feat(api): GET /api/agent/audit — the user's agent write history #349
No reviewers
Labels
No labels
area:auth
area:ci
area:db
area:infra
area:native
area:pwa
area:service
epic
feature
foundation
No milestone
No project
No assignees
2 participants
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
james/carol!349
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "348-audit-log-api"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
First half of epic #47's "audit log + undo" linked ticket: the read surface over the already-captured trail. The commit path writes one append-only
audit_eventsrow per applied proposal with before/after snapshots (#51, migration 023), but there was no way to list them — so the PWA can't show "what Carol changed." Undo is deliberately a separate follow-up (reversal semantics need their own design: conflict detection, re-creating ids, child rows, whether undo is itself audited).What's in it
GET /api/agent/audit— cursor-paginated (newest first) list of the authenticated user's audit events →AuditEventDto(id,entityType,entityId,action,tool,before,afterdecoded from JSON to structured values — null on create/delete,proposalId,createdAt).AuditEventsRepository.listPageByUser— keyset pagination on(created_at, id), mirroring the conversations list; the existinglistByUser(returns all) stays for internal callers/tests.Verification (run locally on this branch)
typecheck✓ ·lint✓testagainst both engines (ephemeral Postgres): 1217 passed, 0 skipped (+6: a dual-enginelistPageByUserpagination test + 4 route tests — 401, decoded before/after newest-first, cross-user isolation,next_cursorpaging)@carol/api-client test✓ 40 passed ·openapi:check✓ ·openapi:coverage117 → 118 · api-clientcheck✓ up to dateOut of scope (follow-ups)
POST /api/agent/audit/{id}/undo. Own ticket + design.@carol/api-clienthook + history UI.Part of epic #47.
Closes #348
🤖 Generated with Claude Code
📊 Test coverage
Patch coverage: no testable lines changed.
Overall (
app/,lib/,db/, excluding UI per ADR-0019):Soft thresholds per ADR-0019. Coverage is informational and does not block merge.