From 6588e15f579750c3d406c074b69df0f64faac556 Mon Sep 17 00:00:00 2001 From: Joseph Doherty Date: Mon, 1 Jun 2026 07:16:18 -0400 Subject: [PATCH] docs(audit): fix canonical record field count (10 not 8) + drop BCL-only overstatement (review fixes) --- components/audit/README.md | 4 ++-- .../audit/current-state/scadabridge/CURRENT-STATE.md | 4 ++-- components/audit/spec/SPEC.md | 9 +++++---- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/components/audit/README.md b/components/audit/README.md index 9c7d9b0..0b5eba5 100644 --- a/components/audit/README.md +++ b/components/audit/README.md @@ -56,8 +56,8 @@ adoption plan: enum (`Success | Failure | Denied`); the `IAuditWriter` seam (best-effort, never throws to caller); the `IAuditRedactor` seam (pure, never throws, over-redacts on failure); shipped helpers (`NoOpAuditWriter`, `CompositeAuditWriter`, `RedactingAuditWriter`, -`NullAuditRedactor`, `TruncatingAuditRedactor`). Library is BCL-only — no Akka / EF / SQLite -/ Serilog dependency. +`NullAuditRedactor`, `TruncatingAuditRedactor`). Library has no Akka / EF / SQLite / Serilog +dependency; its only non-BCL dependency is `Microsoft.Extensions.DependencyInjection.Abstractions`. **Left per-project (each project keeps these behind the seam):** transport and storage (Akka singleton + EF/SQL Server; SQLite; site-SQLite + central MS SQL + forwarding/reconcile diff --git a/components/audit/current-state/scadabridge/CURRENT-STATE.md b/components/audit/current-state/scadabridge/CURRENT-STATE.md index 7f6444d..3f33b5a 100644 --- a/components/audit/current-state/scadabridge/CURRENT-STATE.md +++ b/components/audit/current-state/scadabridge/CURRENT-STATE.md @@ -19,7 +19,7 @@ replace* — mostly naming alignment; the enormous transport/storage/CLI/UI stay `src/ZB.MOM.WW.ScadaBridge.Commons/Entities/Audit/AuditEvent.cs:22` — a `sealed record`, append-only, "single source of truth for AuditLog (#23) rows." Far richer than the canonical -8-field event. Notable fields: +10-field event. Notable fields: - Identity / correlation: `EventId` (idempotency key, `:25`), `CorrelationId` (per-op lifecycle, `:68`), `ExecutionId` (per-run, `:75`), `ParentExecutionId` (spawner link, `:82`). @@ -139,7 +139,7 @@ done carelessly. **Priority: LOW. Blast radius: HIGH.** - **Confirm the writer contract matches.** `IAuditWriter.WriteAsync(AuditEvent, CancellationToken = default)` is already byte-for-byte the canonical signature, and the "never abort the user-facing action" wording matches. The only delta is the **record type**: the library's - `IAuditWriter` is typed on the *canonical* 8-field `AuditEvent`, while ScadaBridge's is typed on + `IAuditWriter` is typed on the *canonical* 10-field `AuditEvent`, while ScadaBridge's is typed on its ~25-field record. Resolve by either (a) keeping ScadaBridge's writer on its own rich record and adopting only the library's *interface name + outcome enum*, or (b) having the shared seam be generic over the event type. **Recommended: (a)** — adopt the canonical `AuditOutcome` enum and diff --git a/components/audit/spec/SPEC.md b/components/audit/spec/SPEC.md index 1988c20..1d81310 100644 --- a/components/audit/spec/SPEC.md +++ b/components/audit/spec/SPEC.md @@ -22,8 +22,9 @@ code-verified current-state docs (`../current-state/`) and the locked design - **Transport & storage** — OtOpcUa's Akka cluster-broadcast → singleton `AuditWriterActor` (batch 500 / 5 s, two-layer dedup) over `ConfigAuditLog`; MxGateway's SQLite `IApiKeyAuditStore` append + list-recent; ScadaBridge's site-SQLite hot-path → central MS SQL ingest / reconcile / purge / - partition-maintenance / hash-chain pipeline. The shared core is **BCL-only** and carries no Akka / - EF / SQLite / Serilog dependency. + partition-maintenance / hash-chain pipeline. The shared core carries no Akka / EF / SQLite / + Serilog dependency; its only non-BCL dependency is `Microsoft.Extensions.DependencyInjection.Abstractions` + (for `AddZbAudit`). - **Domain vocabulary** — ScadaBridge's `Channel` / `Kind` / `Status` / `ForwardState` enums and OtOpcUa's `EventType` strings (`DraftCreated`, `Published`, `OpcUaAccessDenied`, …). These map *into* `Action` / `Category` / `Outcome` / `DetailsJson`; they do not leak into the shared type. @@ -125,12 +126,12 @@ name (identical `AuditEvent Apply(AuditEvent)` signature, pure / never-throws / library essentially **lifts ScadaBridge's seams**. The one real (non-naming) decision is the **writer's record type**: the canonical `IAuditWriter` is -typed on the 8-field `AuditEvent`; ScadaBridge's writer is typed on its ~25-field record. +typed on the 10-field `AuditEvent`; ScadaBridge's writer is typed on its ~25-field record. > **Resolution (recommended):** share the **interface *name* + the `AuditOutcome` enum**, not the > record schema. ScadaBridge keeps its rich ~25-field record as its **storage shape** (its whole > transport / partition / forwarding / reconciliation layer is built on the extra columns), and maps -> to the canonical 8-field record **only at cross-app reporting boundaries**. This is the +> to the canonical 10-field record **only at cross-app reporting boundaries**. This is the > minimal-coupling option — share the contract, not the schema — and avoids making the shared seam > generic over the event type. ScadaBridge therefore converges by **renaming one interface** and > adopting `AuditOutcome`, with no transport / storage / CLI / UI change.