Skip to content

docs(plan): activity & audit readability initiative#615

Merged
remyluslosius merged 1 commit into
mainfrom
docs/activity-readability-plan
Jun 20, 2026
Merged

docs(plan): activity & audit readability initiative#615
remyluslosius merged 1 commit into
mainfrom
docs/activity-readability-plan

Conversation

@remyluslosius

Copy link
Copy Markdown
Contributor

Tracking doc for the initiative to make all activity/log surfaces human-readable and the audit trail a first-class exportable compliance record. Grounded in a backend+frontend map of the current state.

Key decisions captured:

  • Backend builds the human sentence (frontend keeps only display chrome) — only the server can resolve codes->sentences and IDs->names without drift.
  • The settings Audit log stays as the distinct forensic view (full envelope: actor/outcome/correlation/detail/redactions), not a duplicate of the lossy /activity?source=audit projection. Made readable + detail drawer + export.
  • Immutable/exportable audit is a committed FedRAMP/CMMC/NIST-800-53 AU requirement.
  • Readability target: sentences + clickable context + drawers + grouping/dedup.

Sequencing: Phases 0-3 (backend sentences -> shared formatter -> detail drawers + finish host tabs -> exportable readable audit log) are the committed body of work; Phases 4 (grouping/dedup) and 5 (tamper-evidence/retention/AU mapping) are fast-follow tracks.

Doc only. Next: start Phase 0 as its own feature PR.

Phased plan to make every activity/log surface human-readable and to make
the audit trail a first-class exportable compliance record.

Grounded in a backend+frontend map of the current state:
- one unified /api/v1/activity UNION feed; 2 of 5 legs (alerts, monitoring)
  already emit human sentences; compliance/intelligence/audit legs emit raw
  codes; no shared frontend formatter (6 surfaces each leak differently).
- Decisions: backend builds the sentence; settings Audit log kept as the
  distinct forensic view (not redundant with /activity); audit is a committed
  FedRAMP/CMMC/NIST-AU requirement; readability target incl. grouping/dedup.
- Sequencing: ship Phases 0-3 (full readability + exportable audit), then
  4 (grouping/dedup) + 5 (tamper-evidence/retention/AU mapping) as fast-follow.
@github-actions github-actions Bot added documentation Improvements or additions to documentation size/L labels Jun 20, 2026
@remyluslosius remyluslosius merged commit a1b1f26 into main Jun 20, 2026
12 checks passed
@remyluslosius remyluslosius deleted the docs/activity-readability-plan branch June 20, 2026 18:22
remyluslosius added a commit that referenced this pull request Jun 21, 2026
Bumps packaging/version.env to 0.2.0-rc.12 (Eyrie) and adds the CHANGELOG
entry covering the 17 PRs since rc.11 (#610-#626):

- Activity & audit readability initiative (#615-#624): human-readable titles
  across all five feed legs, host-scoped Activity + Audit tabs, readable
  Settings audit rows, CSV/JSON audit export (AU-7), 'The system' attribution.
- Host Management fixes (#611, #613): card scan link + working Group/Filters +
  server-persisted view preference; hostname/IP on scan-detail header.
- Pre-release security hardening (#625, #626): CSV formula-injection +
  silent-truncation guards, keyset-cursor data-loss fix, bounded audit detail.

Also drops the now-fixed cursor-pagination data-loss row from BACKLOG.md
(resolved by #626).

Release tests (changelog/version/package) green. The git tag push that
triggers the signed release pipeline remains the operator's step.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

documentation Improvements or additions to documentation size/L

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant