Skip to content

feat(api): audit log read endpoints for admin and enterprise#3343

Merged
waleedlatif1 merged 3 commits intostagingfrom
waleedlatif1/audit-log-api
Feb 25, 2026
Merged

feat(api): audit log read endpoints for admin and enterprise#3343
waleedlatif1 merged 3 commits intostagingfrom
waleedlatif1/audit-log-api

Conversation

@waleedlatif1
Copy link
Collaborator

@waleedlatif1 waleedlatif1 commented Feb 25, 2026

Summary

  • Admin endpoints: GET /v1/admin/audit-logs (list with filtering/pagination) and GET /v1/admin/audit-logs/[id]
  • Enterprise endpoints: GET /v1/audit-logs (org-scoped, cursor pagination) and GET /v1/audit-logs/[id]
  • Enterprise auth: requires org admin/owner role + active enterprise subscription
  • Supports filtering by action, resourceType, resourceId, workspaceId, actorId, date range
  • includeDeparted param for enterprise list to include departed member logs

Type of Change

  • New feature

Testing

Tested manually

Checklist

  • Code follows project style guidelines
  • Self-reviewed my changes
  • Tests added/updated and passing
  • No new warnings introduced
  • I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

@vercel
Copy link

vercel bot commented Feb 25, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment
Project Deployment Actions Updated (UTC)
docs Skipped Skipped Feb 25, 2026 9:23pm

Request Review

@greptile-apps
Copy link
Contributor

greptile-apps bot commented Feb 25, 2026
edited
Loading

Greptile Summary

This PR adds comprehensive audit log read endpoints for both admin and enterprise users. The implementation follows established patterns in the codebase and addresses previous review feedback.

Key changes:

  • Admin endpoints (/v1/admin/audit-logs) provide unrestricted access to all audit logs with offset pagination
  • Enterprise endpoints (/v1/audit-logs) provide org-scoped access with cursor pagination and require active enterprise subscription + admin/owner role
  • Enterprise endpoints properly handle departed members and system actions (null actorId) via the includeDeparted parameter
  • Sensitive fields (ipAddress, userAgent) are excluded from enterprise responses but included in admin responses
  • Cursor validation has been implemented with proper date and field validation before query execution
  • All endpoints use Zod validation for query parameters and follow consistent error handling patterns

Confidence Score: 5/5

  • This PR is safe to merge with minimal risk
  • The implementation follows established patterns in the codebase, includes proper authorization and validation, addresses previous review feedback (cursor validation and null actorId handling), and implements appropriate privacy controls by excluding sensitive fields from enterprise responses
  • No files require special attention

Important Files Changed

Filename Overview
apps/sim/app/api/v1/audit-logs/route.ts Enterprise audit log list endpoint with comprehensive filtering, cursor pagination, and proper validation
apps/sim/app/api/v1/audit-logs/[id]/route.ts Enterprise audit log detail endpoint with org-scoped access including departed members
apps/sim/app/api/v1/audit-logs/auth.ts Enterprise subscription and role validation with proper authorization checks
apps/sim/app/api/v1/admin/audit-logs/route.ts Admin audit log list endpoint with offset pagination and comprehensive filtering
apps/sim/app/api/v1/admin/audit-logs/[id]/route.ts Admin audit log detail endpoint with unrestricted access to all audit logs

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A[Client Request] --> B{Endpoint Type?}
    B -->|Enterprise| C[Rate Limit Check]
    B -->|Admin| D[Admin Auth Check]
    
    C --> E[validateEnterpriseAuditAccess]
    E --> F{Org Member?}
    F -->|No| G[403 Error]
    F -->|Yes| H{Admin/Owner Role?}
    H -->|No| G
    H -->|Yes| I{Enterprise Subscription?}
    I -->|No| G
    I -->|Yes| J[Get Org Member IDs]
    
    J --> K{includeDeparted?}
    K -->|Yes| L[Query by actorId OR workspaceId]
    K -->|No| M[Query by actorId only]
    
    L --> N[Apply Filters & Cursor]
    M --> N
    N --> O[Return Data excluding IP/UserAgent]
    
    D --> P[Query All Logs]
    P --> Q[Apply Filters]
    Q --> R[Return All Data including IP/UserAgent]
Loading

Last reviewed commit: 2f08f6e

greptile-apps[bot]
greptile-apps bot reviewed Feb 25, 2026
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

