dohertj2/scadalink-design
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

docs(audit): drop stale InboundAuthFailure exclusion from design doc

Browse Source 
The design doc claimed (in two places) that InboundAuthFailure rows
were excluded from the inbound full-body carve-out — but the actual
implementation gates the carve-out on Channel == ApiInbound, NOT Kind.
Every audit row the InboundAPI middleware emits (whether
Kind = InboundRequest or Kind = InboundAuthFailure) carries
Channel = ApiInbound, so both Kinds receive the inbound ceiling. That
is the intended behaviour: an auth-failure row's request body is
exactly the body the operator wants to see in full when investigating
a rejected request.

Update both occurrences (Decision block + Not in Scope block) to say
the carve-out applies to all Channel = ApiInbound rows regardless of
Kind. Pure documentation change — no code drift.
This commit is contained in:
Joseph Doherty
2026-05-23 09:25:23 -04:00
parent 7d87994ac0
commit e567eb334c
1 changed files with 8 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
docs/plans/2026-05-23-inbound-api-full-response-audit-design.md
View File

@@ -19,9 +19,11 @@ receive" debugging path.
For `Channel = ApiInbound` rows only, capture `RequestSummary` and For `Channel = ApiInbound` rows only, capture `RequestSummary` and
`ResponseSummary` verbatim up to a hard per-body ceiling of **1 MB** `ResponseSummary` verbatim up to a hard per-body ceiling of **1 MB**
(configurable). The 8 KB / 64 KB default/error caps that apply to other channels (configurable). The 8 KB / 64 KB default/error caps that apply to other channels
do not apply here. All other channels (`ApiOutbound`, `DbOutbound`, do not apply here. The carve-out is channel-scoped (NOT kind-scoped): every
`Notification`, cached-call lifecycle, `InboundAuthFailure`) keep the existing `Channel = ApiInbound` row uses the inbound ceiling regardless of `Kind`, so
policy unchanged. `InboundAuthFailure` rows pick up the same ceiling as `InboundRequest`. All
other channels (`ApiOutbound`, `DbOutbound`, `Notification`, cached-call
lifecycle) keep the existing policy unchanged.
## Capture Policy Change ## Capture Policy Change
@@ -124,8 +126,9 @@ same "options validation" path used for other AuditLog settings.
routinely-huge responses, operators use the existing per-target body redactor routinely-huge responses, operators use the existing per-target body redactor
to compress them, or lower the global ceiling. to compress them, or lower the global ceiling.
- **Changes to other channels' caps.** `ApiOutbound`, `DbOutbound`, - **Changes to other channels' caps.** `ApiOutbound`, `DbOutbound`,
`Notification`, cached-call lifecycle rows, and `InboundAuthFailure` keep the `Notification`, and cached-call lifecycle rows keep the existing 8 KB / 64 KB
existing 8 KB / 64 KB policy. policy. (`InboundAuthFailure` rows carry `Channel = ApiInbound` and so fall
under the inbound ceiling like every other inbound row.)
## Acceptance Criteria ## Acceptance Criteria