standard_audit 0.1.0 → 0.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 44b12d653a138dc099f16e659e14cd139b612369f2279859b9fcae7eff57827c
-  data.tar.gz: f36ceca0425ba35b8ad73c1ac91cf63e82eb6da21fdaf7f7117c73f9c09ecc4e
+  metadata.gz: ae2015728333aa6f6549bf138de8c27017c78c23f0d930ab3df9cf73c99b14cf
+  data.tar.gz: 6e479ec25dcb88c2538a23efbec0796762b4274fd0baa2c5ad6707f57e90b65d
 SHA512:
-  metadata.gz: e10c0a45d0941ab4284f3f1fd0a8bd25b5b9c83b0052a1e354d3acb43be984eb1997e934ff8ea45beb9df772e12420300f41403bd018d3a75e2080b32df05cd0
-  data.tar.gz: c0fcae8a3eee766f6a2caf7f01323788e4eeadf3de73ff3b37a7258e3a037b2771e557a7865adf559ebd98afc3d975b2e92bbdfc0b2735b1819fffaef80511e8
+  metadata.gz: d3ec930cf81109adf17c563d15dba60a0e82ab33bcb0cb6ce422009f5b157b8d1335c46da73269053ed3e09e8169bbada9c548409080871d6dd9e3c928b65ce8
+  data.tar.gz: 64906fb08b3d97c7e25626790c32fcf6eb08885cd4c0d5f7cf22a6acf9bd2516101f768fe90d93bfd3db4a3120f726b1e63eaa49036beffcf513d139f68d58f8

data/CHANGELOG.md

@@ -1,8 +1,65 @@
 # Changelog
 
-## 0.1.0 (2026-03-03)
+All notable changes to this project will be documented in this file.
 
-Initial release.
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+## [0.3.0] - 2026-03-31
+
+### Added
+
+- Tamper detection via chained SHA-256 checksums — each record's `checksum` column hashes its content plus the previous record's checksum
+- `AuditLog.verify_chain` to walk the chain and detect modified records
+- `AuditLog.backfill_checksums!` to retroactively checksum pre-existing records
+- Rake tasks: `standard_audit:verify` (exits non-zero on failure) and `standard_audit:backfill_checksums`
+- Upgrade generator: `rails g standard_audit:add_checksums` adds the checksum column and created_at index
+
+### Changed
+
+- Primary keys now use UUIDv7 (time-ordered) instead of UUIDv4 for deterministic chain ordering
+- Batch inserts (`StandardAudit.batch`) now compute chained checksums
+
+### Upgrade
+
+Run the upgrade generator to add the checksum column:
+
+```bash
+rails generate standard_audit:add_checksums
+rails db:migrate
+```
+
+Optionally backfill checksums for existing records:
+
+```bash
+rake standard_audit:backfill_checksums
+```
+
+## [0.2.0] - 2026-03-25
+
+### Added
+
+- Batch insert mode via `StandardAudit.batch { }` for high-volume audit logging
+- `StandardAudit::CleanupJob` for automated retention enforcement
+- `config.use_preset(:standard_id)` to subscribe to StandardId auth events in one call
+- GIN index on metadata JSONB column in install generator (PostgreSQL)
+- CI-driven gem publishing via GitHub Actions trusted publisher
+
+### Changed
+
+- Migration template uses `jsonb` instead of `json` for metadata column
+- Expanded default `sensitive_keys` to include `api_key`, `access_token`, `refresh_token`, `private_key`, `certificate_chain`, `ssn`, `credit_card`, `authorization`
+
+### Breaking Changes
+
+- AuditLog records are now immutable — `update`/`destroy` raises `ActiveRecord::ReadOnlyRecord`. Use `update_columns` for privileged operations like GDPR anonymization. `delete`/`delete_all` still work for bulk cleanup.
+- Removed `auto_cleanup` config attribute. Schedule `StandardAudit::CleanupJob` directly instead.
+
+## [0.1.0] - 2026-03-03
+
+### Added
 
 - Core audit log model with UUID primary keys and GlobalID-based polymorphic references
 - Convenience API: `StandardAudit.record` with sync, async, and block forms

data/MIT-LICENSE

@@ -1,4 +1,4 @@
-Copyright TODO: Write your name
+Copyright (c) 2026 Jaryl Sim
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -161,7 +161,7 @@ StandardAudit.configure do |config|
 
