rails_audit_log 0.8.0 → 0.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5cd71899d109aa978910a72ef144aeafb601dc70790e044ef723b49d1d560f65
-  data.tar.gz: 8884deec2a0abf63f14639794d6ac614689c9799e09b375ffc0cc7d788943e7d
+  metadata.gz: 9c9a9fcdb866f5300a3a2fd9bd6026ad93530d15b0b26d771ef1a28a47985280
+  data.tar.gz: 01ac4b3f95fd1c2067a8aa5936122ff86dc264fe771881515dd31d3401377b66
 SHA512:
-  metadata.gz: c32ada5189eda30461ea1dbc10a67982fb0ff6c4244da4339aa3376082b38a5272bb3a1b91fe50110c08ae9ee0ae3ede52d2a43701c0f7260a4d5a6581c0f42d
-  data.tar.gz: 448becbb80428dd754bca4d1ab43625de5ec85a2c9d712e9e4a28f7c14b0c18ce6865b25dfd9ea6c46f7b1814988d0eea77ae8b6aee7a230927cc37a80f60cf3
+  metadata.gz: 4c155747f1219996a6fde0fcc0d00c764df0f296c7b099418b7020ef90984690400300174b5c1cc1dc4842451a3f53d35e4b710542693683c78d4706c0eca1c1
+  data.tar.gz: 256ef73b739193443718481ef7fa1c0920ae4b4d424e3466b9ac3dbaf9a0bf8b7cf4823d0fd7d000652710985ac60fa6df6252e5997266bb40eda6bde9ba9941

data/README.md

@@ -31,6 +31,16 @@ bin/rails generate rails_audit_log:initializer
 
 This creates `config/initializers/rails_audit_log.rb` with all settings documented as commented examples inside a `RailsAuditLog.configure` block.
 
+## Web dashboard
+
+Mount the engine in `config/routes.rb` to enable the built-in audit trail browser:
+
+```ruby
+mount RailsAuditLog::Engine, at: "/audit"
+```
+
+Then visit `/audit` to browse all audit entries. The dashboard is delivered via propshaft, importmaps, and CDN-pinned Turbo and Stimulus — no asset pipeline configuration required in the host app.
+
 ## Usage
 
 ### Tracking a model

data/app/assets/stylesheets/rails_audit_log/_01_base.css

@@ -0,0 +1,32 @@
+*, *::before, *::after { box-sizing: border-box; margin: 0; padding: 0; }
+
+:root {
+  --ral-bg:            #f5f5f5;
+  --ral-surface:       #ffffff;
+  --ral-border:        #e5e5e5;
+  --ral-border-subtle: #f0f0f0;
+  --ral-text:          #1a1a1a;
+  --ral-muted:         #666666;
+  --ral-primary:       #1d4ed8;
+  --ral-danger:        #991b1b;
+  --ral-success:       #166534;
+  --ral-radius:        6px;
+  --ral-shadow:        0 1px 3px rgba(0, 0, 0, 0.08);
+  --ral-surface-hover: #fafafa;
+}
+
+body {
+  font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;
+  font-size: 14px;
+  line-height: 1.5;
+  color: var(--ral-text);
+  background: var(--ral-bg);
+  min-height: 100vh;
+}
+
+.ral-link { color: var(--ral-primary); text-decoration: none; }
+.ral-link:hover { text-decoration: underline; }
+
+.ral-muted     { color: var(--ral-muted); font-size: 13px; }
+.ral-timestamp { color: var(--ral-muted); font-size: 13px; white-space: nowrap; }
+.ral-reason    { font-size: 12px; color: var(--ral-muted); font-style: italic; }

data/app/assets/stylesheets/rails_audit_log/_02_layout.css

@@ -0,0 +1,34 @@
+.ral-header {
+  background: var(--ral-text);
+  color: #fff;
+  height: 48px;
+  display: flex;
+  align-items: center;
+  padding: 0 24px;
+}
+
+.ral-header__inner {
+  display: flex;
+  align-items: center;
+  gap: 16px;
+  width: 100%;
+  max-width: 1200px;
+  margin: 0 auto;
+}
+
+.ral-header__logo {
+  color: #fff;
+  text-decoration: none;
+  font-weight: 600;
+  font-size: 15px;
+}
+.ral-header__logo:hover { opacity: 0.8; }
+
+.ral-main { max-width: 1200px; margin: 0 auto; padding: 24px; }
+
+.ral-page-header { display: flex; align-items: baseline; gap: 12px; margin-bottom: 20px; }
+.ral-page-header__title { font-size: 20px; font-weight: 600; }
+.ral-page-header__meta  { font-size: 13px; color: var(--ral-muted); }
+
+.ral-breadcrumb    { font-size: 12px; color: var(--ral-muted); margin-bottom: 4px; }
+.ral-section-title { font-size: 14px; font-weight: 600; margin-bottom: 12px; color: #333; }

