flipper_trail 0.1.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA256:
+  metadata.gz: 425a200f7f1adfd2189e635fd5ac6f8222c3ee378ed16b37ccf619b73b0afa08
+  data.tar.gz: 78ae88629c4ac213ff0f19c3ac1b965d05dadf4b1ee453d0412700245538665b
+SHA512:
+  metadata.gz: 4dfa66bd8e0eb5d91765b8f414036c5b8963026e954894b07081a8ebb1578d142366aefe1897ef6a66efb621d9d645406b1bbe40ba0219a590782f1015d763ba
+  data.tar.gz: bde74d0cbac33836944937627571f6d67857219a14f505dd7bdbb58e215340643151d28ca385ecd94d6b9b6ece030788d83dc320831611730643c5e69135e09b

data/CHANGELOG.md

@@ -0,0 +1,23 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+### Changed
+
+- Audit store is now inferred from the wrapped Flipper adapter (`ActiveRecord` → `:active_record`, `Mongo` → `:mongoid`); `config.storage` is an optional override (previously required for non-ActiveRecord apps). Wrapping an un-inferable adapter without setting `config.storage` raises a clear error.
+- Added an `actor_id`/`created_at` index to both storage backends (the `history(actor_id:)` filter was previously unindexed). Documented that Mongoid audit indexes must be built once via `create_indexes` (declaration does not auto-create them).
+
+### Added
+
+- Flipper adapter decorator capturing before/after state on enable/disable/add/remove/clear.
+- Actor attribution via thread-local Current + Rack middleware, with a system-actor fallback.
+- No-op diff suppression to collapse Flipper's internal double-writes.
+- ActiveRecord and Mongoid storage backends.
+- `FlipperTrail.history` query API.
+- `FlipperTrail.wrap(adapter)` convenience helper for wiring the audit decorator.
+- Rails install generator (migration + initializer).