   # -- Sensitive Data --
   # Keys automatically stripped from metadata.
-  config.sensitive_keys = %i[password password_confirmation token secret]
+  config.sensitive_keys += %i[my_custom_secret]  # added to built-in defaults
 
   # -- Metadata Builder --
   # Optional proc to transform metadata before storage.
@@ -179,9 +179,8 @@ StandardAudit.configure do |config|
   # Metadata keys to strip during anonymization.
   config.anonymizable_metadata_keys = %i[email name ip_address]
 
-  # -- Retention --
+  # -- Retention (schedule StandardAudit::CleanupJob to enforce) --
   config.retention_days = 90
-  config.auto_cleanup = false
 end
 ```
 
@@ -353,7 +352,7 @@ t.jsonb :metadata, default: {}
 **Sensitive data**: Configure `sensitive_keys` to automatically strip passwords, tokens, and secrets from metadata. Add domain-specific keys as needed:
 
 ```ruby
-config.sensitive_keys = %i[password token secret ssn credit_card_number]
+config.sensitive_keys += %i[medical_record_number]  # extend the built-in defaults
 ```
 
 **Performance**: For high-volume applications, enable async processing and ensure your `audit_logs` table has appropriate indexes (the install generator adds them by default). Consider partitioning by `occurred_at` for very large tables.

data/app/jobs/standard_audit/cleanup_job.rb

@@ -0,0 +1,14 @@
+module StandardAudit
+  class CleanupJob < ActiveJob::Base
+    queue_as { StandardAudit.config.queue_name }
+
+    def perform
+      days = StandardAudit.config.retention_days
+      return unless days
+
+      cutoff = days.days.ago
+      deleted = StandardAudit::AuditLog.before(cutoff).in_batches(of: 10_000).delete_all
+      Rails.logger.info("[StandardAudit] CleanupJob deleted #{deleted} audit logs older than #{days} days")
+    end
+  end
+end

data/app/models/standard_audit/audit_log.rb

@@ -1,8 +1,25 @@
+require "openssl"
+
 module StandardAudit
   class AuditLog < ApplicationRecord
     self.table_name = "audit_logs"
 
+    CHECKSUM_FIELDS = %w[
+      id event_type actor_gid actor_type target_gid target_type
+      scope_gid scope_type metadata request_id ip_address
+      user_agent session_id occurred_at
+    ].freeze
+
     before_create :assign_uuid, if: -> { id.blank? }
+    before_create :compute_checksum, if: -> { checksum.blank? }
+    after_create_commit :emit_created_event
+
+    # Audit logs are append-only. Use update_columns for privileged
+    # operations like GDPR anonymization that must bypass this guard.
+    # Note: delete/delete_all bypass callbacks and are permitted for
+    # bulk cleanup operations (see CleanupJob, rake standard_audit:cleanup).
+    before_update { raise ActiveRecord::ReadOnlyRecord }
+    before_destroy { raise ActiveRecord::ReadOnlyRecord }
 
     validates :event_type, presence: true
     validates :occurred_at, presence: true
@@ -85,8 +102,8 @@ module StandardAudit
     scope :for_request, ->(request_id) { where(request_id: request_id) }
     scope :from_ip, ->(ip_address) { where(ip_address: ip_address) }
     scope :for_session, ->(session_id) { where(session_id: session_id) }
-    scope :chronological, -> { order(occurred_at: :asc) }
-    scope :reverse_chronological, -> { order(occurred_at: :desc) }
+    scope :chronological, -> { order(occurred_at: :asc, created_at: :asc) }
+    scope :reverse_chronological, -> { order(occurred_at: :desc, created_at: :desc) }
     scope :recent, ->(n = 10) { reverse_chronological.limit(n) }
 
     # -- GDPR methods --
@@ -148,10 +165,120 @@ module StandardAudit
       }
     end
 
+    # Recomputes the checksum from the record's current field values and the
+    # given previous checksum. Useful for verification without saving.
+    def compute_checksum_value(previous_checksum: nil)
+      self.class.compute_checksum_value(
+        attributes.slice(*CHECKSUM_FIELDS),
+        previous_checksum: previous_checksum
+      )
+    end
+
+    def self.compute_checksum_value(attrs, previous_checksum: nil)
+      canonical = CHECKSUM_FIELDS.map { |f|
+        value = attrs[f]
+        value = value.to_json if value.is_a?(Hash)
+        value = value.utc.strftime("%Y-%m-%dT%H:%M:%S.%6NZ") if value.respond_to?(:strftime) && value.respond_to?(:utc)
