refactor(audit): migrate audit store from KV to JetStream stream#342
Merged
refactor(audit): migrate audit store from KV to JetStream stream#342
Conversation
🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
Replace NATSAudit.Bucket/TTL with Stream/Subject/MaxAge fields to reflect the migration from KV bucket to JetStream stream storage. Remove audit from AllKVBuckets() and update tests accordingly. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
Replace BuildAuditKVConfig with BuildAuditStreamConfig to build a jetstream.StreamConfig instead of KeyValueConfig. Update nats_setup.go to create an audit stream instead of a KV bucket, and update tests. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
Add TraceID to audit entries across all layers: domain type, OpenAPI spec, API handler mapping, middleware extraction, and SDK types. The field is optional and populated from the OTel span context when tracing is enabled. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
Replace KVStore with StreamStore backed by JetStream stream. Write publishes to per-entry subjects, Get uses GetLastMsgForSubject, and List/ListAll use ordered consumers with newest-first pagination. Co-Authored-By: Claude <noreply@anthropic.com>
Replace KV-based audit store wiring with stream-based approach. The controller now creates a JetStream stream, resolves it by name, and passes it to NewStreamStore along with the NATS client as publisher. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
Update configuration.md and audit-logging.md to reflect the migration from NATS KV bucket to JetStream stream. Config fields bucket→stream, ttl→max_age, new subject field. Add trace_id to audit entry table. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Use validateFunc callback in TestWrite instead of inline wantErr/errMsg pattern. Rename suite receiver from 'suite' to 's' in SDK audit types test to match project convention. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
Rename validate to validateFunc in stream store tests and replace wantCode/wantContains with validateFunc callbacks in HTTP tests. Remove defer ctrl.Finish() in favor of explicit call at end of closure. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
The integration test osapi.yaml still had the old KV bucket config (bucket, ttl) instead of stream config (stream, subject, max_age), causing the audit store to not initialize and routes to return 404. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
Add Trace ID to audit get output and truncated TRACE ID column to audit list table. Update CLI docs with example output. 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
Codecov Report✅ All modified and coverable lines are covered by tests. @@ Coverage Diff @@
## main #342 +/- ##
=======================================
Coverage 99.91% 99.91%
=======================================
Files 438 438
Lines 21205 21239 +34
=======================================
+ Hits 21186 21220 +34
Misses 11 11
Partials 8 8
Continue to review full report in Codecov by Sentry.
🚀 New features to boost your workflow:
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
trace_idfield to audit entries for OpenTelemetry correlation — populated from span context in the audit middlewareStreamStoreimplementation usingjetstream.Streamfor reads (GetLastMsgForSubject,OrderedConsumer,Info) and aPublisherinterface for writesnats.audit.bucket→stream,ttl→max_age, newsubjectfieldaudit_list_public_test.go(validateFunc pattern, defer cleanup)Test plan
stream_store.go(Write, Get, List, ListAll)just go::vet)🤖 Generated with Claude Code