data/app/assets/stylesheets/rails_audit_log/_03_table.css

@@ -0,0 +1,39 @@
+.ral-table-wrap {
+  background: var(--ral-surface);
+  border: 1px solid var(--ral-border);
+  border-radius: var(--ral-radius);
+  overflow: hidden;
+  box-shadow: var(--ral-shadow);
+}
+
+.ral-table { width: 100%; border-collapse: collapse; }
+
+.ral-table th {
+  background: var(--ral-bg);
+  padding: 10px 16px;
+  text-align: left;
+  font-size: 12px;
+  font-weight: 600;
+  text-transform: uppercase;
+  letter-spacing: 0.04em;
+  color: var(--ral-muted);
+  border-bottom: 1px solid var(--ral-border);
+}
+
+.ral-table td {
+  padding: 10px 16px;
+  border-bottom: 1px solid var(--ral-border-subtle);
+  vertical-align: middle;
+}
+
+.ral-table tbody tr:last-child td { border-bottom: none; }
+.ral-table tbody tr:hover { background: var(--ral-surface-hover); }
+
+.ral-empty {
+  background: var(--ral-surface);
+  border: 1px solid var(--ral-border);
+  border-radius: var(--ral-radius);
+  padding: 40px;
+  text-align: center;
+  color: var(--ral-muted);
+}

data/app/assets/stylesheets/rails_audit_log/_04_badges.css

@@ -0,0 +1,13 @@
+.ral-badge {
+  display: inline-block;
+  padding: 2px 8px;
+  border-radius: 10px;
+  font-size: 11px;
+  font-weight: 600;
+  text-transform: uppercase;
+  letter-spacing: 0.04em;
+}
+
+.ral-badge--create  { background: #dcfce7; color: var(--ral-success); }
+.ral-badge--update  { background: #dbeafe; color: var(--ral-primary); }
+.ral-badge--destroy { background: #fee2e2; color: var(--ral-danger);  }

data/app/assets/stylesheets/rails_audit_log/_05_diff.css

@@ -0,0 +1,94 @@
+/* Toggle */
+.ral-diff-toggle {
+  display: flex;
+  border: 1px solid var(--ral-border);
+  border-radius: var(--ral-radius);
+  overflow: hidden;
+  width: fit-content;
+  margin-bottom: 12px;
+}
+
+.ral-diff-btn {
+  padding: 4px 12px;
+  font-size: 12px;
+  font-weight: 500;
+  color: var(--ral-muted);
+  background: var(--ral-surface);
+  border: none;
+  cursor: pointer;
+}
+.ral-diff-btn + .ral-diff-btn  { border-left: 1px solid var(--ral-border); }
+.ral-diff-btn:hover:not(.ral-diff-btn--active) { background: var(--ral-bg); color: var(--ral-text); }
+.ral-diff-btn--active { background: var(--ral-primary); color: #fff; }
+
+/* Inline table */
+.ral-diff { width: 100%; border-collapse: collapse; font-size: 13px; }
+
+.ral-diff th {
+  background: var(--ral-bg);
+  padding: 6px 12px;
+  text-align: left;
+  font-size: 11px;
+  font-weight: 600;
+  text-transform: uppercase;
+  letter-spacing: 0.04em;
+  color: var(--ral-muted);
+  border-bottom: 1px solid var(--ral-border);
+}
+
+.ral-diff td { padding: 6px 12px; border-bottom: 1px solid var(--ral-border-subtle); vertical-align: top; }
+.ral-diff tbody tr:last-child td { border-bottom: none; }
+
+.ral-diff__attr   { font-weight: 500; color: #333; width: 160px; }
+.ral-diff__before { color: var(--ral-danger);  background: #fff5f5; font-family: monospace; }
+.ral-diff__after  { color: var(--ral-success); background: #f0fdf4; font-family: monospace; }
+
+/* Side-by-side panels */
+.ral-diff-side {
+  display: grid;
+  grid-template-columns: 1fr 1fr;
+  border: 1px solid var(--ral-border);
+  border-radius: var(--ral-radius);
+  overflow: hidden;
+  font-size: 13px;
+}
+
+.ral-diff-side__panel--before { border-right: 1px solid var(--ral-border); }
+
+.ral-diff-side__header {
+  padding: 6px 12px;
+  font-size: 11px;
+  font-weight: 600;
+  text-transform: uppercase;
+  letter-spacing: 0.04em;
+  color: var(--ral-muted);
+  border-bottom: 1px solid var(--ral-border);
+  background: var(--ral-bg);
+}
+
+.ral-diff-side__row {
+  display: flex;
+  gap: 8px;
+  padding: 6px 12px;
+  border-bottom: 1px solid var(--ral-border-subtle);
+  align-items: baseline;
+}
+.ral-diff-side__row:last-child { border-bottom: none; }
+
+.ral-diff-side__attr  { font-weight: 500; color: #333; min-width: 100px; flex-shrink: 0; }
+
+.ral-diff-side__panel--before .ral-diff-side__value {
+  color: var(--ral-danger);
+  font-family: monospace;
+  background: #fff5f5;
+  padding: 1px 4px;
+  border-radius: 3px;
+}
+
+.ral-diff-side__panel--after .ral-diff-side__value {
+  color: var(--ral-success);
+  font-family: monospace;
+  background: #f0fdf4;
+  padding: 1px 4px;
+  border-radius: 3px;
+}