data/CODE_OF_CONDUCT.md

@@ -0,0 +1,89 @@
+# Contributor Covenant 3.0 Code of Conduct
+
+## Our Pledge
+
+We pledge to make our community welcoming, safe, and equitable for all.
+
+We are committed to fostering an environment that respects and promotes the dignity, rights, and contributions of all individuals, regardless of characteristics including race, ethnicity, caste, color, age, physical characteristics, neurodiversity, disability, sex or gender, gender identity or expression, sexual orientation, language, philosophy or religion, national or social origin, socio-economic position, level of education, or other status. The same privileges of participation are extended to everyone who participates in good faith and in accordance with this Covenant.
+
+
+## Encouraged Behaviors
+
+While acknowledging differences in social norms, we all strive to meet our community's expectations for positive behavior. We also understand that our words and actions may be interpreted differently than we intend based on culture, background, or native language.
+
+With these considerations in mind, we agree to behave mindfully toward each other and act in ways that center our shared values, including:
+
+1. Respecting the **purpose of our community**, our activities, and our ways of gathering.
+2. Engaging **kindly and honestly** with others.
+3. Respecting **different viewpoints** and experiences.
+4. **Taking responsibility** for our actions and contributions.
+5. Gracefully giving and accepting **constructive feedback**.
+6. Committing to **repairing harm** when it occurs.
+7. Behaving in other ways that promote and sustain the **well-being of our community**.
+
+
+## Restricted Behaviors
+
+We agree to restrict the following behaviors in our community. Instances, threats, and promotion of these behaviors are violations of this Code of Conduct.
+
+1. **Harassment.** Violating explicitly expressed boundaries or engaging in unnecessary personal attention after any clear request to stop.
+2. **Character attacks.** Making insulting, demeaning, or pejorative comments directed at a community member or group of people.
+3. **Stereotyping or discrimination.** Characterizing anyone's personality or behavior on the basis of immutable identities or traits.
+4. **Sexualization.** Behaving in a way that would generally be considered inappropriately intimate in the context or purpose of the community.
+5. **Violating confidentiality**. Sharing or acting on someone's personal or private information without their permission.
+6. **Endangerment.** Causing, encouraging, or threatening violence or other harm toward any person or group.
+7. Behaving in other ways that **threaten the well-being** of our community.
+
+### Other Restrictions
+
+1. **Misleading identity.** Impersonating someone else for any reason, or pretending to be someone else to evade enforcement actions.
+2. **Failing to credit sources.** Not properly crediting the sources of content you contribute.
+3. **Promotional materials**. Sharing marketing or other commercial content in a way that is outside the norms of the community.
+4. **Irresponsible communication.** Failing to responsibly present content which includes, links or describes any other restricted behaviors.
+
+
+## Reporting an Issue
+
+Tensions can occur between community members even when they are trying their best to collaborate. Not every conflict represents a code of conduct violation, and this Code of Conduct reinforces encouraged behaviors and norms that can help avoid conflicts and minimize harm.
+
+When an incident does occur, it is important to report it promptly. To report a possible violation, email the project maintainer privately at **saygunicyuz@gmail.com**. Reports are handled confidentially.
+
+Community Moderators take reports of violations seriously and will make every effort to respond in a timely manner. They will investigate all reports of code of conduct violations, reviewing messages, logs, and recordings, or interviewing witnesses and other participants. Community Moderators will keep investigation and enforcement actions as transparent as possible while prioritizing safety and confidentiality. In order to honor these values, enforcement actions are carried out in private with the involved parties, but communicating to the whole community may be part of a mutually agreed upon resolution.
+
+
+## Addressing and Repairing Harm
+
+If an investigation by the Community Moderators finds that this Code of Conduct has been violated, the following enforcement ladder may be used to determine how best to repair harm, based on the incident's impact on the individuals involved and the community as a whole. Depending on the severity of a violation, lower rungs on the ladder may be skipped.
+
+1) Warning
+   1) Event: A violation involving a single incident or series of incidents.
+   2) Consequence: A private, written warning from the Community Moderators.
+   3) Repair: Examples of repair include a private written apology, acknowledgement of responsibility, and seeking clarification on expectations.
+2) Temporarily Limited Activities
+   1) Event: A repeated incidence of a violation that previously resulted in a warning, or the first incidence of a more serious violation.
+   2) Consequence: A private, written warning with a time-limited cooldown period designed to underscore the seriousness of the situation and give the community members involved time to process the incident. The cooldown period may be limited to particular communication channels or interactions with particular community members.
+   3) Repair: Examples of repair may include making an apology, using the cooldown period to reflect on actions and impact, and being thoughtful about re-entering community spaces after the period is over.
+3) Temporary Suspension
+   1) Event: A pattern of repeated violation which the Community Moderators have tried to address with warnings, or a single serious violation.
+   2) Consequence: A private written warning with conditions for return from suspension. In general, temporary suspensions give the person being suspended time to reflect upon their behavior and possible corrective actions.
+   3) Repair: Examples of repair include respecting the spirit of the suspension, meeting the specified conditions for return, and being thoughtful about how to reintegrate with the community when the suspension is lifted.
+4) Permanent Ban
+   1) Event: A pattern of repeated code of conduct violations that other steps on the ladder have failed to resolve, or a violation so serious that the Community Moderators determine there is no way to keep the community safe with this person as a member.
+   2) Consequence: Access to all community spaces, tools, and communication channels is removed. In general, permanent bans should be rarely used, should have strong reasoning behind them, and should only be resorted to if working through other remedies has failed to change the behavior.
+   3) Repair: There is no possible repair in cases of this severity.
+
+This enforcement ladder is intended as a guideline. It does not limit the ability of Community Managers to use their discretion and judgment, in keeping with the best interests of our community.
+
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public or other spaces. Examples of representing our community include using an official email address, posting via an official social media account, or acting as an appointed representative at an online or offline event.
+
+
+## Attribution
+
+This Code of Conduct is adapted from the Contributor Covenant, version 3.0, permanently available at [https://www.contributor-covenant.org/version/3/0/](https://www.contributor-covenant.org/version/3/0/).
+
+Contributor Covenant is stewarded by the Organization for Ethical Source and licensed under CC BY-SA 4.0. To view a copy of this license, visit [https://creativecommons.org/licenses/by-sa/4.0/](https://creativecommons.org/licenses/by-sa/4.0/)
+
+For answers to common questions about Contributor Covenant, see the FAQ at [https://www.contributor-covenant.org/faq](https://www.contributor-covenant.org/faq). Translations are provided at [https://www.contributor-covenant.org/translations](https://www.contributor-covenant.org/translations). Additional enforcement and community guideline resources can be found at [https://www.contributor-covenant.org/resources](https://www.contributor-covenant.org/resources). The enforcement ladder was inspired by the work of [Mozilla's code of conduct team](https://github.com/mozilla/inclusion).

