Add SQLite audit log for action execution

JE-Chen · JE-Chen · commit a340aed58550 · 2026-04-21T22:27:53.000+08:00
diff --git a/automation_file/__init__.py b/automation_file/__init__.py
@@ -19,6 +19,7 @@
     validate_action,
 )
 from automation_file.core.action_registry import ActionRegistry, build_default_registry
+from automation_file.core.audit import AuditException, AuditLog
 from automation_file.core.callback_executor import CallbackExecutor
 from automation_file.core.checksum import (
     ChecksumMismatchException,
@@ -313,6 +314,8 @@ def __getattr__(name: str) -> Any:
     "ManifestException",
     "write_manifest",
     "verify_manifest",
+    "AuditException",
+    "AuditLog",
     # Triggers
     "FileWatcher",
     "TriggerManager",
diff --git a/automation_file/core/audit.py b/automation_file/core/audit.py
@@ -0,0 +1,140 @@
+"""SQLite-backed audit log for executed actions.
+
+``AuditLog(db_path)`` opens (or creates) a single-table SQLite database and
+appends one row per action execution. Rows carry the timestamp, action name,
+a JSON-encoded snapshot of the payload, the result / error repr, and the
+duration in milliseconds.
+
+Writes use a short-lived connection per call (``check_same_thread=False``
+semantics) so the log is safe to share between background worker threads
+and the scheduler. Readers call :meth:`AuditLog.recent` to pull the most
+recent N rows.
+
+The module deliberately avoids buffering / background queues: every row is
+persisted synchronously with an ``INSERT`` inside a ``with connect(..)`` so
+a crash at most loses the currently-executing action.
+"""
+
+from __future__ import annotations
+
+import json
+import sqlite3
+import threading
+import time
+from contextlib import closing
+from pathlib import Path
+from typing import Any
+
+from automation_file.exceptions import FileAutomationException
+from automation_file.logging_config import file_automation_logger
+
+_SCHEMA = """
+CREATE TABLE IF NOT EXISTS audit (
+    id INTEGER PRIMARY KEY AUTOINCREMENT,
+    ts REAL NOT NULL,
+    action TEXT NOT NULL,
+    payload TEXT NOT NULL,
+    result TEXT,
+    error TEXT,
+    duration_ms REAL NOT NULL
+);
+CREATE INDEX IF NOT EXISTS idx_audit_ts ON audit (ts DESC);
+"""
+
+
+class AuditException(FileAutomationException):
+    """Raised when the audit log cannot be opened or written."""
+
+
+class AuditLog:
+    """Synchronous SQLite audit log."""
+
+    def __init__(self, db_path: str | Path) -> None:
+        self._db_path = Path(db_path)
+        self._lock = threading.Lock()
+        try:
+            self._db_path.parent.mkdir(parents=True, exist_ok=True)
+            with closing(self._connect()) as conn:
+                conn.executescript(_SCHEMA)
+                conn.commit()
+        except (OSError, sqlite3.DatabaseError) as err:
+            raise AuditException(f"cannot open audit log {self._db_path}: {err}") from err
+
+    def record(
+        self,
+        action: str,
+        payload: Any,
+        *,
+        result: Any = None,
+        error: BaseException | None = None,
+        duration_ms: float = 0.0,
+    ) -> None:
+        """Append a single audit row. Never raises — failures are logged only."""
+        row = (
+            time.time(),
+            action,
+            _safe_json(payload),
+            _safe_json(result) if result is not None else None,
+            repr(error) if error is not None else None,
+            float(duration_ms),
+        )
+        try:
+            with self._lock, closing(self._connect()) as conn:
+                conn.execute(
+                    "INSERT INTO audit (ts, action, payload, result, error, duration_ms)"
+                    " VALUES (?, ?, ?, ?, ?, ?)",
+                    row,
+                )
+                conn.commit()
+        except sqlite3.DatabaseError as err:
+            file_automation_logger.error("audit.record failed: %r", err)
+
+    def recent(self, limit: int = 100) -> list[dict[str, Any]]:
+        """Return the newest ``limit`` rows, newest first."""
+        if limit <= 0:
+            return []
+        with closing(self._connect()) as conn:
+            cursor = conn.execute(
+                "SELECT id, ts, action, payload, result, error, duration_ms"
+                " FROM audit ORDER BY ts DESC LIMIT ?",
+                (limit,),
+            )
+            rows = cursor.fetchall()
+        return [
+            {
+                "id": row[0],
+                "ts": row[1],
+                "action": row[2],
+                "payload": json.loads(row[3]) if row[3] else None,
+                "result": json.loads(row[4]) if row[4] else None,
+                "error": row[5],
+                "duration_ms": row[6],
+            }
+            for row in rows
+        ]
+
+    def count(self) -> int:
+        with closing(self._connect()) as conn:
+            cursor = conn.execute("SELECT COUNT(*) FROM audit")
+            (total,) = cursor.fetchone()
+        return int(total)
+
+    def purge(self, older_than_seconds: float) -> int:
+        """Delete rows older than ``older_than_seconds`` and return the row count."""
