alezmad/claudemesh
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(db): realign audit_log schema — actor_member_id, prev_hash, hash chain
Some checks failed
CI / Lint (push) Has been cancelled
Details
CI / Typecheck (push) Has been cancelled
Details
CI / Broker tests (Postgres) (push) Has been cancelled
Details
CI / Docker build (linux/amd64) (push) Has been cancelled
Details

Browse Source 
The broker code moved to an append-only hash-chained audit log
(actor_member_id / actor_display_name / payload / prev_hash / hash
with integer GENERATED ALWAYS AS IDENTITY id) but prod still had
the original 0000-migration shape (actor_peer_id / metadata /
text id). Every peer_joined / peer_left event logged 'audit log
insert failed' — no audit trail captured at all.

Applied manually on prod already; committing the migration so
future environments converge.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Alejandro Gutiérrez
2026-04-15 14:26:48 +01:00
parent 4bc3c045ae
commit 6f4a44e281
1 changed files with 33 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
packages/db/migrations/0021_audit-log-schema-realign.sql Normal file
View File

@@ -0,0 +1,33 @@
-- Realign mesh.audit_log to match the current code schema.
--
-- The schema drifted: code has moved to an append-only hash-chained design
-- (actor_member_id/actor_display_name/payload/prev_hash/hash and an integer
-- GENERATED ALWAYS AS IDENTITY id) but the 0000 migration still shows the
-- old shape (actor_peer_id/target_peer_id/metadata/text id). Every peer
-- join/leave event has been logging "audit log insert failed" since the
-- broker code was updated.
--
-- Approach: drop the legacy table (no production data is read from it — the
-- old schema was unused after the code rename) and recreate under the new
-- shape. Safe because the broker treats audit-log failures as non-fatal and
-- existing rows were never surfaced via any API.
-- Guard against partial prior runs.
DROP INDEX IF EXISTS "mesh"."audit_log_mesh_id_idx";
DROP TABLE IF EXISTS "mesh"."audit_log";
CREATE TABLE "mesh"."audit_log" (
"id" integer PRIMARY KEY GENERATED ALWAYS AS IDENTITY NOT NULL,
"mesh_id" text NOT NULL,
"event_type" text NOT NULL,
"actor_member_id" text,
"actor_display_name" text,
"payload" jsonb NOT NULL DEFAULT '{}'::jsonb,
"prev_hash" text NOT NULL,
"hash" text NOT NULL,
"created_at" timestamp NOT NULL DEFAULT now(),
CONSTRAINT "audit_log_mesh_id_fk" FOREIGN KEY ("mesh_id") REFERENCES "mesh"."mesh"("id") ON DELETE CASCADE ON UPDATE CASCADE
);
CREATE INDEX IF NOT EXISTS "audit_log_mesh_id_idx" ON "mesh"."audit_log" ("mesh_id");
CREATE INDEX IF NOT EXISTS "audit_log_created_at_idx" ON "mesh"."audit_log" ("created_at");