data/CONTRIBUTING.md

@@ -0,0 +1,65 @@
+# Contributing to flipper_trail
+
+Thanks for your interest in improving flipper_trail! This document covers how to
+get set up locally, run the test suite, and what we expect in a pull request.
+
+By participating in this project you agree to abide by our
+[Code of Conduct](CODE_OF_CONDUCT.md).
+
+## Local setup
+
+The gem installs its dependencies into `vendor/bundle` (configured via
+`.bundle/config`). After cloning, install everything with:
+
+```bash
+bin/setup        # wraps `bundle install`
+# or directly:
+bundle install
+```
+
+## Running the suite
+
+The specs run against two storage backends:
+
+```bash
+bundle exec rspec              # 45 examples — ActiveRecord on an in-memory SQLite database
+MONGOID=1 bundle exec rspec    # 50 examples — adds the Mongoid backend
+```
+
+The Mongoid run requires a running `mongod` reachable at `127.0.0.1:27017`. The
+default (SQLite) run has no external service dependency.
+
+## Linting
+
+```bash
+bundle exec rubocop
+```
+
+RuboCop must report **zero** offenses. The configuration lives in `.rubocop.yml`.
+
+## The full gate
+
+`bundle exec rake` runs both the spec suite and RuboCop, and is the single
+command CI mirrors. Run it before opening a pull request:
+
+```bash
+bundle exec rake
+```
+
+## Backends are optional, host-provided
+
+ActiveRecord (`activerecord`) and Mongoid (`mongoid`) are **optional** storage
+backends. They are declared as development dependencies so the suite can exercise
+both, but they are **not** runtime dependencies of the gem — your application
+provides whichever ORM it already uses. The only runtime dependencies are
+`activesupport` and `flipper`.
+
+## Pull request expectations
+
+- **Add tests** covering your change; keep `bundle exec rspec` and
+  `MONGOID=1 bundle exec rspec` green.
+- **Update the [CHANGELOG](CHANGELOG.md)** under the `## [Unreleased]` heading.
+- **Keep RuboCop clean** — no new offenses (`bundle exec rubocop`).
+- Make sure `bundle exec rake` passes locally before pushing.
+
+Thanks again for contributing!

data/LICENSE.txt

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2026 Saygun Icyuz
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

