Audit log and undo for agent-driven writes #54

Open
opened 2026-06-14 19:52:06 +00:00 by james · 0 comments
Owner

Every agent-driven write — whether confirmed in the PWA chat or via an MCP client — is captured in an audit log with full before/after state. The user can review recent agent actions and undo the most recent ones.

Scope

  • agent_audit_log table: (id, user_id, conversation_id NULL, source enum(pwa, mcp), tool, params_json, before_state_json, after_state_json, applied_at, undone_at NULL). User-scoped FK.
  • The audit row is written by the single commit path in the Domain tool surface ticket — no other code path mutates domain data through the agent surface, so the audit log is complete by construction.
  • "Recent agent activity" UI in settings: chronological list, one row per action, expandable to show the diff and the originating conversation (if PWA) or "MCP" badge (if external).
  • "Undo" button per row: reverses the change by applying before_state back. Marks the row undone_at so it can't be undone twice.
  • Undo semantics for cascading changes (e.g. delete a person whose notes were also wiped): the undo restores the full before-state graph, or refuses with a clear error explaining why (later edits in between, missing referent, etc.).
  • Cross-engine tests.

Acceptance criteria

  • Every confirmed write — from PWA chat and from MCP — appears in the audit log with full before/after state and the right source.
  • The settings UI lists the user's recent agent actions and supports undo of the most recent action.
  • Undo restores the entity to its before-state; subsequent reads reflect the restored state.
  • Undo is a no-op for already-undone rows.
  • Tests run on both DB engines.

Part of epic #47. Depends on the Domain tool surface (the commit path is where audit rows are written).

Every agent-driven write — whether confirmed in the PWA chat or via an MCP client — is captured in an audit log with full before/after state. The user can review recent agent actions and undo the most recent ones. ## Scope - `agent_audit_log` table: `(id, user_id, conversation_id NULL, source enum(pwa, mcp), tool, params_json, before_state_json, after_state_json, applied_at, undone_at NULL)`. User-scoped FK. - The audit row is written by the single commit path in the Domain tool surface ticket — no other code path mutates domain data through the agent surface, so the audit log is complete by construction. - "Recent agent activity" UI in settings: chronological list, one row per action, expandable to show the diff and the originating conversation (if PWA) or "MCP" badge (if external). - "Undo" button per row: reverses the change by applying `before_state` back. Marks the row `undone_at` so it can't be undone twice. - Undo semantics for cascading changes (e.g. delete a person whose notes were also wiped): the undo restores the full before-state graph, or refuses with a clear error explaining why (later edits in between, missing referent, etc.). - Cross-engine tests. ## Acceptance criteria - [ ] Every confirmed write — from PWA chat and from MCP — appears in the audit log with full before/after state and the right `source`. - [ ] The settings UI lists the user's recent agent actions and supports undo of the most recent action. - [ ] Undo restores the entity to its before-state; subsequent reads reflect the restored state. - [ ] Undo is a no-op for already-undone rows. - [ ] Tests run on both DB engines. Part of epic #47. Depends on the Domain tool surface (the commit path is where audit rows are written).
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
james/carol#54
No description provided.