feat(ee): add enterprise audit logs settings page with server-side search

Add a new audit logs page under enterprise settings that displays all
actions captured via recordAudit. Includes server-side search, resource
type filtering, date range selection, and cursor-based pagination.

- Add internal API route (app/api/audit-logs) with session auth
- Extract shared query logic (buildFilterConditions, buildOrgScopeCondition,
  queryAuditLogs) into app/api/v1/audit-logs/query.ts
- Refactor v1 and admin audit log routes to use shared query module
- Add React Query hook with useInfiniteQuery and cursor pagination
- Add audit logs UI with debounced search, combobox filters, expandable rows
- Gate behind requiresHosted + requiresEnterprise navigation flags
- Place all enterprise audit log code in ee/audit-logs/

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: waleedlatif1

apps/sim/app/api/audit-logs/route.ts

@@ -0,0 +1,71 @@
+import { createLogger } from '@sim/logger'
+import { NextResponse } from 'next/server'
+import { getSession } from '@/lib/auth'
+import { validateEnterpriseAuditAccess } from '@/app/api/v1/audit-logs/auth'
+import { formatAuditLogEntry } from '@/app/api/v1/audit-logs/format'
+import {
+  buildFilterConditions,
+  buildOrgScopeCondition,
+  queryAuditLogs,
+} from '@/app/api/v1/audit-logs/query'
+
+const logger = createLogger('AuditLogsAPI')
+
+export const dynamic = 'force-dynamic'
+
+export async function GET(request: Request) {
+  try {
+    const session = await getSession()
+    if (!session?.user?.id) {
+      return NextResponse.json({ error: 'Unauthorized' }, { status: 401 })
+    }
+
+    const authResult = await validateEnterpriseAuditAccess(session.user.id)
+    if (!authResult.success) {
+      return authResult.response
+    }
+
+    const { orgMemberIds } = authResult.context
+
+    const { searchParams } = new URL(request.url)
+    const search = searchParams.get('search')?.trim() || undefined
+    const startDate = searchParams.get('startDate') || undefined
+    const endDate = searchParams.get('endDate') || undefined
+    const includeDeparted = searchParams.get('includeDeparted') === 'true'
+    const limit = Math.min(Math.max(Number(searchParams.get('limit')) || 50, 1), 100)
+    const cursor = searchParams.get('cursor') || undefined
+
+    if (startDate && Number.isNaN(Date.parse(startDate))) {
+      return NextResponse.json({ error: 'Invalid startDate format' }, { status: 400 })
+    }
+    if (endDate && Number.isNaN(Date.parse(endDate))) {
+      return NextResponse.json({ error: 'Invalid endDate format' }, { status: 400 })
+    }
+
+    const scopeCondition = await buildOrgScopeCondition(orgMemberIds, includeDeparted)
+    const filterConditions = buildFilterConditions({
+      action: searchParams.get('action') || undefined,
+      resourceType: searchParams.get('resourceType') || undefined,
+      actorId: searchParams.get('actorId') || undefined,
+      search,
+      startDate,
+      endDate,
+    })
+
+    const { data, nextCursor } = await queryAuditLogs(
+      [scopeCondition, ...filterConditions],
+      limit,
+      cursor
+    )
+
+    return NextResponse.json({
+      success: true,
+      data: data.map(formatAuditLogEntry),
+      nextCursor,
+    })
+  } catch (error: unknown) {
+    const message = error instanceof Error ? error.message : 'Unknown error'
+    logger.error('Audit logs fetch error', { error: message })
+    return NextResponse.json({ error: 'Internal server error' }, { status: 500 })
+  }
+}

apps/sim/app/api/v1/admin/audit-logs/route.ts

@@ -21,7 +21,7 @@
 import { db } from '@sim/db'
 import { auditLog } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
-import { and, count, desc, eq, gte, lte, type SQL } from 'drizzle-orm'
+import { and, count, desc } from 'drizzle-orm'
 import { withAdminAuth } from '@/app/api/v1/admin/middleware'
 import {
   badRequestResponse,
@@ -34,40 +34,35 @@ import {
   parsePaginationParams,
   toAdminAuditLog,
 } from '@/app/api/v1/admin/types'
+import { buildFilterConditions } from '@/app/api/v1/audit-logs/query'
 
 const logger = createLogger('AdminAuditLogsAPI')
 
 export const GET = withAdminAuth(async (request) => {
   const url = new URL(request.url)
   const { limit, offset } = parsePaginationParams(url)
 
