Problem
State-changing operations in CRUD stores do not emit audit events, despite the audit infrastructure being fully built out. This was flagged during PR #127 code review.
Specifically:
environment.Store (Create, Delete) emits no audit eventssecret.Store (Create, Delete, RotateKey) has audit.Action constants defined (ActionCredentialCreated, ActionCredentialDeleted, ActionCredentialRotated) but they are never emitted from the store — only RotateKey emits from the CLI command layer
The project's architecture principle is "audit from day one — every state-changing operation emits an audit event via the AuditEmitter interface." Current stores violate this.
Proposed Approach
Add an optional audit.Emitter field to each store. When set, state-changing methods emit audit events with before/after snapshots. When nil, stores work silently (preserving backward compatibility for tests).
Stores to update
environment.Store — emit on Create, Deletesecret.Store — emit on Create, Delete (using existing ActionCredentialCreated, ActionCredentialDeleted constants)
New audit actions needed
ActionEnvironmentCreatedActionEnvironmentDeleted
Pattern
Each store method that mutates state should:
- Perform the operation
- If
Emitter is non-nil, emit an audit.Event with the appropriate action, resource identifier, and before/after state
- Return any emit error wrapped alongside the operation result
CLI wiring
CLI commands that construct stores should inject the emitter from the engine or config context, consistent with how cancel.go and rotate_key.go currently emit events.
Acceptance Criteria
Problem
State-changing operations in CRUD stores do not emit audit events, despite the audit infrastructure being fully built out. This was flagged during PR #127 code review.
Specifically:
environment.Store(Create, Delete) emits no audit eventssecret.Store(Create, Delete, RotateKey) hasaudit.Actionconstants defined (ActionCredentialCreated,ActionCredentialDeleted,ActionCredentialRotated) but they are never emitted from the store — onlyRotateKeyemits from the CLI command layerThe project's architecture principle is "audit from day one — every state-changing operation emits an audit event via the AuditEmitter interface." Current stores violate this.
Proposed Approach
Add an optional
audit.Emitterfield to each store. When set, state-changing methods emit audit events with before/after snapshots. When nil, stores work silently (preserving backward compatibility for tests).Stores to update
environment.Store— emit on Create, Deletesecret.Store— emit on Create, Delete (using existingActionCredentialCreated,ActionCredentialDeletedconstants)New audit actions needed
ActionEnvironmentCreatedActionEnvironmentDeletedPattern
Each store method that mutates state should:
Emitteris non-nil, emit anaudit.Eventwith the appropriate action, resource identifier, and before/after stateCLI wiring
CLI commands that construct stores should inject the emitter from the engine or config context, consistent with how
cancel.goandrotate_key.gocurrently emit events.Acceptance Criteria
environment.Storeemits audit events on Create and Deletesecret.Storeemits audit events on Create and DeleteActionEnvironmentCreatedandActionEnvironmentDeletedconstants addedActionCredentialCreatedandActionCredentialDeletedconstants are used (not duplicated)