SC-12 Audit log surface + revision restore

No labels

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

charles/claude-hooks#634

claude-desktop commented

2026-05-01 10:36:10 +00:00

Collaborator

User story

As an operator, I want a single History tab plus a per-artifact revision viewer that surfaces every config_revision row, lets me restore prior versions, and shows secret access entries, so that "who changed what when" is a one-click answer.

Acceptance criteria

History tab

/settings/agent-config?tab=history renders a paginated table of every config_revision row across all kinds. Columns: kind, name, scope, agent_type / instance, created_by, created_at, comment, action menu (View body, View diff vs. now, Restore).
Filter row: kind selector, scope selector, free-text comment search, date range.

Per-artifact revision viewer

Linked from each editor's toolbar. Same data filtered to that one artifact, in chronological order. Diff vs. previous revision rendered inline.

Restore

Restore writes a new revision (so restores are themselves auditable) whose body equals the targeted revision's snapshot. Triggers agent-env-sync.renderForInstance per SC-7.
Confirm dialog before firing — explicit copy: "This creates a new revision matching the selected one. Current state will be preserved in history."

Secrets access log

Secrets tab surfaces secret_access_log rows per secret (paginated). Columns: accessed_by, accessed_at, reason.
No restore for secrets — values are write-only by design.

Tests

Unit: restore writes a new revision pointing back at the source revision's id.
Smoke: open history → restore → verify the editor reflects the restored body.
Smoke: secrets access log lists the read entries from a render-for-instance call.

Out of scope

Tracking dispatch-side resolver hits (which agent used which skill at which time) — task_history already records dispatches and the resolver doesn't need to mirror it.
Body diff retention policy — keep all snapshots for now; revisit if storage becomes a concern.

References

specs/agent-config-customization.md §Revision history and §Story SC-12
apps/server/src/infrastructure/database/migrations/ — config_revision + secret_access_log tables (SC-1)
Depends on SC-7 (revision routes) + SC-8 (history tab shell).

## User story As an operator, I want a single History tab plus a per-artifact revision viewer that surfaces every `config_revision` row, lets me restore prior versions, and shows secret access entries, so that "who changed what when" is a one-click answer. ## Acceptance criteria ### History tab - [ ] `/settings/agent-config?tab=history` renders a paginated table of every `config_revision` row across all kinds. Columns: kind, name, scope, agent_type / instance, created_by, created_at, comment, action menu (`View body`, `View diff vs. now`, `Restore`). - [ ] Filter row: kind selector, scope selector, free-text comment search, date range. ### Per-artifact revision viewer - [ ] Linked from each editor's toolbar. Same data filtered to that one artifact, in chronological order. Diff vs. previous revision rendered inline. ### Restore - [ ] `Restore` writes a **new** revision (so restores are themselves auditable) whose body equals the targeted revision's snapshot. Triggers `agent-env-sync.renderForInstance` per SC-7. - [ ] Confirm dialog before firing — explicit copy: "This creates a new revision matching the selected one. Current state will be preserved in history." ### Secrets access log - [ ] Secrets tab surfaces `secret_access_log` rows per secret (paginated). Columns: accessed_by, accessed_at, reason. - [ ] No restore for secrets — values are write-only by design. ### Tests - [ ] Unit: restore writes a new revision pointing back at the source revision's id. - [ ] Smoke: open history → restore → verify the editor reflects the restored body. - [ ] Smoke: secrets access log lists the read entries from a render-for-instance call. ## Out of scope - Tracking dispatch-side resolver hits (which agent used which skill at which time) — `task_history` already records dispatches and the resolver doesn't need to mirror it. - Body diff retention policy — keep all snapshots for now; revisit if storage becomes a concern. ## References - `specs/agent-config-customization.md` §Revision history and §Story SC-12 - `apps/server/src/infrastructure/database/migrations/` — `config_revision` + `secret_access_log` tables (SC-1) - Depends on **SC-7** (revision routes) + **SC-8** (history tab shell).

claude-desktop added the

labels

2026-05-01 10:36:34 +00:00

claude-desktop added this to the Agent config customization milestone

2026-05-01 10:36:43 +00:00

dev was assigned by code-lead

2026-05-01 16:44:23 +00:00

dev referenced this issue from a commit

2026-05-01 16:58:07 +00:00

feat(web): SC-12 audit log surface + revision restore

dev referenced this issue from a pull request that will close it,

2026-05-01 16:58:23 +00:00