+        "#{f}=#{value}"
+      }.join("|")
+
+      canonical = "#{previous_checksum}|#{canonical}" if previous_checksum.present?
+
+      OpenSSL::Digest::SHA256.hexdigest(canonical)
+    end
+
+    # Verifies the integrity of the audit log chain. Returns a result hash with
+    # :valid (boolean), :verified (count), and :failures (array of hashes).
+    #
+    # Records are processed in (created_at, id) order. Records without a
+    # checksum (pre-feature data) reset the chain — the next checksummed
+    # record starts a new independent chain segment.
+    def self.verify_chain(scope: nil, batch_size: 1000)
+      relation = scope ? where(scope_gid: scope.to_global_id.to_s) : all
+
+      previous_checksum = nil
+      verified = 0
+      failures = []
+
+      relation.in_batches(of: batch_size) do |batch|
+        batch.order(created_at: :asc, id: :asc).each do |record|
+          if record.checksum.blank?
+            previous_checksum = nil
+            next
+          end
+
+          expected = record.compute_checksum_value(previous_checksum: previous_checksum)
+
+          if record.checksum != expected
+            failures << {
+              id: record.id,
+              event_type: record.event_type,
+              created_at: record.created_at,
+              expected: expected,
+              actual: record.checksum
+            }
+          end
+
+          verified += 1
+          previous_checksum = record.checksum
+        end
+      end
+
+      { valid: failures.empty?, verified: verified, failures: failures }
+    end
+
+    # Backfills checksums for records that don't have them (e.g. pre-existing
+    # records before the checksum feature was added).
+    def self.backfill_checksums!(batch_size: 1000)
+      previous_checksum = nil
+      count = 0
+
+      in_batches(of: batch_size) do |batch|
+        batch.order(created_at: :asc, id: :asc).each do |record|
+          if record.checksum.present?
+            previous_checksum = record.checksum
+            next
+          end
+
+          new_checksum = compute_checksum_value(
+            record.attributes.slice(*CHECKSUM_FIELDS),
+            previous_checksum: previous_checksum
+          )
+          record.update_columns(checksum: new_checksum)
+
+          previous_checksum = new_checksum
+          count += 1
+        end
+      end
+
+      count
+    end
+
     private
 
+    def emit_created_event
+      ActiveSupport::Notifications.instrument("standard_audit.audit_log.created", {
+        id: id,
+        event_type: event_type,
+        actor_type: actor_type,
+        target_type: target_type,
+        scope_type: scope_type
+      })
+    rescue StandardError => e
+      Rails.logger.warn("[StandardAudit] Failed to emit event: #{e.class}: #{e.message}")
+    end
+
+    # Fetches the most recent record's checksum and chains the new record to it.
+    # Note: concurrent inserts can read the same "previous" record, forking
+    # the chain. Use database-level advisory locks if you need serializable
+    # chain integrity under concurrent writes.
+    def compute_checksum
+      previous = self.class.order(created_at: :desc, id: :desc).limit(1).pick(:checksum)
+      self.checksum = compute_checksum_value(previous_checksum: previous)
+    end
+
     def assign_uuid
-      self.id = SecureRandom.uuid
+      self.id = SecureRandom.uuid_v7
     end
   end
 end

data/lib/generators/standard_audit/add_checksums/add_checksums_generator.rb

@@ -0,0 +1,16 @@
+module StandardAudit
+  module Generators
+    class AddChecksumsGenerator < Rails::Generators::Base
+      include Rails::Generators::Migration
+      source_root File.expand_path("templates", __dir__)
+
+      def self.next_migration_number(dirname)
+        Time.now.utc.strftime("%Y%m%d%H%M%S")
+      end
+
+      def copy_migration
+        migration_template "add_checksum_to_audit_logs.rb.erb", "db/migrate/add_checksum_to_audit_logs.rb"
+      end
+    end
+  end
+end

data/lib/generators/standard_audit/add_checksums/templates/add_checksum_to_audit_logs.rb.erb

@@ -0,0 +1,6 @@
+class AddChecksumToAuditLogs < ActiveRecord::Migration[<%= ActiveRecord::Migration.current_version %>]
