[BUG] Worker operations bypass audit logging #143
Description
Problem
All BullMQ workers use getPrismaClientForJob() from lib/multiTenantPrisma.ts which returns a raw Prisma client without the audit logging extensions defined in lib/prisma.ts. This means any database mutations performed by workers are not recorded in the audit log.
Affected Workers
| Worker | Operations | Audit Status |
|---|---|---|
copyMoveWorker.ts |
Case create, soft-delete, folder create/delete | Fixed in v0.17.0 (explicit captureAuditEvent calls) |
autoTagWorker.ts |
Tag creation/connection | NOT audited |
testmoImportWorker.ts |
Bulk case/folder creation | NOT audited |
syncWorker.ts |
Issue sync updates | NOT audited |
notificationWorker.ts |
Notification creation | Low priority |
forecastWorker.ts |
Forecast calculations, milestone updates | NOT audited |
repoCacheWorker.ts |
Cache updates | Low priority |
Root Cause
getPrismaClientForJob() intentionally returns a raw client for worker isolation and deadlock prevention. The audit extensions in lib/prisma.ts are only applied to the main application client.
Proposed Solutions
Option A: Explicit audit calls in each worker (current approach for copy/move)
Option B: Create an audited worker client factory that adds audit extensions to the worker client
Option C: Lightweight audit middleware that queues events without blocking transactions
Acceptance Criteria
- All workers that perform user-visible mutations log audit events
- Audit events from workers include the correct userId and projectId
- Worker audit logging does not introduce deadlocks or performance regressions