Skip to content

feat: structured audit logging with agent and secret attribution#149

Open
johnthompson-ybor wants to merge 1 commit into
onecli:mainfrom
p6m-dev:feat/audit-logging
Open

feat: structured audit logging with agent and secret attribution#149
johnthompson-ybor wants to merge 1 commit into
onecli:mainfrom
p6m-dev:feat/audit-logging

Conversation

@johnthompson-ybor

@johnthompson-ybor johnthompson-ybor commented Apr 3, 2026

Copy link
Copy Markdown

Summary

Adds per-request audit logging to the gateway. Every proxied request can be traced to which agent made it and which credential was injected.

Closes #54

Audit levels (AUDIT_LOG env var)

Level Logs Use case
(unset) Minimal, same as before Default — no behavior change
basic agent, host, method, status, secret names, result Production / compliance
full basic + request path Debugging (paths may contain sensitive data)

Blocked (403) and rate-limited (429) requests always include path and status for security investigation.

Example output

AUDIT_LOG=basic:

INFO agent=jira-agent method=GET host=api.github.com status=200 secrets=["GitHub RW"] result=allowed AUDIT
WARN agent=ops-agent method=DELETE host=api.github.com status=403 result=blocked AUDIT

AUDIT_LOG=full:

INFO agent=jira-agent method=GET host=api.github.com path=/repos/org/repo/pulls status=200 secrets=["GitHub RW"] result=allowed AUDIT

Changes

File Change
db.rs Add name to AgentRow and SecretRow, update SQL queries
inject.rs Add source_name to InjectionRule for credential attribution
connect.rs Pass secret names and agent name through ConnectResponse
gateway.rs Structured AUDIT log in forward_request() with level-based detail

HIPAA / compliance notes

  • basic mode never logs request paths (which could contain PHI like patient IDs or PII)
  • full mode includes paths — intended for debugging only
  • Blocked/rate-limited requests log paths at warn level for security investigation
  • No credential values are ever logged — only secret names

Testing

All 131 tests pass (126 unit + 5 integration). No existing behavior changes when AUDIT_LOG is unset.

@johnthompson-ybor @claude
feat: structured audit logging with agent and secret attribution
e63c019 
Adds per-request audit logging to the gateway with three levels
controlled by AUDIT_LOG env var:

- (unset): minimal logging, same as before
- "basic": agent name, hostname, method, status, secrets used
- "full": adds request path (may contain sensitive data / PHI)

Blocked and rate-limited requests always log agent + path regardless
of level.

Changes:
- db.rs: add name to AgentRow and SecretRow, update SQL queries
- inject.rs: add source_name to InjectionRule for credential attribution
- connect.rs: pass secret names and agent name through ConnectResponse
- gateway.rs: structured AUDIT log in forward_request with level check

Closes onecli#54

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@johnthompson-ybor

johnthompson-ybor commented Apr 3, 2026

Copy link
Copy Markdown
Author

This is a Claude-written PR, but we did this for our own use and I thought it would be useful for upstream.

@nano-ade nano-ade mentioned this pull request Apr 28, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@johnthompson-ybor johnthompson-ybor

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Access log

1 participant

@johnthompson-ybor