You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Issue added during multi-role review (security S6). Not in original user request but flagged as a hard requirement for any meaningful auth deployment — without it, "who enabled debug on key X at time Y" is unanswerable.
Background
The admin plane introduces mutating actions (key create/revoke, scope edit, debug toggle, config edit, no-auth boot, recovery flow). With multiple operators, an audit trail becomes essential for incident response and compliance.
Goal
An append-only audit log capturing every privileged action with actor, target, before/after, and timestamp.
Part of #23. Depends on F2.A, F2.B.
Background
The admin plane introduces mutating actions (key create/revoke, scope edit, debug toggle, config edit, no-auth boot, recovery flow). With multiple operators, an audit trail becomes essential for incident response and compliance.
Goal
An append-only audit log capturing every privileged action with actor, target, before/after, and timestamp.
Tasks
~/.local/share/copilot-api/audit.jsonl, mode0600{ts, actor_key_id, actor_tier, action, target, before?, after?, ip?, user_agent?}key.create,key.revoke,key.scope_change,key.debug_toggle,key.rate_limit_override_changeconfig.edit(with diff summary)auth.bootstrap,auth.recoverauth.reject(failed bearer attempt — value never logged, only sha256 prefix)server.start_no_auth(logged once at boot, with bind address)audit(action, target)helper, otherwise refuse to accept itaudit-YYYY-MM-DD.jsonl), retention configurable (default 365 days — audit logs longer than telemetry)/admin/audit(admin tier only) with date filter, action filter, paginationAcceptance criteria
0600File pointers
src/services/audit.ts,src/admin/audit/route.ts,tests/audit.test.tsDependencies
Depends on F2.A, F2.B. Should land before F2.E (so the WebUI can audit).