263884fa63
3 bundles: CLI audit command group (scaffold/query/export/verify-chain), ManagementService endpoints, formatters + audit-config rename + README. verify-chain is a v1 no-op stub; hash chain deferred to v1.x.
1.6 KiB
1.6 KiB
Audit Log #23 — M8 CLI Implementation Plan
For Claude: subagent-driven-development with bundled cadence. FINAL milestone.
Goal: Operator CLI surface — scadalink audit query | export | verify-chain — plus the ManagementService HTTP endpoints they call, output formatters, and renaming the pre-existing audit-log config-change command to audit-config with a deprecation alias.
M7 realities baked in:
OperationalAudit+AuditExportare role-claim policies (M7 Bundle G). The Management endpoints reuse them.IAuditLogRepository.QueryAsync(keyset paging) +GetKpiSnapshotAsyncexist.AuditLogQueryFilteris single-value per dimension — the CLI's--channeletc. flags collapse to single values like the UI chips do (documented limitation).verify-chainis a v1 no-op stub (hash-chain deferred to v1.x per alog.md locked decisions). Do NOT implement hash chains.- ManagementService surface: confirm controllers vs minimal API by reading the project (M7 found CentralUI uses minimal API; ManagementService may differ).
CLI conventions: System.CommandLine; JSON default + --format table opt-in. The CLI connects via the HTTP Management API (per CLAUDE.md). Mirror src/ScadaLink.CLI/Commands/AuditLogCommands.cs for the System.CommandLine pattern.
Bundles:
- Bundle A — CLI
auditcommand group: scaffold + query + export + verify-chain (T1, T2, T3, T4). - Bundle B — ManagementService /api/audit/{query,export} endpoints (T5).
- Bundle C — Output formatters + audit-config rename + README (T6, T7, T8).
Final cross-bundle review + merge + roadmap closeout.