+  def change
+    add_column :audit_logs, :checksum, :string, limit: 64
+    add_index :audit_logs, :created_at
+  end
+end

data/lib/generators/standard_audit/install/templates/create_audit_logs.rb.erb

@@ -5,26 +5,30 @@ class CreateAuditLogs < ActiveRecord::Migration[<%= ActiveRecord::Migration.curr
       t.string :actor_type
       t.string :target_gid
       t.string :target_type
+      # Multi-tenancy: include StandardAudit::AuditScope in your tenant model
+      # (e.g., Organisation) to scope audit logs. Leave nil for single-tenant apps.
       t.string :scope_gid
       t.string :scope_type
       t.string :event_type, null: false
       t.string :request_id
       t.string :ip_address
-      t.string :user_agent
+      t.text :user_agent
       t.string :session_id
-      t.json :metadata, default: {}
+      t.jsonb :metadata, default: {}
       t.datetime :occurred_at, null: false
+      t.string :checksum, limit: 64
       t.timestamps
     end
 
     add_index :audit_logs, :event_type
-    add_index :audit_logs, :actor_type
-    add_index :audit_logs, :target_type
+    add_index :audit_logs, [:actor_gid, :occurred_at]
+    add_index :audit_logs, [:target_gid, :occurred_at]
     add_index :audit_logs, [:scope_type, :scope_gid]
-    add_index :audit_logs, :scope_type
     add_index :audit_logs, :request_id
-    add_index :audit_logs, :occurred_at
-    add_index :audit_logs, :ip_address
+    add_index :audit_logs, [:occurred_at, :created_at]
+    add_index :audit_logs, :created_at
     add_index :audit_logs, :session_id
+    # GIN index requires PostgreSQL; remove if using another database
+    add_index :audit_logs, :metadata, using: :gin
   end
 end

data/lib/generators/standard_audit/install/templates/initializer.rb.erb

@@ -1,5 +1,8 @@
 StandardAudit.configure do |config|
-  # Subscribe to ActiveSupport::Notifications patterns
+  # Use a preset to subscribe to common event patterns
+  # config.use_preset(:standard_id)
+
+  # Or subscribe to ActiveSupport::Notifications patterns manually
   # config.subscribe_to "audit.**"
 
   # Actor extractor from notification payload
@@ -11,6 +14,9 @@ StandardAudit.configure do |config|
   # Scope extractor from notification payload
   # config.scope_extractor = ->(payload) { payload[:scope] }
 
+  # Multi-tenancy: include StandardAudit::AuditScope in your tenant model
+  # to add a scoped_audit_logs association.
+
   # Fallback resolvers (used when payload values are nil)
   # config.current_actor_resolver = -> { Current.user }
   # config.current_request_id_resolver = -> { Current.request_id }
@@ -18,8 +24,10 @@ StandardAudit.configure do |config|
   # config.current_user_agent_resolver = -> { Current.user_agent }
   # config.current_session_id_resolver = -> { Current.session_id }
 
-  # Keys to strip from metadata
-  # config.sensitive_keys = %i[password password_confirmation token secret]
+  # Keys to strip from metadata (defaults include: password, password_confirmation,
+  # token, secret, api_key, access_token, refresh_token, private_key,
+  # certificate_chain, ssn, credit_card, authorization)
+  # config.sensitive_keys += %i[my_custom_secret]
 
   # Run audit log creation in background job
   # config.async = false
@@ -31,7 +39,6 @@ StandardAudit.configure do |config|
   # GDPR: metadata keys to strip on anonymization
   # config.anonymizable_metadata_keys = %i[email name ip_address]
 
-  # Data retention
+  # Data retention (schedule StandardAudit::CleanupJob to enforce)
   # config.retention_days = nil
-  # config.auto_cleanup = false
 end

data/lib/standard_audit/configuration.rb

@@ -6,10 +6,11 @@ module StandardAudit
                   :current_ip_address_resolver, :current_user_agent_resolver,
                   :current_session_id_resolver,
                   :sensitive_keys, :metadata_builder,
-                  :anonymizable_metadata_keys, :retention_days, :auto_cleanup
+                  :anonymizable_metadata_keys, :retention_days
 
     def initialize
       @subscriptions = []
+      @applied_presets = []
       @async = false
       @queue_name = :default
       @enabled = true
@@ -34,11 +35,18 @@ module StandardAudit