data/README.md

@@ -0,0 +1,139 @@
+# flipper_trail
+
+[![CI](https://github.com/saygun/flipper_trail/actions/workflows/ci.yml/badge.svg)](https://github.com/saygun/flipper_trail/actions/workflows/ci.yml)
+[![Gem Version](https://img.shields.io/gem/v/flipper_trail.svg)](https://rubygems.org/gems/flipper_trail)
+[![Downloads](https://img.shields.io/gem/dt/flipper_trail.svg)](https://rubygems.org/gems/flipper_trail)
+[![License: MIT](https://img.shields.io/github/license/saygun/flipper_trail.svg)](LICENSE.txt)
+
+An append-only **audit trail for [Flipper](https://github.com/flippercloud/flipper) feature-flag changes** — who changed which flag, when, and the before/after state. A free, MIT-licensed alternative to Flipper Cloud's audit history, built on Flipper's public OSS adapter interface.
+
+> Not affiliated with or endorsed by Flipper or Flipper Cloud. "Flipper" is used only to describe compatibility.
+
+## Install
+
+```ruby
+gem "flipper_trail"
+```
+
+ActiveRecord and Mongoid are supported storage backends; install whichever your app already uses.
+
+## Setup (Rails + ActiveRecord)
+
+```bash
+bin/rails g flipper_trail:install
+bin/rails db:migrate
+```
+
+Wrap the decorator around your real Flipper adapter:
+
+```ruby
+require "flipper/adapters/active_record"
+
+Flipper.configure do |config|
+  config.adapter { FlipperTrail.wrap(Flipper::Adapters::ActiveRecord.new) }
+end
+```
+
+(`FlipperTrail.wrap(x)` is shorthand for `FlipperTrail::Adapter.new(x)`.) The audit store is inferred from the adapter you wrap — here, `:active_record` — so there's nothing else to configure.
+
+Capture the acting user per request:
+
+```ruby
+class ApplicationController < ActionController::Base
+  before_action { FlipperTrail::Current.actor = current_user }
+end
+```
+
+For a mounted `Flipper::UI`, insert the middleware ahead of the mount so UI toggles are attributed:
+
+```ruby
+config.middleware.use FlipperTrail::Middleware, resolver: ->(env) { resolve_admin(env) }
+```
+
+## Mongoid
+
+Wrap your Flipper Mongo adapter exactly the same way — the audit store is **inferred** from it (`:mongoid`), so there's nothing else to configure:
+
+```ruby
+Flipper.configure do |config|
+  config.default do
+    collection = Mongoid.default_client["flipper"]
+    Flipper.new(FlipperTrail.wrap(Flipper::Adapters::Mongo.new(collection)))
+  end
+end
+```
+
+No migration needed — audit entries are stored as Mongoid documents (`flipper_trail_entries`) in your default Mongoid database.
+
+Mongoid **declares** the indexes on the document but does not build them automatically. Create them once (e.g. in a deploy or seed step):
+
+```bash
+bin/rails runner 'require "flipper_trail/storage/mongoid"; FlipperTrail::Storage::Mongoid::Entry.create_indexes'
+```
+
+(If you `require "flipper_trail/storage/mongoid"` in your initializer, the standard `bin/rails db:mongoid:create_indexes` will include the audit collection too.)
+
+## Where things are stored
+
+flipper_trail has two independent storage concerns:
+
+- **Your flags** live wherever your Flipper adapter puts them — you wrap that adapter with `FlipperTrail.wrap(...)`.
+- **The audit trail** is written to an audit store that **defaults to match the adapter you wrap**: an `ActiveRecord` Flipper adapter → audit via ActiveRecord; a `Mongo` adapter → audit via Mongoid. So you only configure your storage choice once.
+
+Override the audit store when you want them to differ (e.g. flags in Redis, audit in Postgres), or when you wrap an adapter flipper_trail can't infer:
+
+```ruby
+FlipperTrail.configure { |c| c.storage = :active_record } # :active_record | :mongoid | any object responding to #record/#query
+```
+
+If you wrap an adapter flipper_trail can't infer (Redis, Memory, HTTP/Cloud, …) and don't set `config.storage`, it raises a clear error telling you to pick one.
+
+## Query the trail
+
+```ruby
+FlipperTrail.history(feature: "new_checkout", actor_id: 42, since: 1.week.ago, limit: 100)
+# => newest-first array of entries (feature_name, operation, gate_name, before, after, actor, created_at)
+```
+
+## How it works
+
+`FlipperTrail::Adapter` decorates your Flipper adapter. On each write (`enable`/`disable`/`add`/`remove`/`clear`) it reads gate state before and after, attributes the change to `FlipperTrail::Current.actor` (falling back to a configurable `system` actor), and persists an entry. No-op diffs are suppressed, so Flipper's internal `add`+`enable` double-write collapses to one meaningful entry for existing flags.
+
+## Reliability
+
+Audit writes are isolated from your flag writes. If the audit store is unavailable and `record` raises, the error goes to `config.on_error` (default: logged) and the flag operation still succeeds. Set `config.raise_on_audit_error = true` to fail closed instead.
+
+## Performance
+
+Recording is synchronous on the thread performing the toggle, and each audited write reads gate state before and after (a few extra adapter reads per `Flipper.enable`). Feature toggles are low-frequency admin operations, so this is normally negligible. For high-volume or remote (HTTP/Cloud) flag adapters, supply a custom storage backend (any object responding to `#record`/`#query`) whose `#record` enqueues a background job to move persistence off the request path.
+
+## Privacy & data captured
+
+Each entry stores the actor (`actor_label` commonly holds an email) and the full before/after gate state — which, when a feature is targeted at specific actors or groups, contains those actor/group identifiers. The trail is append-only, so plan retention accordingly (e.g. a TTL index on `created_at` for Mongoid, or a scheduled prune on the `created_at` index for ActiveRecord) and account for it when handling data-erasure requests. A pluggable redaction hook is planned for a future release.
+
+## Compatibility
+
+- **Ruby** >= 3.1.
+- **Runtime dependencies:** `activesupport` >= 6.1 and `flipper` >= 1.0.
+- **Optional, host-provided backends:** `activerecord` >= 6.1 and `mongoid` >= 8.0. These are *not* runtime dependencies — your application supplies whichever ORM it already uses, and you pick the matching storage backend.
+
+## Development
+
+```bash
+git clone https://github.com/saygun/flipper_trail.git
+cd flipper_trail
+bin/setup            # installs dependencies into vendor/bundle
+bundle exec rake     # runs the spec suite + RuboCop (the full gate)
+```
+
+The default `bundle exec rspec` run uses an in-memory SQLite database. The Mongoid suite (`MONGOID=1 bundle exec rspec`) requires a running `mongod` reachable at `127.0.0.1:27017`.
+
+See [CONTRIBUTING.md](CONTRIBUTING.md) for the full contributor guide.
+
+## License
+
+MIT. See `LICENSE.txt`. The audit-log concept is reimplemented clean-room from public documentation; this gem contains no Flipper Cloud code.
+
+---
+
+[Code of Conduct](CODE_OF_CONDUCT.md) · [Contributing](CONTRIBUTING.md) · [Security](SECURITY.md)

