ChrisChen/ROLAC
1
0
Fork 0
Code Issues 66 Pull Requests Actions Packages Projects Releases Wiki Activity

[P0] Audit Log infrastructure (immutable append-only) #7

New Issue
Open
opened 2026-05-26 01:32:40 +00:00 by ChrisChen · 0 comments
ChrisChen commented 2026-05-26 01:32:40 +00:00
Owner
Copy Link
Copy Source

Overview

All sensitive operations must be logged in an immutable append-only audit log that cannot be deleted.

Fields

timestamp, actor_id, actor_role, action (CREATE/UPDATE/DELETE/LOGIN), resource_type, resource_id, before_snapshot (JSON), after_snapshot (JSON), ip_address, user_agent

Tasks

  • Create AuditLog table (bigint PK, no delete allowed)
  • Build AuditService that wraps all sensitive DB writes and auto-logs changes
  • Audit Log viewer (super_admin + pastor only, read-only)
  • Archive-only strategy (no physical deletes ever)

Reference

PLANNING.md Section 3.8 - Audit Log

## Overview All sensitive operations must be logged in an immutable append-only audit log that cannot be deleted. ## Fields timestamp, actor_id, actor_role, action (CREATE/UPDATE/DELETE/LOGIN), resource_type, resource_id, before_snapshot (JSON), after_snapshot (JSON), ip_address, user_agent ## Tasks - [ ] Create AuditLog table (bigint PK, no delete allowed) - [ ] Build AuditService that wraps all sensitive DB writes and auto-logs changes - [ ] Audit Log viewer (super_admin + pastor only, read-only) - [ ] Archive-only strategy (no physical deletes ever) ## Reference PLANNING.md Section 3.8 - Audit Log
ChrisChen added this to the Phase 0 - Tech Foundation and DevOps milestone 2026-05-26 01:32:40 +00:00
ChrisChen added the module: audit-log label 2026-05-26 01:32:40 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
module: ai
AI integration (Claude API, Phase 5)
 module: attendance
Sunday attendance tracking
 module: audit-log
Immutable audit log
 module: auth
Authentication, JWT, ASP.NET Identity
 module: cell-groups
Cell groups, meetings, attendance
 module: cms
Public website CMS (rolac.org, bilingual)
 module: devops
Infrastructure, Docker, CI/CD, Jenkins
 module: expense
Expense tracking and reimbursements
 module: giving
Donations, tithing, annual receipts
 module: members
Member CRUD, family units, search
 module: prayer
Prayer requests and visibility scopes
 module: rbac
Roles, permissions, Ministry Scope
 module: reports
Reports and analytics
 module: roster
Service roster and scheduling
No Label module: audit-log
Milestone
No items
No Milestone Phase 0 - Tech Foundation and DevOps
Projects
Clear projects
No project
Assignees
Clear assignees
ChrisChen
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: ChrisChen/ROLAC#7
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?