Archibald312/GordonOSS@d523a644

Phase 6: audit logging for LLM + tool invocations (#6)

↗ view on GitHub · Archibald312 · 2026-05-15 · d523a644

- New audit_log table with immutability triggers (UPDATE/DELETE blocked
  at the DB layer); migration in backend/migrations/audit_log.sql and
  appended to backend/schema.sql.
- backend/src/lib/audit.ts: AuditEntry shape, recordAudit() fire-and-forget
  insert, hashContent() SHA-256 helper, AUDIT_LOG_ENABLED feature flag.
- Tool dispatcher (lib/tools/registry.ts) records a tool_call row per
  invocation with duration, input/output hashes, and resolved document
  IDs from args + side effects; errors are recorded then re-thrown.
- streamChatWithTools wraps the per-provider stream and records an
  llm_call row on success or error. Audit context flows through
  runLLMStream and the tabular generate path.
- GET /audit-log returns the caller's own entries with filters
  (project_id, event_type, from, to, limit, offset).
- Unit tests cover hashContent determinism, recordAudit insert shape,
  feature-flag no-op, and error swallowing.

Repository	Archibald312/GordonOSS
Author	Archibald312 <129438073+Archibald312@users.noreply.github.com>
Authored	2026-05-15T19:40:57-05:00
Parents	`2ac696ce`
Stats	13 files changed , +608 , -14
Part of	Phase 6 - Audit logging for LLM and tool invocations

Repository

Archibald312/GordonOSS

Author

Archibald312 <129438073+Archibald312@users.noreply.github.com>

Authored

2026-05-15T19:40:57-05:00

Parents

2ac696ce

Stats

13 files changed , +608 , -14

Part of

Phase 6 - Audit logging for LLM and tool invocations

Capture this commit into my fork

Download a Markdown prompt that tells Claude how to port this exact commit into your working tree. Run it via claude -p < capture-commit-d523a644.md from inside the repo you want the change in.

⬇ Download capture-commit-d523a644.md