dohertj2/scadaproj
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(audit): correct file:line refs + split MxGateway CLI/dashboard action vocab (review fixes)

Browse Source
This commit is contained in:
Joseph Doherty
2026-06-01 07:01:46 -04:00
parent 9c8c1431af
commit a7a8f1e493
3 changed files with 6 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
components/audit/current-state/mxaccessgw/CURRENT-STATE.md
+4 -4
View File
@@ -40,9 +40,9 @@ operations: `AppendAsync(ApiKeyAuditEntry, ...)` (`IApiKeyAuditStore.cs:14`) and
`"rotate-key"` with details `rotated`/`not-found` (`:121`).
- **Dashboard** `DashboardApiKeyManagementService` — its `AppendAuditAsync` (`:197`) captures
`RemoteAddress: httpContextAccessor.HttpContext?.Connection.RemoteIpAddress?.ToString()` (`:207`).
Event types: `"dashboard-create-key"` (`:62`), revoke (`:101`, details
`revoked`/`not-found-or-already-revoked`), rotate (`:143`, details `rotated`/`not-found`),
delete (`:185`, details `deleted`/`not-found-or-active`).
Event types: `"dashboard-create-key"` (`:62`), `"dashboard-revoke-key"` (`:103`, details
`revoked`/`not-found-or-already-revoked`), `"dashboard-rotate-key"` (`:145`, details `rotated`/`not-found`),
`"dashboard-delete-key"` (`:187`, details `deleted`/`not-found-or-active`).
- **Constraint denials** `ConstraintEnforcer.RecordDenialAsync` (`ConstraintEnforcer.cs:117`) writes
`EventType: "constraint-denied"`, `RemoteAddress: null`, and `Details:
$"{commandKind}: {target}: {failure.ConstraintName}: {failure.Message}"` (`ConstraintEnforcer.cs:124-129`).
@@ -75,7 +75,7 @@ Guid? CorrelationId; string? DetailsJson; }` with `AuditOutcome ∈ { Success, F
| `EventId` (Guid, required) | — none — | **Must be generated** at write time. `ApiKeyAuditRecord` has only the autoincrement `AuditId` (`ApiKeyAuditRecord.cs:4`); no idempotency key exists. |
| `OccurredAtUtc` (required) | `CreatedUtc` (`ApiKeyAuditRecord.cs:8`), set as `DateTimeOffset.UtcNow` in the store (`SqliteApiKeyAuditStore.cs:20`) | Direct. Note: time is store-assigned today, not caller-supplied. |
| `Actor` (required) | `KeyId` (`ApiKeyAuditRecord.cs:5`) | Nullable today (`init-db`/`list-keys` pass `null`); the canonical `Actor` is required, so a fallback (e.g. `"system"`/`"cli"`) is needed for keyless events. |
| `Action` (required) | `EventType` (`ApiKeyAuditRecord.cs:6`) | Direct. Vocabulary: `init-db`, `create-key`, `dashboard-create-key`, `list-keys`, `revoke-key`, `rotate-key`, delete, `constraint-denied`. |
| `Action` (required) | `EventType` (`ApiKeyAuditRecord.cs:6`) | Direct. CLI vocab: `init-db`, `create-key`, `list-keys`, `revoke-key`, `rotate-key`; dashboard vocab: `dashboard-create-key`, `dashboard-revoke-key`, `dashboard-rotate-key`, `dashboard-delete-key`; plus `constraint-denied`. |
| `Outcome` (required) | derived | `constraint-denied``Denied`; everything else → `Success` (no `Failure` events are emitted today). |
| `Category` | — none — | Constant `"ApiKey"`. |
| `Target` | — none as a field — | No structured target. (`ConstraintEnforcer` does embed `commandKind`/`target` inside `Details` text, but there is no dedicated column.) |
components/audit/current-state/otopcua/CURRENT-STATE.md
+1 -1
View File
@@ -55,7 +55,7 @@ batch is **dropped** (`catch` at lines 89-92) — best-effort, no retry/dead-let
already-flushed batch hits the constraint, the duplicate insert is dropped, and the rest of the
batch survives. `EventId`/`CorrelationId` are nullable so legacy/backfill rows (NULL) don't
collide — confirmed in the entity XML (`ConfigAuditLog.cs:33-43`) and migration
`Migrations/20260526105027_AddConfigAuditLogEventIdColumns.cs:27-38`.
`Migrations/20260526105027_AddConfigAuditLogEventIdColumns.cs:26-31`.
**Scope** — two producers, two conventions:
- **Akka `AuditEvent` path** (the structured one): config writes + authorization checks. The
components/audit/current-state/scadabridge/CURRENT-STATE.md
+1 -1
View File
@@ -90,7 +90,7 @@ only to show the scale around the common core:
telemetry; `Central/SiteAuditReconciliationActor.cs:68` periodically pulls to catch dropped
forwards; `Central/AuditLogPurgeActor.cs:58` enforces retention; `Central/AuditLogPartitionMaintenanceService.cs:55`
manages the partitioned table.
- **CLI:** `CLI/Commands/AuditCommands.cs:21` builds `export` (`:137`, formats `csv`/`jsonl`/`parquet`)
- **CLI:** `CLI/Commands/AuditCommands.cs:12` builds `export` (`:137`, formats `csv`/`jsonl`/`parquet`)
and `verify-chain` (`:226`). Hash-chain verify is currently a **v1 no-op stub**
`CLI/Commands/AuditVerifyChainHelpers.cs:6-10` ("v1 is a no-op").
- **UI:** Blazor pages under `CentralUI/Components/Pages/Audit/` (e.g. `AuditLogPage.razor:1`,