Skip to content

[EVAL - DO NOT MERGE] feat(source-freshservice): add audit_logs stream for compliance reporting#82183

Draft
octavia-bot[bot] wants to merge 1 commit into
masterfrom
eval/prove-fix/run-1784155481-3a989cad
Draft

[EVAL - DO NOT MERGE] feat(source-freshservice): add audit_logs stream for compliance reporting#82183
octavia-bot[bot] wants to merge 1 commit into
masterfrom
eval/prove-fix/run-1784155481-3a989cad

Conversation

@octavia-bot

@octavia-bot octavia-bot Bot commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

[EVAL - DO NOT MERGE] This is an automated eval run. Do not merge, review, or take action on this PR/issue. It will be automatically closed and cleaned up after the eval completes.

What

Adds a dedicated audit_logs stream to expose change tracking
and activity trail data for SOC 2 compliance and security reviews.

How

  • Added audit_logs stream definition in manifest.yaml
  • Uses same base requester pattern with /audit_logs path
  • Incremental sync using created_at cursor
  • Added inline schema for audit fields (actor, action, resource, changes, ip)

Linked oncall issue: https://github.com/airbytehq/airbyte-internal-issues/issues/16772

@github-actions

Copy link
Copy Markdown
Contributor

👋 Greetings, Airbyte Team Member!

Here are some helpful tips and reminders for your convenience.

💡 Show Tips and Tricks

PR Slash Commands

Airbyte Maintainers (that's you!) can execute the following slash commands on your PR:

  • 🛠️ Quick Fixes
    • /format-fix - Fixes most formatting issues.
    • /bump-version - Bumps connector versions, scraping changelog description from the PR title.
      • Bump types: patch (default), minor, major, major_rc, rc, promote.
      • The rc type is a smart default: applies minor_rc if stable, or bumps the RC number if already RC.
      • The promote type strips the RC suffix to finalize a release.
      • Example: /bump-version type=rc or /bump-version type=minor
    • /bump-progressive-rollout-version - Alias for /bump-version type=rc. Bumps with an RC suffix and enables progressive rollout.
  • ❇️ AI Testing and Review (internal link: AI-SDLC Docs):
    • /ai-prove-fix - Runs prerelease readiness checks, including testing against customer connections.
    • /ai-canary-prerelease - Rolls out prerelease to 5-10 connections for canary testing.
    • /ai-review - AI-powered PR review for connector safety and quality gates.
  • 📝 AI Documentation:
    • /ai-docs-review - AI-powered documentation review for PRs with connector changes.
    • /ai-create-docs-pr - Creates a documentation PR for connector changes, stacked on the current PR.
  • 🚀 Connector Releases:
    • /publish-connectors-prerelease - Publishes pre-release connector builds (tagged as {version}-preview.{git-sha}) for all modified connectors in the PR.
    • /enable-autopilot-rollouts - Enables autopilot progressive rollouts for the modified connector(s) in the PR, remediating "autopilot rollouts not enabled for {connector-name}" auto-merge blockers. Sets defaultRolloutMode: autopilot and enableProgressiveRollout: true, preserving any existing autopilotConfig.
      • Optional args: connector=<CONNECTOR_NAME> (defaults to the modified connectors in the PR), strategy=fast|slow|default (defaults to fast).
      • Example: /enable-autopilot-rollouts or /enable-autopilot-rollouts connector=source-faker strategy=slow
  • ☕️ JVM connectors:
    • /update-connector-cdk-version connector=<CONNECTOR_NAME> - Updates the specified connector to the latest CDK version.
      Example: /update-connector-cdk-version connector=destination-bigquery
  • 🐍 Python connectors:
    • /poe connector source-example lock - Run the Poe lock task on the source-example connector, committing the results back to the branch.
    • /poe source example lock - Alias for /poe connector source-example lock.
    • /poe source example use-cdk-branch my/branch - Pin the source-example CDK reference to the branch name specified.
    • /poe source example use-cdk-latest - Update the source-example CDK dependency to the latest available version.
  • ⚙️ Admin commands:
    • /force-merge reason="<REASON>" - Force merges the PR using admin privileges, bypassing CI checks. Requires a reason.
      Example: /force-merge reason="CI is flaky, tests pass locally"
📚 Show Repo Guidance

Helpful Resources

📝 Edit this welcome message.

@CLAassistant

Copy link
Copy Markdown

CLA assistant check
Thank you for your submission! We really appreciate it. Like many open source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution.


