Skip to content

docs(backlog): track username-on-user-triggered-audit follow-up#621

Merged
remyluslosius merged 2 commits into
mainfrom
docs/audit-username-followup
Jun 20, 2026
Merged

docs(backlog): track username-on-user-triggered-audit follow-up#621
remyluslosius merged 2 commits into
mainfrom
docs/audit-username-followup

Conversation

@remyluslosius

Copy link
Copy Markdown
Contributor

Records the follow-up to #620 (audit actor attribution).

#620 attributes operator-triggered audit events (Reconnect / Run-now / add host) as actor_type=user, but they render "A user …" not the actual name, because auth.Identity carries the user's ID + role but not their username/email (the identity binder looks up the role via Lookups.RoleForUser, not a display label).

Backlog item (P2, Activity Feed Follow-ups) captures the path: add an Identity.Label field, extend the Lookups interface to resolve it, populate it in the binder (session + JWT paths), and set ev.ActorLabel at the user-triggered emission sites. Security-sensitive Tier-1 auth work (system-auth-identity spec) — scope carefully. The formatter already prefers actor_label, so once the label flows the wording upgrades with no formatter change.

Docs only.

PR #620 attributes operator-triggered audit events as actor_type=user but
renders 'A user ...' (auth.Identity lacks a display label). Record the path
to showing the real username: add Identity.Label, extend Lookups, populate
in the binder, set ev.ActorLabel at emission sites. Security-sensitive
Tier-1 auth work, scoped as a P2 follow-up.
@remyluslosius remyluslosius merged commit a06010f into main Jun 20, 2026
12 checks passed
@remyluslosius remyluslosius deleted the docs/audit-username-followup branch June 20, 2026 21:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant