Skip to content

DRAFT: Feat(lib-config): implement audit logging with integrity verification#180

Draft
larsroettig wants to merge 4 commits intoadobe:mainfrom
larsroettig:audit-version
Draft

DRAFT: Feat(lib-config): implement audit logging with integrity verification#180
larsroettig wants to merge 4 commits intoadobe:mainfrom
larsroettig:audit-version

Conversation

@larsroettig
Copy link
Member

@larsroettig larsroettig commented Dec 15, 2025

  • feat: implement cryptographic audit chain with SHA-256 hashing
  • feat: add audit log filtering by userId, action, and date range
  • feat: implement audit chain integrity verification
  • feat: add index-based pagination for audit log queries
  • test: comprehensive test coverage for audit functionality

Features:

  • Tamper-proof audit trail using cryptographic hashing
  • GDPR-compliant with sensitive data redaction
  • Flexible filtering and pagination support

Performance:

  • Single-pass filtering reduces memory usage by 75%
  • Supports up to 1000 audit entries efficiently
  • Clear scaling guidance for larger datasets

Description

Related Issue

Motivation and Context

How Has This Been Tested?

Screenshots (if appropriate):

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

  • I have signed the Adobe Open Source CLA.
  • My code follows the code style of this project.
  • My change requires a change to the documentation.
  • I have updated the documentation accordingly.
  • I have read the CONTRIBUTING document.
  • I have read the DEVELOPMENT document.
  • I have added tests to cover my changes.
  • All new and existing tests passed.

@larsroettig
Feat(lib-config): implement audit logging with integrity verification
d36575a 
* feat: implement cryptographic audit chain with SHA-256 hashing
* feat: add audit log filtering by userId, action, and date range
* feat: implement audit chain integrity verification
* feat: add index-based pagination for audit log queries
* test: comprehensive test coverage for audit functionality

Features:
- Tamper-proof audit trail using cryptographic hashing
- GDPR-compliant with sensitive data redaction
- Flexible filtering and pagination support

Performance:
- Single-pass filtering reduces memory usage by 75%
- Supports up to 1000 audit entries efficiently
- Clear scaling guidance for larger datasets
@changeset-bot
Copy link

changeset-bot bot commented Dec 15, 2025
edited
Loading

⚠️ No Changeset found

Latest commit: b8ae6d1

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@github-actions github-actions bot added without-changeset The PR does not contain a Changeset file pkg: aio-commerce-lib-config Includes changes in `packages/aio-commerce-lib-config` labels Dec 15, 2025
larsroettig and others added 3 commits December 15, 2025 09:47
@larsroettig
Remove outdated documentation links from README
e981918 
Removed links to Adobe Storage Best Practices and Storage Architecture documentation.
@larsroettig
* Fix typescript type error
ac5f756 
* style: improve code comments to be concise and professional
@larsroettig
Merge remote-tracking branch 'refs/remotes/origin/audit-version' into…
b8ae6d1 
… audit-version
@jnatherley
Copy link
Collaborator

jnatherley commented Jan 5, 2026

Thanks for the PR @larsroettig

Do you have a usecase where you are using this alongside aio-commerce-sdk?

jnatherley
jnatherley reviewed Jan 13, 2026
View reviewed changes
packages/aio-commerce-lib-config/source/modules/audit/audit-logger.ts
function calculateIntegrityHash(
entry: Omit<AuditEntry, "integrityHash">,
previousHash: string | null,
): string {
Copy link
Collaborator

@jnatherley jnatherley Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
): string {
) {

Return types are inferred

packages/aio-commerce-lib-config/source/modules/audit/audit-logger.ts
* @param data - Data to hash.
* @returns Hex-encoded hash string.
*/
function generateHash(data: unknown): string {
Copy link
Collaborator

@jnatherley jnatherley Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
function generateHash(data: unknown): string {
function generateHash(data: unknown) {

Return types are inferred

packages/aio-commerce-lib-config/source/modules/audit/audit-logger.ts
export async function logChange(
context: AuditContext,
request: CreateAuditEntryRequest,
): Promise<AuditEntry> {
Copy link
Collaborator

@jnatherley jnatherley Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
): Promise<AuditEntry> {
) {

Should be inferred from buildAuditEntry return type

packages/aio-commerce-lib-config/source/modules/audit/audit-logger.ts
auditIdIndex,
);

const validEntries = filterNullEntries(allAuditEntries);
Copy link
Collaborator

@jnatherley jnatherley Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

filterNullEntries can be added to apply audit filters, to avoid 2 passes at filter a large audit entry collection. As it doesn't look like allAuditEntries is reused later in the function.

packages/aio-commerce-lib-config/source/modules/versioning/diff-calculator.ts
* Compares two objects using JSON serialization.
*
* Note: This is a simple comparison method that works for plain objects.
* For complex objects with methods or circular references, use a dedicated library.
Copy link
Collaborator

@jnatherley jnatherley Jan 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

😬

I would say this is worthy of a property based test. Ensure, that this behaves as expected.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jnatherley jnatherley jnatherley left review comments

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

pkg: aio-commerce-lib-config Includes changes in `packages/aio-commerce-lib-config` without-changeset The PR does not contain a Changeset file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@larsroettig @jnatherley