data/SECURITY.md

@@ -0,0 +1,29 @@
+# Security Policy
+
+## Supported versions
+
+flipper_trail is pre-1.0. Security fixes are released only against the latest
+`0.x` release; please upgrade to the most recent version before reporting.
+
+| Version | Supported |
+| ------- | --------- |
+| 0.x     | ✅        |
+
+## Reporting a vulnerability
+
+Please report security vulnerabilities **privately** — do not open a public
+issue.
+
+Preferred: use GitHub's [Private Vulnerability Reporting](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing-information-about-vulnerabilities/privately-reporting-a-security-vulnerability)
+on this repository ("Security" tab → "Report a vulnerability").
+
+If that is unavailable, email **saygunicyuz@gmail.com** as a fallback.
+
+You can expect an acknowledgement of your report, and we will coordinate a fix
+and disclosure timeline with you.
+
+## Privacy note
+
+This gem records actor identity and before/after gate state, which may include
+personal data (PII). See the README ["Privacy & data captured"](README.md#privacy--data-captured)
+section for what is stored and how to manage retention.

data/lib/flipper_trail/actor.rb

@@ -0,0 +1,51 @@
+# frozen_string_literal: true
+
+module FlipperTrail
+  # The party a flag change is attributed to, normalized to a `type`, `id`, and
+  # `label`. Build one with {wrap}.
+  class Actor
+    # @!attribute [r] type
+    #   @return [String, nil] the actor type (e.g. `"user"`, `"system"`)
+    # @!attribute [r] id
+    #   @return [String, nil] the actor id, coerced to a string
+    # @!attribute [r] label
+    #   @return [String, nil] a human-readable label (email, name, or to_s)
+    attr_reader :type, :id, :label
+
+    def initialize(type:, id:, label:)
+      @type = type
+      @id = id&.to_s
+      @label = label
+    end
+
+    # Coerces an arbitrary object into an {Actor}.
+    #
+    # @param object [Actor, Hash, Object, nil] an Actor (returned as-is), a Hash
+    #   with `:type`/`:id`/`:label`, a model (deriving id and label), or nil
+    # @return [Actor, nil] the wrapped actor, or nil when given nil
+    def self.wrap(object)
+      case object
+      when nil then nil
+      when Actor then object
+      when Hash then new(type: object[:type] || object['type'],
+                         id: object[:id] || object['id'],
+                         label: object[:label] || object['label'])
+      else from_model(object)
+      end
+    end
+
+    def self.from_model(object)
+      id = object.respond_to?(:id) ? object.id : object.to_s
+      label =
+        if object.respond_to?(:email) then object.email
+        elsif object.respond_to?(:name) then object.name
+        else object.to_s
+        end
+      new(type: 'user', id: id, label: label)
+    end
+
+    def to_h
+      { type: type, id: id, label: label }
+    end
+  end
+end

