From e567eb334c349c7d2c9bffedb9f925d7968a2d8e Mon Sep 17 00:00:00 2001 From: Joseph Doherty Date: Sat, 23 May 2026 09:25:23 -0400 Subject: [PATCH] docs(audit): drop stale InboundAuthFailure exclusion from design doc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The design doc claimed (in two places) that InboundAuthFailure rows were excluded from the inbound full-body carve-out — but the actual implementation gates the carve-out on Channel == ApiInbound, NOT Kind. Every audit row the InboundAPI middleware emits (whether Kind = InboundRequest or Kind = InboundAuthFailure) carries Channel = ApiInbound, so both Kinds receive the inbound ceiling. That is the intended behaviour: an auth-failure row's request body is exactly the body the operator wants to see in full when investigating a rejected request. Update both occurrences (Decision block + Not in Scope block) to say the carve-out applies to all Channel = ApiInbound rows regardless of Kind. Pure documentation change — no code drift. --- ...-05-23-inbound-api-full-response-audit-design.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/docs/plans/2026-05-23-inbound-api-full-response-audit-design.md b/docs/plans/2026-05-23-inbound-api-full-response-audit-design.md index 81eb294..7cec6c6 100644 --- a/docs/plans/2026-05-23-inbound-api-full-response-audit-design.md +++ b/docs/plans/2026-05-23-inbound-api-full-response-audit-design.md @@ -19,9 +19,11 @@ receive" debugging path. For `Channel = ApiInbound` rows only, capture `RequestSummary` and `ResponseSummary` verbatim up to a hard per-body ceiling of **1 MB** (configurable). The 8 KB / 64 KB default/error caps that apply to other channels -do not apply here. All other channels (`ApiOutbound`, `DbOutbound`, -`Notification`, cached-call lifecycle, `InboundAuthFailure`) keep the existing -policy unchanged. +do not apply here. The carve-out is channel-scoped (NOT kind-scoped): every +`Channel = ApiInbound` row uses the inbound ceiling regardless of `Kind`, so +`InboundAuthFailure` rows pick up the same ceiling as `InboundRequest`. All +other channels (`ApiOutbound`, `DbOutbound`, `Notification`, cached-call +lifecycle) keep the existing policy unchanged. ## Capture Policy Change @@ -124,8 +126,9 @@ same "options validation" path used for other AuditLog settings. routinely-huge responses, operators use the existing per-target body redactor to compress them, or lower the global ceiling. - **Changes to other channels' caps.** `ApiOutbound`, `DbOutbound`, - `Notification`, cached-call lifecycle rows, and `InboundAuthFailure` keep the - existing 8 KB / 64 KB policy. + `Notification`, and cached-call lifecycle rows keep the existing 8 KB / 64 KB + policy. (`InboundAuthFailure` rows carry `Channel = ApiInbound` and so fall + under the inbound ceiling like every other inbound row.) ## Acceptance Criteria