feat: audit reports#7099
Conversation
|
💬 Discussion in Slack: #pr-review-infisical-7099-feat-secret-reporting Posted by Review Police — reviews, comments, new commits, and CI failures will stream into this channel. |
|
| Filename | Overview |
|---|---|
| backend/src/ee/services/audit-report/audit-report-service.ts | Service layer for audit report CRUD. Uses pg_advisory_xact_lock inside a transaction to make the in-flight count check atomic. Permission, license, and project version checks are all in place. |
| backend/src/ee/services/audit-report/audit-report-generators.ts | Defines seven report generators. failedRotationsReport still calls findByProject with no limit and filters failed rotations in-process, which is an unbounded DB read for large projects (flagged previously). |
| backend/src/ee/services/audit-report/audit-report-fns.ts | CSV serialisation helpers and report presentation utilities. Contains a dead-code copy of evaluateStaticSecretConstraints that is never imported by the generators (which import the same function from secret-validation-rule-fns.ts instead). |
| backend/src/services/secret-v2-bridge/secret-v2-bridge-dal.ts | New findValueValidationCandidatesByProject method fetches full encrypted values for all non-personal secrets in a project with no row limit, which can be a large unbounded data transfer for enterprise projects. |
| backend/src/ee/services/audit-report/audit-report-queue.ts | BullMQ worker that runs report generators, serialises the CSV bundle, sends it as an email attachment, and updates the report status. Handles duplicate delivery and deletion-during-processing gracefully. |
| backend/src/ee/services/audit-report/audit-report-dal.ts | Clean DAL with paginated findByProject, countByProject, and countInFlightByProject. No unsafe OR queries. |
| backend/src/ee/routes/v1/audit-report-router.ts | Fastify router with Zod-validated schemas, auth guards, rate limiting, and audit log writes for all four endpoints (POST, GET list, GET by id, DELETE). |
| backend/src/db/migrations/20260629120000_create-audit-reports.ts | Clean migration: creates the audit_reports table with FK constraints, indexes, and an on-update trigger. down drops the trigger before the table. |
| backend/src/services/smtp/smtp-service.ts | Adds optional attachments field to TSmtpSendMail and wires it through to the Nodemailer sendMail call. Minimal, non-breaking change. |
| frontend/src/pages/secret-manager/InsightsPage/components/AuditReportsCard.tsx | Paginated table of audit report history with status badge, tooltip on error/partial status, and permission-gated delete confirmation dialog. |
| frontend/src/pages/secret-manager/InsightsPage/components/RequestAuditReportModal.tsx | React Hook Form dialog for requesting audit reports; validates email recipients client-side with Zod and defaults to the requesting user's own email when left blank. |
| backend/src/services/secret-validation-rule/secret-validation-rule-fns.ts | Exports CONSTRAINT_LABELS, evaluateConstraint, and the new evaluateStaticSecretConstraints / TStaticSecretConstraintViolation so the audit report generators can reuse constraint evaluation logic. |
Reviews (2): Last reviewed commit: "requested changes" | Re-trigger Greptile
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 2bac7c712a
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
PR overviewAll previously flagged issues have been addressed. No open security concerns remain on this pull request. Security reviewNo open security issues remain on this pull request. Fixed/addressed: 3 · PR risk: 0/10 |
|
@greptile re-review and update your summary. keep my latest changes in mind during your re-review |
|
Preview deployment for your docs. Learn more about Mintlify Previews.
💡 Tip: Enable Workflows to automatically generate PRs for you. |
Context
Implements Audit reporting as an extension of secret insights for easier compliance.
Steps to verify the change
Type
Checklist
type(scope): short description(scope is optional, e.g.,fix: prevent crash on syncorfix(api): handle null response).