data/lib/flipper_trail/adapter.rb

@@ -0,0 +1,108 @@
+# frozen_string_literal: true
+
+require 'set'
+require 'flipper'
+
+module FlipperTrail
+  # A Flipper adapter decorator that captures the before/after state of every
+  # write (add, remove, clear, enable, disable) and records it as an audit entry.
+  # Reads and bulk operations pass straight through unaudited.
+  #
+  # @example Wrap your Flipper adapter
+  #   Flipper.configure do |config|
+  #     config.adapter { FlipperTrail::Adapter.new(Flipper::Adapters::ActiveRecord.new) }
+  #   end
+  class Adapter
+    include ::Flipper::Adapter
+
+    # @param adapter [Flipper::Adapter] the underlying adapter to decorate
+    # @param recorder [Recorder, nil] the recorder to use; defaults to
+    #   {FlipperTrail.recorder} when nil
+    def initialize(adapter, recorder: nil)
+      @adapter = adapter
+      @recorder = recorder
+      FlipperTrail.configuration.infer_storage_from(adapter)
+    end
+
+    # Public reader so Flipper::Adapter#adapter_stack recurses into us (matches Flipper's own Wrapper/Memoizable).
+    attr_reader :adapter
+
+    def name
+      @adapter.name
+    end
+
+    # --- reads / bulk ops: pass straight through (not audited) ---
+    # NOTE: get_all/export take kwargs in Flipper 1.x (Synchronizer/Memoizable/Cache call get_all(**kwargs));
+    # the override MUST keep that arity or it raises ArgumentError on import/sync/cloud paths.
+    def features = @adapter.features
+    def get(feature) = @adapter.get(feature)
+    def get_multi(features) = @adapter.get_multi(features)
+    def get_all(**kwargs) = @adapter.get_all(**kwargs)
+    def read_only? = @adapter.read_only?
+    def import(source) = @adapter.import(source)
+    def export(*args, **kwargs) = @adapter.export(*args, **kwargs)
+
+    # --- writes: capture before/after ---
+    def add(feature)
+      existed = @adapter.features.include?(feature.key)
+      before = existed ? snapshot(feature) : nil
+      result = @adapter.add(feature)
+      record(feature, :add, nil, before, snapshot(feature))
+      result
+    end
+
+    def remove(feature)
+      before = snapshot(feature)
+      result = @adapter.remove(feature)
+      record(feature, :remove, nil, before, nil)
+      result
+    end
+
+    def clear(feature)
+      before = snapshot(feature)
+      result = @adapter.clear(feature)
+      record(feature, :clear, nil, before, snapshot(feature))
+      result
+    end
+
+    def enable(feature, gate, thing)
+      before = snapshot(feature)
+      result = @adapter.enable(feature, gate, thing)
+      record(feature, :enable, gate.name, before, snapshot(feature))
+      result
+    end
+
+    def disable(feature, gate, thing)
+      before = snapshot(feature)
+      result = @adapter.disable(feature, gate, thing)
+      record(feature, :disable, gate.name, before, snapshot(feature))
+      result
+    end
+
+    private
+
+    def snapshot(feature)
+      normalize(@adapter.get(feature))
+    end
+
+    def normalize(gate_values)
+      gate_values.each_with_object({}) do |(key, value), memo|
+        memo[key.to_s] = value.is_a?(Set) ? value.to_a.map(&:to_s).sort : value
+      end
+    end
+
+    def record(feature, operation, gate_name, before, after)
+      recorder.record(
+        feature_name: feature.key,
+        operation: operation,
+        gate_name: gate_name,
+        before: before,
+        after: after
+      )
+    end
+
+    def recorder
+      @recorder || FlipperTrail.recorder
+    end
+  end
+end

