lex-audit 0.1.1 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +7 -0
- data/lib/legion/extensions/audit/runners/audit.rb +18 -13
- data/lib/legion/extensions/audit/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e06daee7efba7ee9c8f7883c2e59922baaa602e22094f28d94d05335dfa5a42d
|
|
4
|
+
data.tar.gz: 1deb7352830d90b9a2df09a73e514e5bd7149ae6b4122d3156c531db0e47e9a1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 51b37ec39294af491b19f7c2ed2049b07586c5290cb37949bf435e23dd323e12a86f28c7e8996aa44c86d22c33ab6d3484b192d1b814feb9813648d1ce992a5b
|
|
7
|
+
data.tar.gz: a638436adb02bcb28da8cfc113d761c32ec157eb4759f61c50feafaa02ee630aff6b92620079d639ab7dc5f4861e7bd5d870f64a58b0dc306ee0ab1d347b8c70
|
data/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,12 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## [0.1.2] - 2026-03-21
|
|
4
|
+
|
|
5
|
+
### Added
|
|
6
|
+
- context_snapshot field for working memory state capture in audit entries
|
|
7
|
+
- context_snapshot included in SHA-256 hash chain for tamper evidence
|
|
8
|
+
- Backward-compatible verify with mixed snapshot/non-snapshot records
|
|
9
|
+
|
|
3
10
|
## [0.1.1] - 2026-03-20
|
|
4
11
|
|
|
5
12
|
### Added
|
|
@@ -16,25 +16,29 @@ module Legion
|
|
|
16
16
|
prev_hash = prev ? prev.record_hash : GENESIS_HASH
|
|
17
17
|
|
|
18
18
|
created_at = opts[:created_at] ? Time.parse(opts[:created_at].to_s) : Time.now.utc
|
|
19
|
+
snapshot_json = opts[:context_snapshot] ? Legion::JSON.dump(opts[:context_snapshot]) : nil
|
|
20
|
+
|
|
19
21
|
content = "#{prev_hash}|#{event_type}|#{principal_id}|#{action}|#{resource}|#{created_at.utc.iso8601}"
|
|
22
|
+
content = "#{content}|#{snapshot_json}" if snapshot_json
|
|
20
23
|
record_hash = Digest::SHA256.hexdigest(content)
|
|
21
24
|
|
|
22
25
|
detail_json = opts[:detail] ? Legion::JSON.dump(opts[:detail]) : nil
|
|
23
26
|
|
|
24
27
|
record = Legion::Data::Model::AuditLog.create(
|
|
25
|
-
event_type:
|
|
26
|
-
principal_id:
|
|
27
|
-
principal_type:
|
|
28
|
-
action:
|
|
29
|
-
resource:
|
|
30
|
-
source:
|
|
31
|
-
node:
|
|
32
|
-
status:
|
|
33
|
-
duration_ms:
|
|
34
|
-
detail:
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
28
|
+
event_type: event_type,
|
|
29
|
+
principal_id: principal_id,
|
|
30
|
+
principal_type: opts[:principal_type] || 'system',
|
|
31
|
+
action: action,
|
|
32
|
+
resource: resource,
|
|
33
|
+
source: opts[:source] || 'unknown',
|
|
34
|
+
node: opts[:node] || 'unknown',
|
|
35
|
+
status: opts[:status] || 'success',
|
|
36
|
+
duration_ms: opts[:duration_ms],
|
|
37
|
+
detail: detail_json,
|
|
38
|
+
context_snapshot: snapshot_json,
|
|
39
|
+
record_hash: record_hash,
|
|
40
|
+
prev_hash: prev_hash,
|
|
41
|
+
created_at: created_at
|
|
38
42
|
)
|
|
39
43
|
|
|
40
44
|
{ success: true, audit_id: record.id, record_hash: record_hash }
|
|
@@ -50,6 +54,7 @@ module Legion
|
|
|
50
54
|
|
|
51
55
|
dataset.each do |record|
|
|
52
56
|
content = "#{prev_hash}|#{record.event_type}|#{record.principal_id}|#{record.action}|#{record.resource}|#{record.created_at.utc.iso8601}"
|
|
57
|
+
content = "#{content}|#{record.context_snapshot}" if record.respond_to?(:context_snapshot) && record.context_snapshot
|
|
53
58
|
expected = Digest::SHA256.hexdigest(content)
|
|
54
59
|
unless record.record_hash == expected
|
|
55
60
|
broken_at = record.id
|