+        if older_than_seconds <= 0:
+            raise AuditException("older_than_seconds must be positive")
+        cutoff = time.time() - older_than_seconds
+        with self._lock, closing(self._connect()) as conn:
+            cursor = conn.execute("DELETE FROM audit WHERE ts < ?", (cutoff,))
+            conn.commit()
+            return int(cursor.rowcount)
+
+    def _connect(self) -> sqlite3.Connection:
+        return sqlite3.connect(self._db_path, timeout=5.0)
+
+
+def _safe_json(value: Any) -> str:
+    try:
+        return json.dumps(value, default=repr, ensure_ascii=False)
+    except (TypeError, ValueError):
+        return json.dumps(repr(value), ensure_ascii=False)
diff --git a/tests/test_audit.py b/tests/test_audit.py
@@ -0,0 +1,118 @@
+"""Tests for the SQLite-backed action audit log."""
+
+from __future__ import annotations
+
+import time
+from pathlib import Path
+
+import pytest
+
+from automation_file import AuditException, AuditLog
+
+
+def test_audit_log_creates_parent_directory(tmp_path: Path) -> None:
+    db_path = tmp_path / "nested" / "audit.sqlite"
+    log = AuditLog(db_path)
+    assert db_path.exists()
+    assert log.count() == 0
+
+
+def test_record_and_recent_roundtrip(tmp_path: Path) -> None:
+    log = AuditLog(tmp_path / "audit.sqlite")
+    log.record("FA_copy_file", {"src": "a", "dst": "b"}, result={"ok": True}, duration_ms=12.5)
+    rows = log.recent()
+    assert len(rows) == 1
+    row = rows[0]
+    assert row["action"] == "FA_copy_file"
+    assert row["payload"] == {"src": "a", "dst": "b"}
+    assert row["result"] == {"ok": True}
+    assert row["error"] is None
+    assert row["duration_ms"] == 12.5
+
+
+def test_record_error_stores_repr(tmp_path: Path) -> None:
+    log = AuditLog(tmp_path / "audit.sqlite")
+    err = ValueError("boom")
+    log.record("FA_test", {"x": 1}, error=err, duration_ms=0.0)
+    row = log.recent()[0]
+    assert row["error"] is not None
+    assert "ValueError" in row["error"]
+    assert "boom" in row["error"]
+    assert row["result"] is None
+
+
+def test_recent_returns_newest_first(tmp_path: Path) -> None:
+    log = AuditLog(tmp_path / "audit.sqlite")
+    log.record("first", {"i": 1})
+    time.sleep(0.01)
+    log.record("second", {"i": 2})
+    time.sleep(0.01)
+    log.record("third", {"i": 3})
+    rows = log.recent()
+    assert [r["action"] for r in rows] == ["third", "second", "first"]
+
+
+def test_recent_respects_limit(tmp_path: Path) -> None:
+    log = AuditLog(tmp_path / "audit.sqlite")
+    for index in range(5):
+        log.record(f"action-{index}", {"i": index})
+    rows = log.recent(limit=2)
+    assert len(rows) == 2
+
+
+def test_recent_zero_limit_returns_empty(tmp_path: Path) -> None:
+    log = AuditLog(tmp_path / "audit.sqlite")
+    log.record("x", {})
+    assert log.recent(limit=0) == []
+
+
+def test_count_reflects_inserts(tmp_path: Path) -> None:
+    log = AuditLog(tmp_path / "audit.sqlite")
+    assert log.count() == 0
+    log.record("a", {})
+    log.record("b", {})
+    assert log.count() == 2
+
+
+def test_purge_removes_old_rows(tmp_path: Path) -> None:
+    log = AuditLog(tmp_path / "audit.sqlite")
+    log.record("old", {})
+    # Backdate the row so it's older than the cutoff.
+    import sqlite3
+
+    with sqlite3.connect(log._db_path) as conn:
+        conn.execute("UPDATE audit SET ts = ? WHERE action = 'old'", (time.time() - 3600,))
+        conn.commit()
+    log.record("fresh", {})
+    removed = log.purge(older_than_seconds=60)
+    assert removed == 1
+    remaining = [row["action"] for row in log.recent()]
+    assert remaining == ["fresh"]
+
+
+def test_purge_rejects_non_positive(tmp_path: Path) -> None:
+    log = AuditLog(tmp_path / "audit.sqlite")
+    with pytest.raises(AuditException):
+        log.purge(0)
+
+
+def test_record_non_serialisable_payload_falls_back_to_repr(tmp_path: Path) -> None:
+    log = AuditLog(tmp_path / "audit.sqlite")
+
+    class Custom:
+        def __repr__(self) -> str:
+            return "<custom>"
+
+    log.record("weird", {"obj": Custom()}, result={"marker": object()})
+    row = log.recent()[0]
+    assert row["action"] == "weird"
+    assert "<custom>" in str(row["payload"])
+    assert row["result"] is not None
+
+
+def test_cannot_open_audit_log_in_missing_root(tmp_path: Path) -> None:
+    # Point at a path whose parent cannot be created (a file, not a dir).
+    blocker = tmp_path / "blocker"
+    blocker.write_text("x", encoding="utf-8")
+    with pytest.raises(AuditException):
+        AuditLog(blocker / "child" / "audit.sqlite")