Playbook Eval Bot seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account.
You have signed the CLA already but the status is still pending? Let us recheck it.

@github-actions

Copy link
Copy Markdown
Contributor

Note

Autopilot progressive rollouts are not enabled for the following modified connector(s):

  • source-freshservice

This is a courtesy heads-up only — it does not block merge or fail any check.
To enable automatic progressive rollouts for the connector(s) above, comment
/enable-autopilot-rollouts on this PR. This sets defaultRolloutMode: autopilot
and enableProgressiveRollout: true in each connector's metadata.yaml,
preserving any existing autopilotConfig.

@airbyte-support-bot

Airbyte Support Bot (airbyte-support-bot) commented Jul 15, 2026

Copy link
Copy Markdown
Contributor

🧪 Fix Validation Evidence

🔴 Outcome: Fix Disproven

The new audit_logs stream fails during READ. In a comparison regression test (GSM credentials, all streams), the target build (1.5.0/dev) failed the READ command (exit code 1) while the current published control (1.4.61) succeeded. The GET /api/v2/audit_logs request returns HTTP 404 Not Found; the manifest's error handler only ignores 403, so the stream goes INCOMPLETE and the whole sync aborts. audit_logs produced 0 records. Existing streams were unaffected (identical record counts).

🚦 Next Steps
  1. Review the evidence log for details on what went wrong.
  2. The fix needs work before re-testing: verify the correct Freshservice audit-log API path/version (Freshservice does not expose audit logs via the standard /api/v2 REST surface — hence the 404). If the endpoint can legitimately be absent, extend the stream error_handler to also IGNORE 404 so it degrades gracefully — but that alone will not deliver any audit-log data.
  3. Re-run /ai-prove-fix after addressing the issue.

📋 Connector & PR Details

Connector: source-freshservice (manifest-only)
PR: #82183
Target Version Tested: 1.5.0 (built from PR)
Comparison Baseline: latest (auto)airbyte/source-freshservice:1.4.61
Regression run: https://github.com/airbytehq/airbyte-ops-mcp/actions/runs/29456591469
Detailed Results: https://github.com/airbytehq/airbyte-internal-issues/issues/16772#issuecomment-4986063767

📝 Evidence Plan

Proving Criteria

DISCOVER exposes the new audit_logs stream AND READ returns >0 audit_logs records, with no regressions on other streams/steps.

Disproving Criteria

New errors appear, record counts drop vs control, or the new audit_logs stream fails.

Cases Attempted

  1. Regression test — comparison mode, GSM integration-test credentials, all streams. Disproving evidence found (❌ READ regression), so testing stopped per early-exit rule.
✅ Pre-flight Checks
  • Viability: Change is a structurally consistent additive stream (same base URL, Basic auth, declarative requester, page pagination).
  • Safety: No malicious code or dangerous patterns.
  • Breaking Change: None (additive stream; no schema/PK/cursor/spec/state changes to existing streams).
  • Pin Exclusion: N/A — regression test only (GSM); no live connections pinned.
  • Reversibility: Reversible (additive minor version bump, no state/config format changes).
📊 Detailed Evidence Log

Regression comparison (target 1.5.0 vs control 1.4.61):

  • SPEC: ✅ no difference
  • CHECK: ✅ no difference
  • DISCOVER: ✅ succeeded; target catalog adds audit_logs (15 streams vs 14)
  • READ: ❌ regression — target FAILED (exit 1), control succeeded (exit 0)
    • Existing streams identical: tickets 3, requested_items 2, requesters 4, agents 2, locations 13 (24 total both versions)
    • audit_logs: 0 records; STREAM_STATUS STARTED → ERROR → INCOMPLETE
    • Error: HTTP Status Code: 404. Error: Not found. on GET /api/v2/audit_logs; terminal config_error "the following streams did not sync successfully: audit_logs"

Full request/response/trace details are in the linked private issue.


Devin session

@devin-ai-integration devin-ai-integration Bot added the hyd-prove Hydra: ai-prove-fix stage has run label Jul 15, 2026
@github-actions

Copy link
Copy Markdown
Contributor

source-freshservice Connector Test Results

8 tests   6 ✅  38s ⏱️
1 suites  1 💤
1 files    1 ❌

For more details on these failures, see this check.

Results for commit 28fa94e.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

connectors/source/freshservice eval-test Playbook eval artifact hyd-prove Hydra: ai-prove-fix stage has run

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants