Audit Logging Check

IMPORTANT: When this command is invoked, you MUST actually SCAN the codebase and REPORT findings. Do NOT just describe what to check.

Step 1: Find Service Files

Use Glob to find all service files:

{backend}/api/services/*_service.py

Step 2: For Each Service File, CHECK:

2.1 Sensitive Entity Services

Identify services for sensitive entities:

• UserService
• RoleService
• PermissionService
• PagePermissionService
• RolePermissionService

2.2 Mutation Methods

Find methods that perform mutations:

• create_*, add_*
• update_*, modify_*
• delete_*, remove_*
• assign_*, revoke_*
• toggle_*, activate_*, deactivate_*

2.3 Log Service Check

For each mutation method, verify:

1. Service imports a log service (e.g., from api.services.log_user_service import LogUserService)
2. Service initializes log service in __init__
3. Mutation methods call log service after the mutation

Step 3: Output Report

FORMAT YOUR OUTPUT EXACTLY LIKE THIS:

╔══════════════════════════════════════════════════════════════╗
║              AUDIT LOGGING COMPLIANCE REPORT                 ║
╚══════════════════════════════════════════════════════════════╝

📋 SERVICES CHECKED
────────────────────────
✅ user_service.py - Has audit logging
✅ role_service.py - Has audit logging
❌ permission_service.py - MISSING audit logging

📊 METHOD ANALYSIS
────────────────────────
user_service.py:
  ✅ create_user (line 45) - logs to LogUserService
  ✅ update_user (line 78) - logs to LogUserService
  ✅ delete_user (line 112) - logs to LogUserService

permission_service.py:
  ❌ create_permission (line 32) - NO AUDIT LOG
  ❌ update_permission (line 56) - NO AUDIT LOG
  ❌ delete_permission (line 89) - NO AUDIT LOG

📊 SUMMARY
────────────────────────
Services with audit logging: 2/3
Methods with audit logging: 3/6

🔧 REQUIRED FIXES
────────────────────────
1. permission_service.py:
   - Import: from api.services.log_permission_service import LogPermissionService
   - Add to __init__: self._log_service = LogPermissionService()
   - Add logging calls after create/update/delete operations

Step 4: Offer to Fix (If Issues Found)

If issues are found, ask: "Would you like me to add audit logging to the services missing it?"

If user agrees, for each service:

1. Add the log service import
2. Initialize log service in __init__
3. Add logging calls after mutation operations

Audit Log Call Pattern:

await self._log_service.log_create(
    session,
    entity_id=str(entity.id),
    created_by_id=created_by_id,
    details={"field": entity.field_value},
)

CRITICAL REMINDER

This command MUST:

1. USE Glob to find service files
2. USE Read to examine each file
3. USE Grep to search for patterns
4. ACTUALLY check for log service imports and calls
5. OUTPUT a structured compliance report
6. OFFER to fix issues if found

DO NOT just tell the user to run a script. PERFORM THE CHECK.