         defined?(Current) && Current.respond_to?(:session_id) ? Current.session_id : nil
       }
 
-      @sensitive_keys = %i[password password_confirmation token secret]
+      # Note: :authorization filters the HTTP Authorization header value.
+      # If you use "authorization" as a metadata key for policy decisions,
+      # rename it (e.g. :authorization_policy) to avoid accidental filtering.
+      @sensitive_keys = %i[
+        password password_confirmation token secret
+        api_key access_token refresh_token
+        private_key certificate_chain
+        ssn credit_card authorization
+      ]
       @metadata_builder = nil
       @anonymizable_metadata_keys = %i[email name ip_address]
       @retention_days = nil
-      @auto_cleanup = false
     end
 
     def subscribe_to(pattern)
@@ -48,5 +56,22 @@ module StandardAudit
     def subscriptions
       @subscriptions.dup.freeze
     end
+
+    def use_preset(name)
+      key = name.to_sym
+      return self if @applied_presets.include?(key)
+
+      preset = case key
+      when :standard_id
+        require "standard_audit/presets/standard_id"
+        StandardAudit::Presets::StandardId
+      else
+        raise ArgumentError, "Unknown preset: #{name}. Available presets: :standard_id"
+      end
+
+      preset.apply(self)
+      @applied_presets << key
+      self
+    end
   end
 end

data/lib/standard_audit/presets/standard_id.rb

@@ -0,0 +1,22 @@
+module StandardAudit
+  module Presets
+    module StandardId
+      # Regex wildcards capture all events in a namespace. Session uses
+      # explicit strings to exclude noisy events like session.validated
+      # that fire on every authenticated request.
+      SUBSCRIPTIONS = [
+        /\Astandard_id\.authentication\./,
+        "standard_id.session.created",
+        "standard_id.session.revoked",
+        "standard_id.session.expired",
+        /\Astandard_id\.account\./,
+        /\Astandard_id\.social\./,
+        /\Astandard_id\.passwordless\./
+      ].freeze
+
+      def self.apply(config)
+        SUBSCRIPTIONS.each { |pattern| config.subscribe_to(pattern) }
+      end
+    end
+  end
+end

data/lib/standard_audit/version.rb

@@ -1,3 +1,3 @@
 module StandardAudit
-  VERSION = "0.1.0"
+  VERSION = "0.3.0"
 end

data/lib/standard_audit.rb

@@ -44,15 +44,20 @@ module StandardAudit
         return
       end
 
-      if config.async
-        job_attrs = attrs.dup
-        job_attrs[:actor_gid] = actor&.to_global_id&.to_s
-        job_attrs[:target_gid] = target&.to_global_id&.to_s
-        job_attrs[:scope_gid] = scope&.to_global_id&.to_s
-        job_attrs[:actor_type] = actor&.class&.name
-        job_attrs[:target_type] = target&.class&.name
-        job_attrs[:scope_type] = scope&.class&.name
-        StandardAudit::CreateAuditLogJob.perform_later(job_attrs.stringify_keys)
+      gid_attrs = {
+        actor_gid: actor&.to_global_id&.to_s,
+        actor_type: actor&.class&.name,
+        target_gid: target&.to_global_id&.to_s,
+        target_type: target&.class&.name,
+        scope_gid: scope&.to_global_id&.to_s,
+        scope_type: scope&.class&.name
+      }
+
+      if batching?
+        Thread.current[:standard_audit_batch] << attrs.merge(gid_attrs)
+        nil
+      elsif config.async
+        StandardAudit::CreateAuditLogJob.perform_later(attrs.merge(gid_attrs).stringify_keys)
       else
         log = StandardAudit::AuditLog.new(attrs)
         log.actor = actor
@@ -63,6 +68,24 @@ module StandardAudit
       end
     end
 
+    # Buffers record calls and flushes them via insert_all! on block exit.
+    # If the block raises, buffered records are dropped — only successful
+    # batches are persisted. Nested batches flush independently.
+    # Block-form record calls (with AS::Notifications) bypass the buffer
+    # and are processed normally since they don't persist records directly.
+    # Note: uses Thread.current for storage, which is not fiber-safe.
+    # Apps using async adapters (Falcon) should avoid concurrent batches.
+    def batch
+      previous = Thread.current[:standard_audit_batch]
+      buffer = Thread.current[:standard_audit_batch] = []
+
+      yield
+
+      flush_batch(buffer) if buffer.any?