data/app/assets/stylesheets/rails_audit_log/_06_timeline.css

@@ -0,0 +1,21 @@
+.ral-timeline { display: flex; flex-direction: column; gap: 16px; }
+
+.ral-timeline__entry {
+  background: var(--ral-surface);
+  border: 1px solid var(--ral-border);
+  border-radius: var(--ral-radius);
+  overflow: hidden;
+  box-shadow: var(--ral-shadow);
+}
+
+.ral-timeline__header {
+  display: flex;
+  align-items: center;
+  gap: 12px;
+  padding: 10px 16px;
+  background: var(--ral-bg);
+  border-bottom: 1px solid var(--ral-border);
+  font-size: 13px;
+}
+
+.ral-timeline__detail-link { margin-left: auto; }

data/app/assets/stylesheets/rails_audit_log/_07_detail.css

@@ -0,0 +1,15 @@
+.ral-card {
+  background: var(--ral-surface);
+  border: 1px solid var(--ral-border);
+  border-radius: var(--ral-radius);
+  padding: 16px;
+  margin-bottom: 20px;
+  box-shadow: var(--ral-shadow);
+}
+
+.ral-meta { display: grid; gap: 8px; }
+.ral-meta__row { display: flex; gap: 16px; font-size: 13px; }
+.ral-meta__row dt { width: 80px; color: var(--ral-muted); flex-shrink: 0; }
+.ral-meta__row dd { color: var(--ral-text); }
+
+.ral-entry-nav { display: flex; gap: 8px; align-items: center; }

data/app/assets/stylesheets/rails_audit_log/_08_pagination.css

@@ -0,0 +1,56 @@
+nav.pagy.series-nav {
+  display: flex;
+  align-items: center;
+  gap: 4px;
+  margin-top: 16px;
+  font-size: 13px;
+}
+
+nav.pagy.series-nav a {
+  display: inline-flex;
+  align-items: center;
+  justify-content: center;
+  min-width: 32px;
+  height: 32px;
+  padding: 0 8px;
+  border: 1px solid var(--ral-border);
+  border-radius: 4px;
+  background: var(--ral-surface);
+  color: var(--ral-primary);
+  text-decoration: none;
+}
+
+nav.pagy.series-nav a:hover:not([aria-disabled="true"]) { background: var(--ral-bg); }
+
+nav.pagy.series-nav a[aria-current="page"] {
+  background: var(--ral-primary);
+  color: #fff;
+  border-color: var(--ral-primary);
+  font-weight: 600;
+}
+
+nav.pagy.series-nav a[aria-disabled="true"] {
+  color: #aaa;
+  cursor: default;
+  border-color: var(--ral-border-subtle);
+}
+
+nav.pagy.series-nav a[role="separator"] {
+  border: none;
+  color: var(--ral-muted);
+  min-width: auto;
+}
+
+.ral-pagination__link {
+  display: inline-flex;
+  align-items: center;
+  height: 32px;
+  padding: 0 10px;
+  border: 1px solid var(--ral-border);
+  border-radius: 4px;
+  background: var(--ral-surface);
+  color: var(--ral-primary);
+  text-decoration: none;
+  font-size: 13px;
+}
+.ral-pagination__link:hover { background: var(--ral-bg); text-decoration: none; }

data/app/assets/stylesheets/rails_audit_log/_09_filters.css

@@ -0,0 +1,54 @@
+.ral-filters {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+  flex-wrap: wrap;
+  margin-bottom: 16px;
+}
+
+.ral-filter-input {
+  padding: 5px 10px;
+  font-size: 13px;
+  border: 1px solid var(--ral-border);
+  border-radius: var(--ral-radius);
+  background: var(--ral-surface);
+  color: var(--ral-text);
+  min-width: 180px;
+}
+.ral-filter-input:focus { outline: 2px solid var(--ral-primary); outline-offset: -1px; }
+
+.ral-filter-select {
+  padding: 5px 8px;
+  font-size: 13px;
+  border: 1px solid var(--ral-border);
+  border-radius: var(--ral-radius);
+  background: var(--ral-surface);
+  color: var(--ral-text);
+  cursor: pointer;
+}
+
+.ral-period-filter {
+  display: flex;
+  border: 1px solid var(--ral-border);
+  border-radius: var(--ral-radius);
+  overflow: hidden;
+  margin-left: auto;
+}
+
+.ral-period-btn {
+  padding: 5px 10px;
+  font-size: 13px;
+  font-weight: 500;
+  color: var(--ral-muted);
+  background: var(--ral-surface);
+  text-decoration: none;
+}
+.ral-period-btn + .ral-period-btn { border-left: 1px solid var(--ral-border); }
+.ral-period-btn:hover:not(.ral-period-btn--active) {
+  background: var(--ral-bg);
+  color: var(--ral-text);
+  text-decoration: none;
+}
+.ral-period-btn--active { background: var(--ral-primary); color: #fff; }
+
+.ral-filters__clear { font-size: 13px; }

