Joseph Doherty 7d87994ac0 feat(inboundapi): bound audit capture at InboundMaxBytes (memory safety) ...

AuditWriteMiddleware previously buffered the FULL request and response
bodies into memory and only let DefaultAuditPayloadFilter trim them
after persistence. A 500 MiB upload allocated 500 MiB of MemoryStream
plus 1 GiB of UTF-16 string transiently before the filter pulled it
back to the 1 MiB inbound ceiling — the cap was real on the persisted
row but not at the capture site.

Inject IOptionsMonitor<AuditLogOptions> and read InboundMaxBytes
per-request (same convention as DefaultAuditPayloadFilter so a live
config change picks up the next request). The request reader now pulls
at most cap + 1 bytes into a UTF-8 byte-safe-truncated string and
rewinds the stream so the endpoint handler still sees the full body.
The response wrap is a new CapturedResponseStream that forwards every
Write / WriteAsync to the real sink (the client still receives all
bytes) while capturing at most cap + 1 bytes for the audit copy. The
middleware now sets PayloadTruncated itself when either body hit the
cap; the filter still OR's its own determination on top.

Adds a project reference from ScadaLink.InboundAPI to
ScadaLink.AuditLog so AuditLogOptions resolves. AuditLog does NOT
reference InboundAPI back, so no cycle is introduced.

Tests:
 - All 21 existing AuditWriteMiddlewareTests still pass (the helper
   gains an optional AuditLogOptions argument; default is the standard
   1 MiB ceiling so existing small-body tests are unaffected).
 - MiddlewareOrderTests' construction site updated for the new ctor
   arg; a StaticAuditLogOptionsMonitor file-local double mirrors the
   InboundChannelCapTests pattern.
 - New RequestBody_AboveInboundMaxBytes_TruncatedToCap_PayloadTruncatedTrue
   pins a 4 KiB cap against a 20 KB body: audit copy <= 4 KiB,
   PayloadTruncated = true, downstream handler reads the full 20 KB.
 - New ResponseBody_AboveInboundMaxBytes_TruncatedToCap_ClientStillReceivesAllBytes_PayloadTruncatedTrue
   pins the same shape on the response side: client sink receives
   20 KB, audit copy <= 4 KiB, PayloadTruncated = true.

InboundAPI test count: 133 -> 135.

2026-05-23 09:25:00 -04:00

..

ScadaLink.AuditLog.Tests

feat(auditlog): payload filter uses InboundMaxBytes for ApiInbound rows

2026-05-23 05:55:03 -04:00

ScadaLink.CentralUI.PlaywrightTests

test(centralui): fix flaky audit-grid resize-survives-reload test

2026-05-22 08:00:46 -04:00

ScadaLink.CentralUI.Tests

feat(centralui): collapsible sidebar nav sections

2026-05-22 07:36:57 -04:00

ScadaLink.CLI.Tests

feat(audit): ParentExecutionId filter in the CLI and ManagementService

2026-05-21 18:59:06 -04:00

ScadaLink.ClusterInfrastructure.Tests

fix(cluster-infrastructure): resolve ClusterInfrastructure-009,010 — DownIfAlone consumption (via Host-012), validator enforces DownIfAlone=true

2026-05-17 03:18:17 -04:00

ScadaLink.Commons.Tests

feat(auditlog): NotifyDeliver rows carry the originating ParentExecutionId

2026-05-21 18:11:04 -04:00

ScadaLink.Communication.Tests

feat(auditlog): ParentExecutionId on site SQLite schema + gRPC AuditEventDto

2026-05-21 17:12:34 -04:00

ScadaLink.ConfigurationDatabase.Tests

refactor(auditlog): GetExecutionTreeAsync recurses over a distinct edge set

2026-05-21 18:29:48 -04:00

ScadaLink.DataConnectionLayer.Tests

fix(data-connection-layer): resolve DataConnectionLayer-014..017 — real logger for OPC UA client, initial-connect failover, accurate subscribe response, per-tag write-batch results

2026-05-17 03:18:24 -04:00

ScadaLink.DeploymentManager.Tests

fix(deployment-manager): resolve DeploymentManager-015..017 — reconciliation applies post-success side effects, updates RevisionHash, corrected XML doc

2026-05-17 03:18:24 -04:00

ScadaLink.ExternalSystemGateway.Tests

test(auditlog): assert ExecutionId threading hops; defensive Guid parse on S&F read

2026-05-21 15:27:58 -04:00

ScadaLink.HealthMonitoring.Tests

feat(health): SiteAuditBacklog metric (count + age + bytes) (#23 M6)

2026-05-20 19:02:01 -04:00

ScadaLink.Host.Tests

feat(host): register SiteCallAuditActor + CachedCallTelemetry forwarder/bridge (#22, #23 M3)

2026-05-20 15:10:47 -04:00

ScadaLink.InboundAPI.Tests

feat(inboundapi): bound audit capture at InboundMaxBytes (memory safety)

2026-05-23 09:25:00 -04:00

ScadaLink.IntegrationTests

feat(auditlog): GetExecutionTreeAsync recursive execution-chain query

2026-05-21 18:22:21 -04:00

ScadaLink.ManagementService.Tests

feat(audit): ParentExecutionId filter in the CLI and ManagementService

2026-05-21 18:59:06 -04:00

ScadaLink.NotificationOutbox.Tests

feat(auditlog): NotifyDeliver rows carry the originating ParentExecutionId

2026-05-21 18:11:04 -04:00

ScadaLink.NotificationService.Tests

refactor(notification-outbox): extract EmailAddressValidator helper, drop orphaned using

2026-05-19 03:39:05 -04:00

ScadaLink.PerformanceTests

test(auditlog): hot-path latency budget for IAuditPayloadFilter (#23 M5)

2026-05-20 17:36:29 -04:00

ScadaLink.Security.Tests

feat(security): OperationalAudit + AuditExport permissions for Audit Log surface (#23 M7)

2026-05-20 21:09:42 -04:00

ScadaLink.SiteCallAudit.Tests

feat(sitecallaudit): central→site Retry/Discard relay for parked operations

2026-05-21 04:36:04 -04:00

ScadaLink.SiteEventLogging.Tests

fix(site-event-logging): resolve SiteEventLogging-012..014 — fault dropped-event tasks, escape LIKE wildcards, re-triage startup-purge finding (Won't Fix)

2026-05-17 03:18:41 -04:00

ScadaLink.SiteRuntime.Tests

feat(auditlog): NotifyDeliver rows carry the originating ParentExecutionId

2026-05-21 18:11:04 -04:00

ScadaLink.StoreAndForward.Tests

feat(auditlog): thread ParentExecutionId through S&F for retry-loop cached rows

2026-05-21 17:58:11 -04:00

ScadaLink.TemplateEngine.Tests

feat(template-engine): contained names for composition-derived templates

2026-05-18 17:50:30 -04:00