+    ensure
+      Thread.current[:standard_audit_batch] = previous
+    end
+
     def subscriber
       @subscriber ||= Subscriber.new
     end
@@ -70,5 +93,43 @@ module StandardAudit
     def reset_configuration!
       @configuration = nil
     end
+
+    private
+
+    def batching?
+      Thread.current[:standard_audit_batch].is_a?(Array)
+    end
+
+    def flush_batch(buffer)
+      now = Time.current
+      previous_checksum = StandardAudit::AuditLog
+        .order(created_at: :desc, id: :desc)
+        .limit(1)
+        .pick(:checksum)
+
+      # Generate sorted UUIDs to ensure batch ordering matches id ordering.
+      # UUIDv7 within the same millisecond can have non-monotonic lower bits;
+      # sorting guarantees the chain order matches the id order used by
+      # verify_chain. Under very high throughput this is a best-effort
+      # guarantee — see compute_checksum's concurrency note.
+      ids = buffer.size.times.map { SecureRandom.uuid_v7 }.sort
+
+      rows = buffer.each_with_index.map do |attrs, i|
+        row = attrs.merge(
+          id: ids[i],
+          created_at: now,
+          updated_at: now
+        )
+        checksum = StandardAudit::AuditLog.compute_checksum_value(
+          row.stringify_keys,
+          previous_checksum: previous_checksum
+        )
+        row[:checksum] = checksum
+        previous_checksum = checksum
+        row
+      end
+
+      StandardAudit::AuditLog.insert_all!(rows)
+    end
   end
 end

data/lib/tasks/standard_audit_tasks.rake

@@ -55,6 +55,30 @@ namespace :standard_audit do
     puts "Anonymized #{count} audit logs for #{args[:actor_gid]}"
   end
 
+  desc "Verify audit log chain integrity (tamper detection)"
+  task verify: :environment do
+    result = StandardAudit::AuditLog.verify_chain
+
+    puts "Audit Log Chain Verification"
+    puts "============================="
+    puts "Records verified: #{result[:verified]}"
+    puts "Chain valid: #{result[:valid]}"
+
+    if result[:failures].any?
+      puts "\nTampered records detected: #{result[:failures].size}"
+      result[:failures].each do |failure|
+        puts "  #{failure[:id]} (#{failure[:event_type]}) at #{failure[:created_at]}"
+      end
+      abort "Chain verification failed"
+    end
+  end
+
+  desc "Backfill checksums for records that don't have them"
+  task backfill_checksums: :environment do
+    count = StandardAudit::AuditLog.backfill_checksums!
+    puts "Backfilled checksums for #{count} audit log records"
+  end
+
   desc "Export audit logs for a specific actor (GDPR right to access)"
   task :export_actor, [:actor_gid, :output] => :environment do |_t, args|
     raise "actor_gid is required" unless args[:actor_gid].present?

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: standard_audit
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 0.3.0
 platform: ruby
 authors:
 - Jaryl Sim
@@ -77,10 +77,13 @@ files:
 - MIT-LICENSE
 - README.md
 - Rakefile
+- app/jobs/standard_audit/cleanup_job.rb
 - app/jobs/standard_audit/create_audit_log_job.rb
 - app/models/standard_audit/application_record.rb
 - app/models/standard_audit/audit_log.rb
 - config/routes.rb
+- lib/generators/standard_audit/add_checksums/add_checksums_generator.rb
+- lib/generators/standard_audit/add_checksums/templates/add_checksum_to_audit_logs.rb.erb
 - lib/generators/standard_audit/install/install_generator.rb
 - lib/generators/standard_audit/install/templates/create_audit_logs.rb.erb
 - lib/generators/standard_audit/install/templates/initializer.rb.erb
@@ -89,6 +92,7 @@ files:
 - lib/standard_audit/auditable.rb
 - lib/standard_audit/configuration.rb
 - lib/standard_audit/engine.rb
+- lib/standard_audit/presets/standard_id.rb
 - lib/standard_audit/subscriber.rb
 - lib/standard_audit/version.rb
 - lib/tasks/standard_audit_tasks.rake
@@ -99,6 +103,7 @@ metadata:
   homepage_uri: https://github.com/rarebit-one/standard_audit
   source_code_uri: https://github.com/rarebit-one/standard_audit
   changelog_uri: https://github.com/rarebit-one/standard_audit/blob/main/CHANGELOG.md
+  bug_tracker_uri: https://github.com/rarebit-one/standard_audit/issues
 rdoc_options: []
 require_paths:
 - lib