data/app/assets/stylesheets/rails_audit_log/application.css

@@ -1,15 +1 @@
-/*
- * This is a manifest file that'll be compiled into application.css, which will include all the files
- * listed below.
- *
- * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
- * or any plugin's vendor/assets/stylesheets directory can be referenced here using a relative path.
- *
- * You're free to add application-wide styles to this file and they'll appear at the bottom of the
- * compiled file so the styles you add here take precedence over styles defined in any other CSS/SCSS
- * files in this directory. Styles in this file should be added after the last require_* statement.
- * It is generally better to create a new file per style scope.
- *
- *= require_tree .
- *= require_self
- */
+/* Styles are loaded via the dashboard_stylesheets helper which globs _*.css files. */

data/app/controllers/rails_audit_log/application_controller.rb

@@ -1,4 +1,16 @@
 module RailsAuditLog
   class ApplicationController < ActionController::Base
+    include Pagy::Method
+
+    protect_from_forgery with: :exception
+    before_action :authenticate!
+
+    private
+
+    def authenticate!
+      return unless (auth = RailsAuditLog.authenticate)
+
+      instance_exec(self, &auth) || request_http_basic_authentication("Audit Log")
+    end
   end
 end

data/app/controllers/rails_audit_log/audit_log_entries_controller.rb

@@ -0,0 +1,31 @@
+module RailsAuditLog
+  class AuditLogEntriesController < ApplicationController
+    def index
+      set_filters
+      @pagy, @entries = pagy(filtered_scope)
+      @item_types     = AuditLogEntry.distinct.order(:item_type).pluck(:item_type)
+    end
+
+    def show
+      @entry = AuditLogEntry.find(params[:id])
+    end
+
+    private
+
+    def set_filters
+      @event     = params[:event].presence_in(AuditLogEntry::EVENTS)
+      @item_type = params[:item_type].presence
+      @period    = params[:period].presence_in(AuditLogEntry::PERIODS.keys)
+      @q         = params[:q].presence
+    end
+
+    def filtered_scope
+      scope = AuditLogEntry.order(created_at: :desc)
+      scope = scope.where(event: @event)                          if @event
+      scope = scope.where(item_type: @item_type)                  if @item_type
+      scope = scope.for_period(@period)                           if @period
+      scope = scope.where("whodunnit_snapshot LIKE ?", "%#{@q}%") if @q
+      scope
+    end
+  end
+end

data/app/controllers/rails_audit_log/resources_controller.rb

@@ -0,0 +1,13 @@
+module RailsAuditLog
+  class ResourcesController < ApplicationController
+    def show
+      @item_type = params[:item_type]
+      @item_id   = params[:item_id]
+      @pagy, @entries = pagy(
+        AuditLogEntry
+          .where(item_type: @item_type, item_id: @item_id)
+          .order(created_at: :asc)
+      )
+    end
+  end
+end

data/app/helpers/rails_audit_log/application_helper.rb

@@ -1,4 +1,17 @@
 module RailsAuditLog
   module ApplicationHelper
+    def format_diff_value(value)
+      return "—" if value.nil?
+      return "#{value["type"]} ##{value["id"]}" if value.is_a?(Hash)
+
+      value.inspect
+    end
+
+    def dashboard_stylesheets
+      dir = RailsAuditLog::Engine.root.join("app/assets/stylesheets/rails_audit_log")
+      dir.glob("_*.css").sort.map do |file|
+        stylesheet_link_tag("rails_audit_log/#{file.basename}", media: "all")
+      end.join("\n").html_safe
+    end
   end
 end

data/app/javascript/rails_audit_log/application.js

@@ -0,0 +1,8 @@
+import "@hotwired/turbo"
+import { Application } from "@hotwired/stimulus"
+import SearchController from "rails_audit_log/search_controller"
+import DiffController   from "rails_audit_log/diff_controller"
+
+const application = Application.start()
+application.register("search", SearchController)
+application.register("diff",   DiffController)

data/app/javascript/rails_audit_log/diff_controller.js

@@ -0,0 +1,20 @@
+import { Controller } from "@hotwired/stimulus"
+
+export default class DiffController extends Controller {
+  static targets = ["inline", "side", "inlineBtn", "sideBtn"]
+
+  connect() {
+    this.setMode(localStorage.getItem("ral-diff-mode") || "inline")
+  }
+
+  setInline() { this.setMode("inline") }
+  setSide()   { this.setMode("side") }
+
+  setMode(mode) {
+    localStorage.setItem("ral-diff-mode", mode)
+    this.inlineTarget.hidden = mode !== "inline"
+    this.sideTarget.hidden   = mode !== "side"
+    this.inlineBtnTarget.classList.toggle("ral-diff-btn--active", mode === "inline")
+    this.sideBtnTarget.classList.toggle("ral-diff-btn--active", mode === "side")
+  }
+}

data/app/javascript/rails_audit_log/search_controller.js

@@ -0,0 +1,12 @@
+import { Controller } from "@hotwired/stimulus"
+
+export default class SearchController extends Controller {
+  filter() {
+    clearTimeout(this._timeout)
+    this._timeout = setTimeout(() => this.element.requestSubmit(), 300)
+  }
+
+  select() {
+    this.element.requestSubmit()
+  }
+}

data/app/models/rails_audit_log/audit_log_entry.rb

@@ -2,8 +2,9 @@ module RailsAuditLog
   class AuditLogEntry < ApplicationRecord
     self.table_name = "audit_log_entries"
 
