Skip to content

feat(admin): capture ip_address + user_agent in org-settings audit log#3477

Merged
bokelley merged 1 commit into
mainfrom
claude/issue-3466-audit-ip-ua
Apr 28, 2026
Merged

feat(admin): capture ip_address + user_agent in org-settings audit log#3477
bokelley merged 1 commit into
mainfrom
claude/issue-3466-audit-ip-ua

Conversation

@bokelley

Copy link
Copy Markdown
Contributor

Refs #3466

Adds ip_address and user_agent fields to the details JSONB block of the organization_settings_updated audit log entry (PATCH /api/organizations/:orgId/settings). This is Improvement 1 from the issue; Improvement 2 (the disabled_at column + trigger change) remains on the parent issue pending a design decision on cohort semantics.

Non-breaking justification: Adds two new keys to an existing Record<string, any> JSONB details field. The audit log table has no column constraints on details; no schema migration is needed. Existing audit queries that read details are unaffected — they ignore unknown keys.

Implementation notes:

  • ip_address placed before ...updates spread so payload keys can never silently overwrite it.
  • user_agent sanitized (control chars stripped, 512-char truncation) before insertion into JSONB to prevent log-pipeline injection.
  • req.get('user-agent') (lowercase) matches the established convention in http.ts lines 6340–6352.
  • req.ip is correct given trust proxy 1 is set in http.ts:581 for Fly.io's single-proxy topology.

Nits surfaced (not fixed):

  • Adding a comment next to trust proxy 1 in http.ts noting the assumed proxy topology would help future infra changes. Out of scope for this PR.
  • Empty-string User-Agent ("") passes through as "" rather than null; harmless for forensics.

Pre-PR review:

  • code-reviewer: approved — spread order correct (ip_address/user_agent before ...updates), sanitization regex is linear (not polynomial), req.ip + trust-proxy usage sound; two nits surfaced above, none blocking
  • internal-tools-strategist: approved — ip_address key and lowercase user-agent header match codebase conventions; no collision risk with existing audit log queries or exports

Triage-managed PR. This bot does not currently iterate on
review comments or PR conversation threads (only on the source
issue). To unblock:

  • Push fixup commits directly: gh pr checkout <num>
    fix → push.
  • Or re-trigger: comment /triage execute on the source
    issue.

See #3121
for context.

Session: https://claude.ai/code/session_01UcPQT3fEmyDhNj2GWZDD3S


Generated by Claude Code

@bokelley bokelley added the claude-triaged Issue has been triaged by the Claude Code triage routine. Remove to re-triage. label Apr 28, 2026
@bokelley bokelley marked this pull request as ready for review April 28, 2026 19:46
@bokelley bokelley merged commit 8ab6650 into main Apr 28, 2026
13 checks passed
@bokelley bokelley deleted the claude/issue-3466-audit-ip-ua branch April 28, 2026 19:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

claude-triaged Issue has been triaged by the Claude Code triage routine. Remove to re-triage.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants