@CryogenicPlanetchecks…cryo/audit-read-dashboard → cryo/audit-tier220 files · +1299 −25review: @rohanprabhureview: @sohamganatrareview: @sarthakreview: @acsrujanreview: @kaavee315review: @anshugarg15updated 5h agomaster (merge bottom → top)AuditAction enum → master (reland of #10514, reverted in #10584)auditedTransaction (branded AuditedTx) → #10603Supersedes the production-based stack (#10355 / #10457 / #10510 / #10511 / #10513).
You are here: #10517
Part 4 (on master, stacks on #10516) — the customer-facing read over the ClickHouse audit_logs table, on the internal-dashboard surface (dashboard-session auth) instead of the public v3.1 API.
clickhouse-audit-logs.ts — getAuditLogs(): org-scoped keyset pagination ordered (createdAt DESC, id DESC) to match the table ORDER BY, opaque cursor, exact-match parameterized filters over a hardcoded column allowlist (incl. the MATERIALIZED auth_method_kind/credential_id/actor_email).GET /api/internal-dashboard/audit_logs — getDashboardRouter + getDashboardOrgAuthInfo, org ADMIN required, forces is_internal = 0 so internal/admin-token/system rows never surface to customers.⚠️ Static-only (worktree has no deps); CI typecheck/lint is the backstop. Carried-over reader follow-ups (flagged earlier): reject undecodable cursors instead of replaying page 1, and over-fetch so dropped-on-validation rows don't end pagination early.
🤖 Generated with Claude Code
makeService over the existing singleton): pinned deterministic read settings + typed errors. Row decoding moved zod → effect Schema, still per-row tolerant. SQL, filters, and keyset pagination unchanged.nextCursor derives from raw rows so validation-dropped rows can't end pagination early.(org_id, project_id, createdAt, id) sort key (fixed in #10516, which owns the DDL).[!WARNING] This pull request is not mergeable via GitHub because a downstack PR is open. Once all requirements are satisfied, merge this PR as a stack on Graphite. Learn more
masterThis stack of pull requests is managed by Graphite. Learn more about stacking.