-    EVENTS = %w[create update destroy].freeze
+    EVENTS       = %w[create update destroy].freeze
     BLOB_COLUMNS = %w[object_changes object metadata].freeze
+    PERIODS      = { "1h" => 1.hour, "24h" => 24.hours, "7d" => 7.days }.freeze
 
     def self.configure_connection!
       return unless (opts = RailsAuditLog.connects_to)
@@ -41,8 +42,9 @@ module RailsAuditLog
     }
 
     # Time scopes
-    scope :since, ->(time) { where(created_at: time..) }
-    scope :until, ->(time) { where(created_at: ..time) }
+    scope :since,      ->(time)   { where(created_at: time..) }
+    scope :until,      ->(time)   { where(created_at: ..time) }
+    scope :for_period, ->(period) { where(created_at: PERIODS[period].ago..) }
 
     # Projection scope — omits JSON blob columns for index/listing queries
     scope :slim, -> { select(column_names - BLOB_COLUMNS) }

data/app/views/layouts/rails_audit_log/application.html.erb

@@ -1,17 +1,23 @@
 <!DOCTYPE html>
-<html>
+<html lang="en">
 <head>
-  <title>Rails audit log</title>
+  <meta charset="utf-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1">
+  <title>Audit Log</title>
+  <link rel="icon" href="data:,">
   <%= csrf_meta_tags %>
   <%= csp_meta_tag %>
-
-  <%= yield :head %>
-
-  <%= stylesheet_link_tag    "rails_audit_log/application", media: "all" %>
+  <%= dashboard_stylesheets %>
+  <%= javascript_importmap_tags "rails_audit_log" %>
 </head>
 <body>
-
-<%= yield %>
-
+  <header class="ral-header">
+    <div class="ral-header__inner">
+      <%= link_to "Audit Log", root_path, class: "ral-header__logo" %>
+    </div>
+  </header>
+  <main class="ral-main">
+    <%= yield %>
+  </main>
 </body>
-</html>
+</html>

data/app/views/rails_audit_log/audit_log_entries/_diff.html.erb

@@ -0,0 +1,55 @@
+<% changes = entry.object_changes.presence %>
+<% if changes %>
+  <div class="ral-diff-wrap" data-controller="diff">
+    <div class="ral-diff-toggle">
+      <button class="ral-diff-btn ral-diff-btn--active"
+              data-diff-target="inlineBtn"
+              data-action="click->diff#setInline">Inline</button>
+      <button class="ral-diff-btn"
+              data-diff-target="sideBtn"
+              data-action="click->diff#setSide">Side by side</button>
+    </div>
+
+    <table class="ral-diff" data-diff-target="inline">
+      <thead>
+        <tr>
+          <th>Attribute</th>
+          <th>Before</th>
+          <th>After</th>
+        </tr>
+      </thead>
+      <tbody>
+        <% changes.each do |attr, (before, after)| %>
+          <tr>
+            <td class="ral-diff__attr"><%= attr %></td>
+            <td class="ral-diff__before"><%= format_diff_value(before) %></td>
+            <td class="ral-diff__after"><%= format_diff_value(after) %></td>
+          </tr>
+        <% end %>
+      </tbody>
+    </table>
+
+    <div class="ral-diff-side" data-diff-target="side" hidden>
+      <div class="ral-diff-side__panel ral-diff-side__panel--before">
+        <div class="ral-diff-side__header">Before</div>
+        <% changes.each do |attr, (before, _after)| %>
+          <div class="ral-diff-side__row">
+            <span class="ral-diff-side__attr"><%= attr %></span>
+            <span class="ral-diff-side__value"><%= format_diff_value(before) %></span>
+          </div>
+        <% end %>
+      </div>
+      <div class="ral-diff-side__panel ral-diff-side__panel--after">
+        <div class="ral-diff-side__header">After</div>
+        <% changes.each do |attr, (_before, after)| %>
+          <div class="ral-diff-side__row">
+            <span class="ral-diff-side__attr"><%= attr %></span>
+            <span class="ral-diff-side__value"><%= format_diff_value(after) %></span>
+          </div>
+        <% end %>
+      </div>
+    </div>
+  </div>
+<% else %>
+  <p class="ral-muted">No changes recorded.</p>
+<% end %>

