent f2c27f1547
commit 68786986dc
3 changed files with 72 additions and 4 deletions

@@ -5,3 +5,4 @@
This page is generated from repository and product-directory project files. This page is generated from repository and product-directory project files.
- [Repo-README](Repo-README) - `/mnt/DATA/git/govoplan-audit/README.md` - [Repo-README](Repo-README) - `/mnt/DATA/git/govoplan-audit/README.md`
- [Repo-docs-AUDIT-TRACE-CONTEXT](Repo-docs-AUDIT-TRACE-CONTEXT) - `/mnt/DATA/git/govoplan-audit/docs/AUDIT_TRACE_CONTEXT.md`

@@ -1,4 +1,4 @@
<!-- codex-wiki-sync:5c1e3528164dd482cfc7feda --> <!-- codex-wiki-sync:9256ff355f11994a1d607a32 -->
> Mirrored from `/mnt/DATA/git/govoplan-audit/README.md`. > Mirrored from `/mnt/DATA/git/govoplan-audit/README.md`.
> Origin: `repository`. > Origin: `repository`.
@@ -10,6 +10,10 @@
`govoplan-audit` owns audit API route contributions during the GovOPlaN module `govoplan-audit` owns audit API route contributions during the GovOPlaN module
split. split.
This repository owns the live `audit_log` table while preserving the This repository owns the live `audit_log` table, audit API route
historical table name. It provides audit API route contributions and is the contributions, and the target boundary for future audit sink/export capability
target boundary for future audit sink/export capability work. work.
See [docs/AUDIT_TRACE_CONTEXT.md](docs/AUDIT_TRACE_CONTEXT.md) for the standard
operational context fields used by admin, installer, and module lifecycle audit
entries.

@@ -0,0 +1,63 @@
<!-- codex-wiki-sync:38bc34c5d1594eb6b36a3a9e -->
> Mirrored from `/mnt/DATA/git/govoplan-audit/docs/AUDIT_TRACE_CONTEXT.md`.
> Origin: `repository`.
> Active tasks and changing state belong in Gitea issues; this wiki page is durable project context.
---
# Audit Trace Context
Operational audit entries should let an administrator answer four questions:
- who initiated the operation
- what object was changed
- which lifecycle request or run carried the change
- how the entry connects to surrounding request, installer, or worker logs
The actor, tenant, scope, action, object type, and object ID remain first-class
`audit_log` columns. Additional operational context belongs in `details`.
## Standard Fields
Use these fields for admin, module lifecycle, installer, and worker operations:
- `module_id`: module affected by the operation, when a single module is the
target.
- `request_id`: queued installer/admin request identifier.
- `run_id`: installer/worker run identifier.
- `outcome`: compact state such as `planned`, `queued`, `applied`,
`cancelled`, `failed`, or `completed`.
- `_trace.correlation_id`: request or workflow correlation ID.
- `_trace.causation_id`: event, run, or operation that caused this audit entry.
Bulk operations may also include concise arrays such as `activated`,
`deactivated`, `mounted`, `planned_modules`, or sanitized `items`.
## Redaction
Audit detail payloads must not contain credentials, tokens, raw cookies,
authorization headers, private keys, message bodies, uploaded file content, or
other secret material. Use stable IDs, vault references, or package identifiers
instead.
The compatibility helper in core, `audit_operation_context`, keeps the standard
fields compact and applies the shared audit redaction pass to additional detail
values. Feature modules should follow the same shape even when they later write
through a dedicated audit sink capability.
## Module Lifecycle Events
Module install, uninstall, enable, disable, rollback, and package-catalog
acceptance events should include:
- `object_type`: `module_install_plan`, `module_install_request`,
`module_state`, or another stable lifecycle object type.
- `object_id`: module ID for single-module actions, otherwise `global` or the
request/run ID.
- `details.module_id`, `details.request_id`, or `details.run_id` when present.
- `details.outcome` with the lifecycle result.
- `details._trace` when the operation originated from a request or queued
daemon action.
This keeps admin UI timelines, audit exports, and rollback diagnostics aligned
without coupling modules to the audit table implementation.