From 263884fa633cbb191777a18a4bcdf2170f32424c Mon Sep 17 00:00:00 2001
From: Joseph Doherty <dohejw01@gmail.com>
Date: Wed, 20 May 2026 21:39:29 -0400
Subject: [PATCH] docs(audit): add M8 CLI implementation plan (#23)

3 bundles: CLI audit command group (scaffold/query/export/verify-chain),
ManagementService endpoints, formatters + audit-config rename + README.
verify-chain is a v1 no-op stub; hash chain deferred to v1.x.
---
 docs/plans/2026-05-20-auditlog-m8-cli.md | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 docs/plans/2026-05-20-auditlog-m8-cli.md

diff --git a/docs/plans/2026-05-20-auditlog-m8-cli.md b/docs/plans/2026-05-20-auditlog-m8-cli.md
new file mode 100644
index 0000000..3e68f00
--- /dev/null
+++ b/docs/plans/2026-05-20-auditlog-m8-cli.md
@@ -0,0 +1,21 @@
+# Audit Log #23 — M8 CLI Implementation Plan
+
+> **For Claude:** subagent-driven-development with bundled cadence. FINAL milestone.
+
+**Goal:** Operator CLI surface — `scadalink audit query | export | verify-chain` — plus the ManagementService HTTP endpoints they call, output formatters, and renaming the pre-existing `audit-log` config-change command to `audit-config` with a deprecation alias.
+
+**M7 realities baked in:**
+- `OperationalAudit` + `AuditExport` are role-claim policies (M7 Bundle G). The Management endpoints reuse them.
+- `IAuditLogRepository.QueryAsync` (keyset paging) + `GetKpiSnapshotAsync` exist.
+- `AuditLogQueryFilter` is single-value per dimension — the CLI's `--channel` etc. flags collapse to single values like the UI chips do (documented limitation).
+- `verify-chain` is a v1 no-op stub (hash-chain deferred to v1.x per alog.md locked decisions). Do NOT implement hash chains.
+- ManagementService surface: confirm controllers vs minimal API by reading the project (M7 found CentralUI uses minimal API; ManagementService may differ).
+
+**CLI conventions:** System.CommandLine; JSON default + `--format table` opt-in. The CLI connects via the HTTP Management API (per CLAUDE.md). Mirror `src/ScadaLink.CLI/Commands/AuditLogCommands.cs` for the System.CommandLine pattern.
+
+**Bundles:**
+- Bundle A — CLI `audit` command group: scaffold + query + export + verify-chain (T1, T2, T3, T4).
+- Bundle B — ManagementService /api/audit/{query,export} endpoints (T5).
+- Bundle C — Output formatters + audit-config rename + README (T6, T7, T8).
+
+Final cross-bundle review + merge + roadmap closeout.