data/app/views/rails_audit_log/audit_log_entries/index.html.erb

@@ -0,0 +1,76 @@
+<div class="ral-page-header">
+  <h1 class="ral-page-header__title">Audit Entries</h1>
+  <span class="ral-page-header__meta"><%= @pagy.count %> <%= "entry".pluralize(@pagy.count) %></span>
+</div>
+
+<%= turbo_frame_tag "ral-entries", data: { turbo_action: "advance" } do %>
+  <form class="ral-filters" action="<%= audit_log_entries_path %>" method="get"
+        data-controller="search">
+    <%= hidden_field_tag :period, @period if @period %>
+
+    <input type="search" name="q" value="<%= @q %>"
+           class="ral-filter-input" placeholder="Filter by actor…"
+           autocomplete="off" aria-label="Filter by actor"
+           data-action="input->search#filter">
+
+    <select name="event" class="ral-filter-select" aria-label="Filter by event"
+            data-action="change->search#select">
+      <option value="">All events</option>
+      <% RailsAuditLog::AuditLogEntry::EVENTS.each do |event| %>
+        <option value="<%= event %>" <%= "selected" if @event == event %>><%= event.capitalize %></option>
+      <% end %>
+    </select>
+
+    <% if @item_types.size > 1 %>
+      <select name="item_type" class="ral-filter-select" aria-label="Filter by resource"
+              data-action="change->search#select">
+        <option value="">All resources</option>
+        <% @item_types.each do |type| %>
+          <option value="<%= type %>" <%= "selected" if @item_type == type %>><%= type %></option>
+        <% end %>
+      </select>
+    <% end %>
+
+    <div class="ral-period-filter" role="group" aria-label="Time period">
+      <%= link_to "All", audit_log_entries_path(event: @event, item_type: @item_type, q: @q),
+            class: "ral-period-btn#{" ral-period-btn--active" if @period.blank?}" %>
+      <% RailsAuditLog::AuditLogEntry::PERIODS.each_key do |p| %>
+        <%= link_to p, audit_log_entries_path(event: @event, item_type: @item_type, q: @q, period: p),
+              class: "ral-period-btn#{" ral-period-btn--active" if @period == p}" %>
+      <% end %>
+    </div>
+
+    <% if @event || @item_type || @period || @q %>
+      <%= link_to "Clear", audit_log_entries_path, class: "ral-link ral-filters__clear" %>
+    <% end %>
+  </form>
+
+  <% if @entries.any? %>
+    <div class="ral-table-wrap">
+      <table class="ral-table">
+        <thead>
+          <tr>
+            <th>Event</th>
+            <th>Resource</th>
+            <th>Actor</th>
+            <th>When</th>
+          </tr>
+        </thead>
+        <tbody>
+          <% @entries.each do |entry| %>
+            <tr>
+              <td><span class="ral-badge ral-badge--<%= entry.event %>"><%= entry.event %></span></td>
+              <td><%= link_to "#{entry.item_type} ##{entry.item_id}", resource_path(item_type: entry.item_type, item_id: entry.item_id), class: "ral-link", data: { turbo_frame: "_top" } %></td>
+              <td><%= entry.whodunnit_snapshot.presence || (entry.actor_type ? "#{entry.actor_type} \##{entry.actor_id}" : "—") %></td>
+              <td class="ral-timestamp"><%= entry.created_at.utc.strftime("%Y-%m-%d %H:%M UTC") %></td>
+            </tr>
+          <% end %>
+        </tbody>
+      </table>
+    </div>
+
+    <%== @pagy.series_nav(aria_label: "Pagination") if @pagy.pages > 1 %>
+  <% else %>
+    <p class="ral-empty">No audit entries found.</p>
+  <% end %>
+<% end %>

