blightbow/evennia_ai
2
0
Fork 0
Code Issues 9 Pull requests Projects Releases Packages Wiki Activity Actions

[P2] Add Audit Logging #12

New issue
Closed
opened 2025-12-05 13:49:33 +00:00 by blightbow · 1 comment
blightbow commented 2025-12-05 13:49:33 +00:00
Owner
Copy link

Problem

  • API configuration changes not logged
  • No record of who changed what, when
  • Component/template CRUD untracked

Suggested Fix

Log all configuration changes with user, timestamp, old/new values.

Priority

P2 — Medium Priority

Source

Architecture Audit 2025-12-03, Critical Gaps Section 2: No Audit Logging

## Problem - API configuration changes not logged - No record of who changed what, when - Component/template CRUD untracked ## Suggested Fix Log all configuration changes with user, timestamp, old/new values. ## Priority **P2 — Medium Priority** ## Source Architecture Audit 2025-12-03, Critical Gaps Section 2: No Audit Logging
blightbow commented 2025-12-08 07:03:36 +00:00
Author
Owner
Copy link

Implementation complete in commit 6b89e23f8.

Approach: Medium - AuditLoggingMixin + structured JSON logging (no DB model)

Changes:

  • Created AuditLoggingMixin in api/views/mixins/audit_logging.py
  • Intercepts dispatch() for POST/PATCH/PUT/DELETE requests
  • Logs structured JSON with [AI_AUDIT] prefix via Evennia logger
  • Sensitive field masking (API keys, tokens, passwords)
  • Value truncation for large payloads
  • Applied to AssistantViewSet, ComponentViewSet, TemplateViewSet

Log format example:

[AI_AUDIT] {
  "timestamp": "2025-01-01T12:00:00Z",
  "user": "admin",
  "method": "PATCH",
  "endpoint": "/api/ai-assistants/mybot/configuration/update/",
  "assistant_key": "mybot",
  "action": "configuration_update",
  "field": "llm_model",
  "new_value": "gpt-4",
  "status_code": 200,
  "success": true
}

Tests: 16 tests added in test_api_audit.py covering mixin functionality and integration.

Implementation complete in commit `6b89e23f8`. **Approach**: Medium - AuditLoggingMixin + structured JSON logging (no DB model) **Changes:** - Created `AuditLoggingMixin` in `api/views/mixins/audit_logging.py` - Intercepts `dispatch()` for POST/PATCH/PUT/DELETE requests - Logs structured JSON with `[AI_AUDIT]` prefix via Evennia logger - Sensitive field masking (API keys, tokens, passwords) - Value truncation for large payloads - Applied to `AssistantViewSet`, `ComponentViewSet`, `TemplateViewSet` **Log format example:** ```json [AI_AUDIT] { "timestamp": "2025-01-01T12:00:00Z", "user": "admin", "method": "PATCH", "endpoint": "/api/ai-assistants/mybot/configuration/update/", "assistant_key": "mybot", "action": "configuration_update", "field": "llm_model", "new_value": "gpt-4", "status_code": 200, "success": true } ``` **Tests**: 16 tests added in `test_api_audit.py` covering mixin functionality and integration.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
feature/agentic-patterns
refactor/modular-prompt-contexts
feature/advanced-prompt-visualizer
ai-messaging-refactor
docs/bootstrap-refinement
feature/bootstrap-refactor
feature/k8s-entrypoint
gh-pages
v5.0.0
v4.0.0
v3.0.0
v2.0.0
v1.3.0
v1.0.0
v0.9.5
v5.0.1
v5.0.0
v4.5.0
v4.4.1
v4.4.0
v4.3.0
v4.2.0
v4.1.1
v4.1.0
v4.0.0
v3.2.0
v3.1.1
v3.1.0
v3.0.0
rm
v2.3.0
v2.2.0
v2.1.0
v2.0.1
v2.0.0
v1.3.0
v1.2.1
v1.2.0
v1.1.1
v1.1.0
v1.0.2
v1.0.1
v1.0
v0.9.5
0.5.0-fork0
v0.9
last-python2.7
python-3.7
0.5.0
v0.8
v0.7
player-account-step1
v0.6
0.2.0
v0.5
show
django1.7
migrate_before_django1.7
Labels
Clear labels   
audit-2025-12-03

Architecture audit findings from 2025-12-03

  
component/api

REST API endpoints and serializers

  
component/commands

In-game commands (aisetup, aiexec, etc.)

  
component/llm

LLM providers, prompt construction, token management

  
component/memory

Entity memory, episodic index, Mem0 integration

  
component/tick-loop

at_tick(), ReAct loop, execution patterns

  
component/tools

Tool system and tool implementations

  
priority
high
Critical or blocking issue

  
priority
low
Nice to have, non-urgent

  
status
in-progress
Actively being worked on

  
status
needs-info
Waiting for more information from reporter

  
status
needs-triage
Awaiting initial review and categorization

  
status
on-hold
Blocked or intentionally paused

  
type
bug
Actual error or unwanted behavior

  
type
documentation
Docs, docstrings, or README

  
type
enhancement
Improvement to existing feature

  
type
feature
New functionality request

  
type
refactor
Code cleanup without behavior change

  
type
test
Test coverage or test infrastructure

No labels
audit-2025-12-03
component/api
component/commands
component/llm
component/memory
component/tick-loop
component/tools
priority
high
priority
low
status
in-progress
status
needs-info
status
needs-triage
status
on-hold
type
bug
type
documentation
type
enhancement
type
feature
type
refactor
type
test
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
blightbow/evennia_ai#12
No description provided.