-  const actionFilter = url.searchParams.get('action')
-  const resourceTypeFilter = url.searchParams.get('resourceType')
-  const resourceIdFilter = url.searchParams.get('resourceId')
-  const workspaceIdFilter = url.searchParams.get('workspaceId')
-  const actorIdFilter = url.searchParams.get('actorId')
-  const actorEmailFilter = url.searchParams.get('actorEmail')
-  const startDateFilter = url.searchParams.get('startDate')
-  const endDateFilter = url.searchParams.get('endDate')
+  const startDate = url.searchParams.get('startDate') || undefined
+  const endDate = url.searchParams.get('endDate') || undefined
 
-  if (startDateFilter && Number.isNaN(Date.parse(startDateFilter))) {
+  if (startDate && Number.isNaN(Date.parse(startDate))) {
     return badRequestResponse('Invalid startDate format. Use ISO 8601.')
   }
-  if (endDateFilter && Number.isNaN(Date.parse(endDateFilter))) {
+  if (endDate && Number.isNaN(Date.parse(endDate))) {
     return badRequestResponse('Invalid endDate format. Use ISO 8601.')
   }
 
   try {
-    const conditions: SQL<unknown>[] = []
-
-    if (actionFilter) conditions.push(eq(auditLog.action, actionFilter))
-    if (resourceTypeFilter) conditions.push(eq(auditLog.resourceType, resourceTypeFilter))
-    if (resourceIdFilter) conditions.push(eq(auditLog.resourceId, resourceIdFilter))
-    if (workspaceIdFilter) conditions.push(eq(auditLog.workspaceId, workspaceIdFilter))
-    if (actorIdFilter) conditions.push(eq(auditLog.actorId, actorIdFilter))
-    if (actorEmailFilter) conditions.push(eq(auditLog.actorEmail, actorEmailFilter))
-    if (startDateFilter) conditions.push(gte(auditLog.createdAt, new Date(startDateFilter)))
-    if (endDateFilter) conditions.push(lte(auditLog.createdAt, new Date(endDateFilter)))
+    const conditions = buildFilterConditions({
+      action: url.searchParams.get('action') || undefined,
+      resourceType: url.searchParams.get('resourceType') || undefined,
+      resourceId: url.searchParams.get('resourceId') || undefined,
+      workspaceId: url.searchParams.get('workspaceId') || undefined,
+      actorId: url.searchParams.get('actorId') || undefined,
+      actorEmail: url.searchParams.get('actorEmail') || undefined,
+      startDate,
+      endDate,
+    })
 
