Skip to content

fix: Add audit logging for entity delete operations#31

Merged
hunterino merged 1 commit intomasterfrom
fix/issue-9-audit-log-delete
Dec 21, 2025
Merged

fix: Add audit logging for entity delete operations#31
hunterino merged 1 commit intomasterfrom
fix/issue-9-audit-log-delete

Conversation

@hunterino
Copy link
Copy Markdown
Owner

@hunterino hunterino commented Dec 21, 2025

Summary

Added audit logging for DELETE operations to close a compliance and security gap. Previously, only CREATE and UPDATE operations were logged.

The Problem

When enable-audit-log was set to true on an entity or field:

  • CREATE: Logged ✅
  • UPDATE: Logged ✅
  • DELETE: Not logged

This meant deleted records left no trace in the audit trail.

The Solution

Added a new handleAuditLogDelete() method that:

  1. Iterates through all fields with enable-audit-log="true" or "update"
  2. Captures the current (being deleted) values
  3. Creates audit log entries with:
    • oldValueText = the value being deleted
    • newValueText = null (indicating deletion)
    • Standard audit fields (changedByUserId, changedDate, artifactStack)

Modified delete() to call this method after successful deletion.

Audit Log Record Example

Field Value
changedEntityName UserAccount
changedFieldName username
oldValueText john.doe
newValueText (null)
changedByUserId admin
changedDate 2025-12-21 10:30:00

Upstream Reference

Test Plan

  • Delete an entity with enable-audit-log="true" fields
  • Verify EntityAuditLog records are created with null newValueText

Fixes #9

🤖 Generated with Claude Code

@hunterino @claude
fix: Add audit logging for entity delete operations (#9)
dae8ee3 
Previously, EntityValueBase only logged CREATE and UPDATE operations to
the EntityAuditLog. DELETE operations were not logged, creating a
compliance and security gap.

Changes:
- Added handleAuditLogDelete() method to log field values being deleted
- Modified delete() to call handleAuditLogDelete() after successful delete
- Delete audit logs show oldValueText (deleted value) with null newValueText

The delete audit log behavior:
- Logs all fields that have enable-audit-log="true" or "update"
- Records the deleted value in oldValueText
- Sets newValueText to null to indicate deletion
- Includes changedByUserId, changedDate, and artifactStack

Fixes #9

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
@hunterino hunterino merged commit 24d2315 into master Dec 21, 2025
2 of 3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[P1] Audit logs don't record deletions

1 participant

@hunterino