data/app/views/rails_audit_log/audit_log_entries/show.html.erb

@@ -0,0 +1,50 @@
+<div class="ral-page-header">
+  <div>
+    <p class="ral-breadcrumb">
+      <%= link_to "Audit Entries", audit_log_entries_path, class: "ral-link" %> /
+      <%= link_to "#{@entry.item_type} ##{@entry.item_id}", resource_path(item_type: @entry.item_type, item_id: @entry.item_id), class: "ral-link" %>
+    </p>
+    <h1 class="ral-page-header__title">Entry #<%= @entry.id %></h1>
+  </div>
+  <nav class="ral-entry-nav" aria-label="Entry navigation">
+    <% if (prev_entry = @entry.previous) %>
+      <%= link_to "← Previous", audit_log_entry_path(prev_entry), class: "ral-pagination__link" %>
+    <% end %>
+    <% if (next_entry = @entry.next) %>
+      <%= link_to "Next →", audit_log_entry_path(next_entry), class: "ral-pagination__link" %>
+    <% end %>
+  </nav>
+</div>
+
+<div class="ral-card">
+  <dl class="ral-meta">
+    <div class="ral-meta__row">
+      <dt>Event</dt>
+      <dd><span class="ral-badge ral-badge--<%= @entry.event %>"><%= @entry.event %></span></dd>
+    </div>
+    <div class="ral-meta__row">
+      <dt>Resource</dt>
+      <dd><%= link_to "#{@entry.item_type} ##{@entry.item_id}", resource_path(item_type: @entry.item_type, item_id: @entry.item_id), class: "ral-link" %></dd>
+    </div>
+    <% actor = @entry.whodunnit_snapshot.presence || (@entry.actor_type ? "#{@entry.actor_type} \##{@entry.actor_id}" : "—") %>
+    <div class="ral-meta__row">
+      <dt>Actor</dt>
+      <dd><%= actor %></dd>
+    </div>
+    <div class="ral-meta__row">
+      <dt>When</dt>
+      <dd class="ral-timestamp"><%= @entry.created_at.utc.strftime("%Y-%m-%d %H:%M:%S UTC") %></dd>
+    </div>
+    <% if @entry.reason.present? %>
+      <div class="ral-meta__row">
+        <dt>Reason</dt>
+        <dd><%= @entry.reason %></dd>
+      </div>
+    <% end %>
+  </dl>
+</div>
+
+<h2 class="ral-section-title">Changes</h2>
+<div class="ral-card">
+  <%= render "diff", entry: @entry %>
+</div>

data/app/views/rails_audit_log/resources/show.html.erb

@@ -0,0 +1,35 @@
+<div class="ral-page-header">
+  <div>
+    <p class="ral-breadcrumb"><%= link_to "Audit Entries", audit_log_entries_path, class: "ral-link" %></p>
+    <h1 class="ral-page-header__title"><%= @item_type %> #<%= @item_id %></h1>
+  </div>
+  <span class="ral-page-header__meta"><%= @pagy.count %> <%= "entry".pluralize(@pagy.count) %></span>
+</div>
+
+<%= turbo_frame_tag "ral-resource-entries", data: { turbo_action: "advance" } do %>
+  <% if @entries.any? %>
+    <div class="ral-timeline">
+      <% @entries.each do |entry| %>
+        <div class="ral-timeline__entry">
+          <div class="ral-timeline__header">
+            <span class="ral-badge ral-badge--<%= entry.event %>"><%= entry.event %></span>
+            <span class="ral-timestamp"><%= entry.created_at.utc.strftime("%Y-%m-%d %H:%M UTC") %></span>
+            <% actor = entry.whodunnit_snapshot.presence || (entry.actor_type ? "#{entry.actor_type} \##{entry.actor_id}" : nil) %>
+            <% if actor %>
+              <span class="ral-muted">by <%= actor %></span>
+            <% end %>
+            <% if entry.reason.present? %>
+              <span class="ral-reason">"<%= entry.reason %>"</span>
+            <% end %>
+            <%= link_to "Details →", audit_log_entry_path(entry), class: "ral-link ral-timeline__detail-link", data: { turbo_frame: "_top" } %>
+          </div>
+          <%= render "rails_audit_log/audit_log_entries/diff", entry: entry %>
+        </div>
+      <% end %>
+    </div>
+
+    <%== @pagy.series_nav(aria_label: "Pagination") if @pagy.pages > 1 %>
+  <% else %>
+    <p class="ral-empty">No audit entries for this record.</p>
+  <% end %>
+<% end %>

data/config/importmap.rb

@@ -0,0 +1,5 @@
+pin "@hotwired/turbo", to: "https://cdn.jsdelivr.net/npm/@hotwired/turbo@8.0.23/dist/turbo.es2017-esm.js"
+pin "@hotwired/stimulus", to: "https://cdn.jsdelivr.net/npm/@hotwired/stimulus@3.2.2/dist/stimulus.js"
+pin "rails_audit_log", to: "rails_audit_log/application.js"
+pin "rails_audit_log/search_controller", to: "rails_audit_log/search_controller.js"
+pin "rails_audit_log/diff_controller",   to: "rails_audit_log/diff_controller.js"

data/config/routes.rb

@@ -1,2 +1,5 @@
 RailsAuditLog::Engine.routes.draw do
+  root to: "audit_log_entries#index"
+  resources :audit_log_entries, only: [:index, :show]
+  get "resources/:item_type/:item_id", to: "resources#show", as: :resource
 end

data/lib/generators/rails_audit_log/initializer/templates/rails_audit_log.rb

@@ -28,4 +28,14 @@ RailsAuditLog.configure do |config|
 
   # Route AuditLogEntry to a dedicated database (Rails multi-DB). Default: nil
   # config.connects_to = { database: { writing: :audit_log, reading: :audit_log } }
+
+  # Number of entries per page in the web dashboard. Default: 25
+  # config.page_size = 50
+
+  # Gate web dashboard access. Block runs in controller context — controller
+  # methods like current_user are available directly, or accept the controller
+  # as an argument. Falls back to HTTP Basic auth if the block returns falsy.
+  # Leave unset to allow unauthenticated access (development default).
+  # config.authenticate { current_user&.admin? }
+  # config.authenticate { |c| c.current_user&.admin? }
 end

data/lib/rails_audit_log/engine.rb

@@ -1,7 +1,35 @@
+require "turbo-rails"
+require "importmap-rails"
+require "pagy"
+require "pagy/toolbox/paginators/method"
+
 module RailsAuditLog
   class Engine < ::Rails::Engine
     isolate_namespace RailsAuditLog
 