     const whereClause = conditions.length > 0 ? and(...conditions) : undefined
 

apps/sim/app/api/v1/audit-logs/query.ts

@@ -0,0 +1,141 @@
+import { db } from '@sim/db'
+import { auditLog, workspace } from '@sim/db/schema'
+import { and, desc, eq, gte, ilike, inArray, lt, lte, or, type SQL } from 'drizzle-orm'
+import type { InferSelectModel } from 'drizzle-orm'
+
+type DbAuditLog = InferSelectModel<typeof auditLog>
+
+interface CursorData {
+  createdAt: string
+  id: string
+}
+
+export function encodeCursor(data: CursorData): string {
+  return Buffer.from(JSON.stringify(data)).toString('base64')
+}
+
+export function decodeCursor(cursor: string): CursorData | null {
+  try {
+    return JSON.parse(Buffer.from(cursor, 'base64').toString())
+  } catch {
+    return null
+  }
+}
+
+export interface AuditLogFilterParams {
+  action?: string
+  resourceType?: string
+  resourceId?: string
+  workspaceId?: string
+  actorId?: string
+  actorEmail?: string
+  search?: string
+  startDate?: string
+  endDate?: string
+}
+
+export function buildFilterConditions(params: AuditLogFilterParams): SQL<unknown>[] {
+  const conditions: SQL<unknown>[] = []
+
+  if (params.action) conditions.push(eq(auditLog.action, params.action))
+  if (params.resourceType) conditions.push(eq(auditLog.resourceType, params.resourceType))
+  if (params.resourceId) conditions.push(eq(auditLog.resourceId, params.resourceId))
+  if (params.workspaceId) conditions.push(eq(auditLog.workspaceId, params.workspaceId))
+  if (params.actorId) conditions.push(eq(auditLog.actorId, params.actorId))
+  if (params.actorEmail) conditions.push(eq(auditLog.actorEmail, params.actorEmail))
+
+  if (params.search) {
+    const searchTerm = `%${params.search}%`
+    conditions.push(
+      or(
+        ilike(auditLog.action, searchTerm),
+        ilike(auditLog.actorEmail, searchTerm),
+        ilike(auditLog.actorName, searchTerm),
+        ilike(auditLog.resourceName, searchTerm),
+        ilike(auditLog.description, searchTerm)
+      )!
+    )
+  }
+
+  if (params.startDate) conditions.push(gte(auditLog.createdAt, new Date(params.startDate)))
+  if (params.endDate) conditions.push(lte(auditLog.createdAt, new Date(params.endDate)))
+
+  return conditions
+}
+
+export async function buildOrgScopeCondition(
+  orgMemberIds: string[],
+  includeDeparted: boolean
+): Promise<SQL<unknown>> {
+  if (!includeDeparted) {
+    return inArray(auditLog.actorId, orgMemberIds)
+  }
+
+  const orgWorkspaces = await db
+    .select({ id: workspace.id })
+    .from(workspace)
+    .where(inArray(workspace.ownerId, orgMemberIds))
+
+  const orgWorkspaceIds = orgWorkspaces.map((w) => w.id)
+
+  if (orgWorkspaceIds.length > 0) {
+    return or(
+      inArray(auditLog.actorId, orgMemberIds),
+      inArray(auditLog.workspaceId, orgWorkspaceIds)
+    )!
+  }
+
+  return inArray(auditLog.actorId, orgMemberIds)
+}
+
+export function buildCursorCondition(cursor: string): SQL<unknown> | null {
+  const cursorData = decodeCursor(cursor)
+  if (!cursorData?.createdAt || !cursorData.id) return null
+
+  const cursorDate = new Date(cursorData.createdAt)
+  if (Number.isNaN(cursorDate.getTime())) return null
+
+  return or(
+    lt(auditLog.createdAt, cursorDate),
+    and(eq(auditLog.createdAt, cursorDate), lt(auditLog.id, cursorData.id))
+  )!
+}
+
+interface CursorPaginatedResult {
+  data: DbAuditLog[]
+  nextCursor?: string
+}
+
+export async function queryAuditLogs(
+  conditions: SQL<unknown>[],
+  limit: number,
+  cursor?: string
+): Promise<CursorPaginatedResult> {
+  const allConditions = [...conditions]
+
+  if (cursor) {
+    const cursorCondition = buildCursorCondition(cursor)
+    if (cursorCondition) allConditions.push(cursorCondition)
+  }
+
+  const rows = await db
+    .select()
+    .from(auditLog)
+    .where(allConditions.length > 0 ? and(...allConditions) : undefined)
+    .orderBy(desc(auditLog.createdAt), desc(auditLog.id))
+    .limit(limit + 1)
+
+  const hasMore = rows.length > limit
+  const data = rows.slice(0, limit)
+
+  let nextCursor: string | undefined
+  if (hasMore && data.length > 0) {
+    const last = data[data.length - 1]
+    nextCursor = encodeCursor({
+      createdAt: last.createdAt.toISOString(),
+      id: last.id,
+    })
+  }
+
+  return { data, nextCursor }
+}