feat(audit): harden API audit log redaction and schema

- Change query_json column from TEXT to JSON, ip/user_agent to CHAR(64)
  for PII redaction compliance
- Update repository, service, and views for hardened schema
- Add architecture contract test for security logging redaction
- Add search resource provider test coverage
- Include DB migration script for existing installs

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-04-05 23:20:55 +02:00
parent c2a7d6b789
commit c6c5d06936
14 changed files with 255 additions and 77 deletions

View File

@@ -42,6 +42,16 @@ class AuditSearchResourceProviderTest extends TestCase
$this->assertSame('audit.system.view', $resources['system-audit']['permission']);
}
public function testApiAuditSearchSqlIncludesUserAgentHashField(): void
{
$resources = $this->provider->resources();
$apiAudit = $resources['api-audit'];
$this->assertStringContainsString('user_agent like ?', $apiAudit['count_sql']);
$this->assertStringContainsString('user_agent like ?', $apiAudit['preview_sql']);
$this->assertStringContainsString('user_agent like ?', $apiAudit['result_sql']);
}
public function testMapApiAuditItem(): void
{
$row = [