+    config.i18n.load_path += Gem.find_files("pagy/locales/en.yml")
+
+    initializer "rails_audit_log.pagy" do |app|
+      app.config.after_initialize do
+        Pagy::OPTIONS[:limit] = RailsAuditLog.page_size
+      end
+    end
+
+    initializer "rails_audit_log.assets" do |app|
+      if app.config.respond_to?(:assets)
+        app.config.assets.paths << root.join("app/assets/stylesheets")
+        app.config.assets.paths << root.join("app/assets/images")
+        app.config.assets.paths << root.join("app/javascript")
+      end
+    end
+
+    initializer "rails_audit_log.importmap", before: "importmap" do |app|
+      if app.config.respond_to?(:importmap)
+        app.config.importmap.paths << root.join("config/importmap.rb")
+        app.config.importmap.cache_sweepers << root.join("app/javascript")
+      end
+    end
+
     initializer "rails_audit_log.connect_audit_db" do
       ActiveSupport.on_load(:active_record) do
         RailsAuditLog::AuditLogEntry.configure_connection!

data/lib/rails_audit_log/version.rb

@@ -1,3 +1,3 @@
 module RailsAuditLog
-  VERSION = "0.8.0"
+  VERSION = "0.9.0"
 end

data/lib/rails_audit_log.rb

@@ -14,6 +14,12 @@ module RailsAuditLog
   mattr_accessor :version_limit, default: nil
   mattr_accessor :async, default: false
   mattr_accessor :connects_to, default: nil
+  mattr_accessor :page_size,   default: 25
+
+  def self.authenticate(&block)
+    @authenticate = block if block_given?
+    @authenticate
+  end
   mattr_accessor :whodunnit_display, default: ->(actor) {
     actor.respond_to?(:name) ? actor.name.to_s : actor.to_s
   }

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rails_audit_log
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.9.0
 platform: ruby
 authors:
 - Chuck Smith
@@ -23,6 +23,48 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '7.2'
+- !ruby/object:Gem::Dependency
+  name: turbo-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '2.0'
+- !ruby/object:Gem::Dependency
+  name: importmap-rails
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.2'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.2'
+- !ruby/object:Gem::Dependency
+  name: pagy
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '43.0'
+  type: :runtime
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '43.0'
 description: A modern Rails engine that tracks ActiveRecord create, update, and destroy
   events with JSON-first storage, whodunnit actor context, and a clean query API.
   Drop-in replacement for PaperTrail with no legacy baggage.
@@ -35,16 +77,35 @@ files:
 - MIT-LICENSE
 - README.md
 - Rakefile
+- app/assets/stylesheets/rails_audit_log/_01_base.css
+- app/assets/stylesheets/rails_audit_log/_02_layout.css
+- app/assets/stylesheets/rails_audit_log/_03_table.css
+- app/assets/stylesheets/rails_audit_log/_04_badges.css
+- app/assets/stylesheets/rails_audit_log/_05_diff.css
+- app/assets/stylesheets/rails_audit_log/_06_timeline.css
+- app/assets/stylesheets/rails_audit_log/_07_detail.css
+- app/assets/stylesheets/rails_audit_log/_08_pagination.css
+- app/assets/stylesheets/rails_audit_log/_09_filters.css
 - app/assets/stylesheets/rails_audit_log/application.css
 - app/concerns/rails_audit_log/auditable.rb
 - app/concerns/rails_audit_log/controller.rb
 - app/controllers/rails_audit_log/application_controller.rb
+- app/controllers/rails_audit_log/audit_log_entries_controller.rb
+- app/controllers/rails_audit_log/resources_controller.rb
 - app/helpers/rails_audit_log/application_helper.rb
+- app/javascript/rails_audit_log/application.js
+- app/javascript/rails_audit_log/diff_controller.js
+- app/javascript/rails_audit_log/search_controller.js
 - app/jobs/rails_audit_log/application_job.rb
 - app/jobs/rails_audit_log/write_audit_log_job.rb
 - app/models/rails_audit_log/application_record.rb
 - app/models/rails_audit_log/audit_log_entry.rb
 - app/views/layouts/rails_audit_log/application.html.erb
+- app/views/rails_audit_log/audit_log_entries/_diff.html.erb
+- app/views/rails_audit_log/audit_log_entries/index.html.erb
+- app/views/rails_audit_log/audit_log_entries/show.html.erb
+- app/views/rails_audit_log/resources/show.html.erb
+- config/importmap.rb
 - config/routes.rb
 - lib/generators/rails_audit_log/initializer/initializer_generator.rb
 - lib/generators/rails_audit_log/initializer/templates/rails_audit_log.rb