data/lib/flipper_trail/configuration.rb

@@ -0,0 +1,96 @@
+# frozen_string_literal: true
+
+module FlipperTrail
+  # Holds the global settings for the gem. Mutate it through {FlipperTrail.configure}.
+  class Configuration
+    # Maps a wrapped Flipper adapter's class name to the audit store it implies.
+    INFERRED_STORAGE = {
+      'Flipper::Adapters::ActiveRecord' => :active_record,
+      'Flipper::Adapters::Mongo' => :mongoid
+    }.freeze
+
+    # @!attribute [rw] storage
+    #   The audit store. Defaults to `:auto`, which is inferred from the Flipper
+    #   adapter you wrap (`ActiveRecord` → `:active_record`, `Mongo` → `:mongoid`).
+    #   Set it to `:active_record`, `:mongoid`, or any object responding to
+    #   `#record`/`#query` to override the inference.
+    #   @return [Symbol, #record]
+    # @!attribute [rw] actor_resolver
+    #   A **zero-arity** callable returning the current actor when none is set on
+    #   {Current}. It must take no arguments because it is also invoked off-request
+    #   (console, background jobs) where there is no Rack env.
+    #   @return [#call, nil]
+    # @!attribute [rw] system_actor
+    #   The actor attributed to changes when no other actor can be resolved.
+    #   @return [Hash]
+    # @!attribute [rw] ignored_features
+    #   Feature keys whose changes are never recorded.
+    #   @return [Array<String, Symbol>]
+    # @!attribute [rw] on_error
+    #   A callable `->(error, entry)` invoked when persisting an audit entry
+    #   fails (unless {#raise_on_audit_error} is set). Defaults to warning on
+    #   stderr.
+    #   @return [#call, nil]
+    # @!attribute [rw] raise_on_audit_error
+    #   When `true`, a failed audit write re-raises instead of being swallowed,
+    #   so the originating flag write fails too (fail-closed).
+    #   @return [Boolean]
+    attr_accessor :storage, :actor_resolver, :system_actor, :ignored_features,
+                  :on_error, :raise_on_audit_error
+
+    def initialize
+      @storage = :auto
+      @actor_resolver = nil
+      @system_actor = { type: 'system', id: nil, label: 'system' }
+      @ignored_features = []
+      @on_error = nil
+      @raise_on_audit_error = false
+      @inferred_storage = nil
+    end
+
+    # Records the audit store implied by a wrapped Flipper adapter. Used only when
+    # `storage` is left as :auto; an explicit `storage` always takes precedence.
+    # @api private
+    def infer_storage_from(adapter)
+      return unless storage == :auto
+
+      @inferred_storage = INFERRED_STORAGE.fetch(adapter.class.name, :unknown)
+    end
+
+    def storage_backend
+      @storage_backend ||= build_storage_backend(resolved_storage)
+    end
+
+    private
+
+    def resolved_storage
+      return storage unless storage == :auto
+
+      case @inferred_storage
+      when nil
+        :active_record
+      when :unknown
+        raise ArgumentError,
+              'FlipperTrail could not infer an audit store from the wrapped Flipper adapter. ' \
+              'Set it explicitly, e.g. FlipperTrail.configure { |c| c.storage = :active_record } (or :mongoid).'
+      else
+        @inferred_storage
+      end
+    end
+
+    def build_storage_backend(store)
+      case store
+      when :active_record
+        require 'flipper_trail/storage/active_record'
+        Storage::ActiveRecord.new
+      when :mongoid
+        require 'flipper_trail/storage/mongoid'
+        Storage::Mongoid.new
+      else
+        return store if store.respond_to?(:record)
+
+        raise ArgumentError, "Unknown FlipperTrail storage: #{store.inspect}"
+      end
+    end
+  end
+end

data/lib/flipper_trail/current.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+# `require "active_support"` is REQUIRED before current_attributes: on ActiveSupport 7.2/8.0,
+# requiring only "active_support/current_attributes" leaves ActiveSupport::CodeGenerator (load time)
+# and ActiveSupport::IsolatedExecutionState (runtime) unresolved, so `attribute :actor` raises NameError.
+require 'active_support'
+require 'active_support/current_attributes'
+
+module FlipperTrail
+  class Current < ActiveSupport::CurrentAttributes
+    attribute :actor
+  end
+end