`Admins can view organization-wide audit logs in the dashboard`

[orchide]

As an

Org administrator

I want to

view all user and system actions that have occurred within my organization

So that

I can monitor activity, investigate incidents, and ensure operational accountability

---

✅ Acceptance Criteria

🖥️ Web Dashboard Functionality

1. Access Control:

   • Only users with the admin role can access the Audit Log tab/page.
   • Users without admin see no link to this section.

2. Audit Log Table View:

   • Display the following columns:

     • Timestamp (sortable)
     • User (resolved from user_id)
     • Event Type (diagnosis.run, fix.applied, etc.)
     • Source (cli, slack, webhook)
     • Status (success, error)
     • Summary (generated from context — e.g., “Diagnosed pod api-123”)

3. Filtering & Search:

   • Filters:

     • Date range
     • Event type
     • Source
     • Status

   • Keyword search across pod name, user name, command

4. Drill-Down View:

   • Click a row to open a modal or drawer with:

     • Full context JSON (prettified)
     • Raw metadata for auditing or debugging
     • (Optional) Links to related objects: pod, diagnosis

5. Pagination:

   • 50 logs per page with pagination controls

6. Performance:

   • Logs should load within 1s for typical orgs (indexes required)

---

🛠 GitHub Tasks

Frontend

• [UI] Audit Log Page (Admin Only)
• [UI] Table Component for Log Events
• [UI] Filters & Search Input
• [UI] Expandable Row or Modal for JSON Drill-Down
• [UI] User RBAC Enforcement

Backend

• [API] GET /audit/logs for Admins
• [Query] Indexing for Fast Filters (org_id, timestamp, event_type)
• [API] Result Pagination + Sorting
• [Security] Field Redaction Middleware (if needed)

---

📌 Additional Notes

• ❌ No CLI access to logs — all audit visibility is centralized in the dashboard
• ✅ This matches the future v2 goal of having org-wide observability and incident history
• 📦 You can build this atop Postgres and extend later to export logs via CSV