8 files reviewed, 2 comments

Edit Code Review Agent Settings | Greptile

cursor[bot]
cursor bot reviewed Feb 25, 2026
View reviewed changes
@waleedlatif1 waleedlatif1 force-pushed the waleedlatif1/audit-log-api branch from cb9fd08 to 2f08f6e Compare February 25, 2026 21:06
@waleedlatif1
Copy link
Collaborator Author

waleedlatif1 commented Feb 25, 2026

@cursor review

@waleedlatif1
Copy link
Collaborator Author

waleedlatif1 commented Feb 25, 2026

@greptile

greptile-apps[bot]
greptile-apps bot reviewed Feb 25, 2026
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

8 files reviewed, no comments

Edit Code Review Agent Settings | Greptile

cursor[bot]
cursor bot reviewed Feb 25, 2026
View reviewed changes
Copy link

@cursor cursor bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

@waleedlatif1 waleedlatif1 merged commit 1f3dc52 into staging Feb 25, 2026
12 checks passed
@waleedlatif1 waleedlatif1 deleted the waleedlatif1/audit-log-api branch February 25, 2026 21:46
waleedlatif1 added a commit that referenced this pull request Feb 25, 2026
@waleedlatif1
feat(api): audit log read endpoints for admin and enterprise (#3343)
919c691 
* feat(api): audit log read endpoints for admin and enterprise

* fix(api): address PR review — boolean coercion, cursor validation, detail scope

* ran lint
waleedlatif1 added a commit that referenced this pull request Feb 25, 2026
@waleedlatif1
feat(workflow): lock/unlock workflow from context menu and panel (#3336)
244e1ee 
* feat(workflow): lock/unlock workflow from context menu and panel

* lint

* fix(workflow): prevent duplicate lock notifications, no-op guard, fix orphaned JSDoc

* improvement(workflow): memoize hasLockedBlocks to avoid inline recomputation

* feat(google-translate): add Google Translate integration (#3337)

* feat(google-translate): add Google Translate integration

* fix(google-translate): api key as query param, fix docsLink, rename tool file

* feat(google): add missing tools for Gmail, Drive, Sheets, and Calendar (#3338)

* feat(google): add missing tools for Gmail, Drive, Sheets, and Calendar

* fix(google-drive): remove dead transformResponse from move tool

* feat(confluence): return page content in get page version tool (#3344)

* feat(confluence): return page content in get page version tool

* lint

* feat(api): audit log read endpoints for admin and enterprise (#3343)

* feat(api): audit log read endpoints for admin and enterprise

* fix(api): address PR review — boolean coercion, cursor validation, detail scope

* ran lint

* unified list of languages for google translate

* fix(workflow): respect snapshot view for panel lock toggle, remove unused disableAdmin prop

* improvement(canvas-menu): remove lock icon from workflow lock toggle

* feat(audit): record audit log for workflow lock/unlock
waleedlatif1 added a commit that referenced this pull request Feb 26, 2026
@waleedlatif1
feat(workflow): lock/unlock workflow from context menu and panel (#3336)
9b3ac77 
* feat(workflow): lock/unlock workflow from context menu and panel

* lint

* fix(workflow): prevent duplicate lock notifications, no-op guard, fix orphaned JSDoc

* improvement(workflow): memoize hasLockedBlocks to avoid inline recomputation

* feat(google-translate): add Google Translate integration (#3337)

* feat(google-translate): add Google Translate integration

* fix(google-translate): api key as query param, fix docsLink, rename tool file

* feat(google): add missing tools for Gmail, Drive, Sheets, and Calendar (#3338)

* feat(google): add missing tools for Gmail, Drive, Sheets, and Calendar

* fix(google-drive): remove dead transformResponse from move tool

* feat(confluence): return page content in get page version tool (#3344)

* feat(confluence): return page content in get page version tool

* lint

* feat(api): audit log read endpoints for admin and enterprise (#3343)

* feat(api): audit log read endpoints for admin and enterprise

* fix(api): address PR review — boolean coercion, cursor validation, detail scope

* ran lint

* unified list of languages for google translate

* fix(workflow): respect snapshot view for panel lock toggle, remove unused disableAdmin prop

* improvement(canvas-menu): remove lock icon from workflow lock toggle

* feat(audit): record audit log for workflow lock/unlock
@waleedlatif1 waleedlatif1 mentioned this pull request Feb 26, 2026
Draft
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cursor cursor[bot] cursor[bot] left review comments

+1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@waleedlatif1