Skip to content

Message-action audit trail (retry/archive/unarchive)#5570

Draft
ramonsmits wants to merge 13 commits into
authfrom
audit-message-actions
Draft

Message-action audit trail (retry/archive/unarchive)#5570
ramonsmits wants to merge 13 commits into
authfrom
audit-message-actions

Conversation

@ramonsmits

@ramonsmits ramonsmits commented Jul 2, 2026

Copy link
Copy Markdown
Member

Adds a compliance audit trail for user-initiated recoverability actions, complementing the branch's existing authorization-decision audit. Records who performed which action (retry / archive / unarchive) on which resource, as Elastic Common Schema (ECS) JSON on the ServiceControl.Audit log stream.

What it does

  • Operation-level entries for every action controller (group retry/archive/unarchive; single/batch/all/by-queue/by-endpoint retry; archive; unarchive; pending retries) → category ServiceControl.Audit, EventId 2001.
  • Per-message entries for direct id-bearing batch operations, correlated to their operation → sub-category ServiceControl.Audit.Messages, EventId 2002 (independently filterable via standard logging config).
  • Identity resolved from the OIDC principal (ICurrentUserAccessor); falls back to an anonymous subject when auth is disabled.
  • AuditHeaders seam carries identity on ServiceControl's internal command messages only (trusted-subsystem; no signing this iteration).

Not included (by design)

  • No changes to FailedMessage, processing attempts, or users' retried messages — audit lives only in the log stream.
  • Per-message entries for set-resolved operations (group/all/queue/endpoint) are deferred to a follow-up (they need a RetryBatch schema change + IArchiveMessages signature change).

Open product question

EditFailedMessagesController (edit-and-retry) and ResolveMessagesController are currently not audited (outside this spec's retry/archive/unarchive scope) — confirm whether edit-and-retry should be in the trail.

Design/plan: docs/superpowers/specs/2026-07-01-message-action-audit-design.md, docs/superpowers/plans/2026-07-01-message-action-audit.md (not committed).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant