Skip to content

WIP: Audit Trails#161

Open
itsyaasir wants to merge 205 commits intomainfrom
feat/audit-trails-dev
Open

WIP: Audit Trails#161
itsyaasir wants to merge 205 commits intomainfrom
feat/audit-trails-dev

Conversation

@itsyaasir
Copy link
Copy Markdown
Contributor

@itsyaasir itsyaasir commented Dec 11, 2025

Description of change

Links to any relevant issues

Type of change

  • Bug fix (a non-breaking change which fixes an issue)
  • Enhancement (a non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation Fix

How the change has been tested

Change checklist

  • I have followed the contribution guidelines for this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that new and existing unit tests pass locally with my changes
  • I have updated the CHANGELOG.md, if my changes are significant enough

itsyaasir and others added 26 commits December 11, 2025 18:44
@itsyaasir
feat: Add initial implementation of audit trails module
e7699c3
@itsyaasir
refactor: Rename module and package from audit_trails_poc to audit_tr…
c4f79fb 
…ails for consistency
@chrisgitiota
feat: Audit Trails_ Rename move directory and add some folders (#162)
f6e7e11 
* rename `audit_trails` folder to `audit-trails-move`
* Add folders for audit-trails-rs and audit_trails_wasm
@itsyaasir
feat: Implement audit trails with role-based access control
e449177
@itsyaasir
feat: Introduce locking and record modules for audit trails
c2b11bd
@chrisgitiota
First version of permission
d1d8dc5 
* First implementation of the permission module based on a `Permission` enum
* Unit tests for the `Permission` enum
* Renamed `AuditTrail::permissions` to `AuditTrail::roles`
* Renamed all modules and type-names from plural to singular name
  * audit_trails -> audit_trail
  * permissions -> permission
  * capabilities -> capability
@chrisgitiota
First version of initial roles config and Admin role Capability creation
632d1e7 
Unit tests are still buggy and will be fixed with the next commit.
@chrisgitiota
Add missing tests for create AT
f5b6b2a
@chrisgitiota
Fixes for the create AT tests
395a68f
@chrisgitiota
New test test_create_metadata_admin_role() in create_tests.move
713c494
@chrisgitiota
Fix dprint issues
6cb397b
@itsyaasir
refactor: Rename audit_trails module to main and update locking confi…
bc512d8 
…guration structure
@chrisgitiota
New test for the role-based access control delegation workflow
ed79a98
@chrisgitiota
Add access control check for update_metadata()
09ae22b
@chrisgitiota @itsyaasir
Update audit-trail-move/sources/permission.move
75c8487 
Rename MetaDataUpdate to MetadataUpdate

Co-authored-by: Yasir <yasir@shariff.dev>
@chrisgitiota
Implementation for the issued_capabilities whitelist management plus …
60f5562 
…corresponding tests
@chrisgitiota
Merge branch 'feat/audit-trails-api-roles-management' of github.com:i…
7938050 
…otaledger/notarization into feat/audit-trails-api-roles-management
@chrisgitiota
Globally rename 'MetaData' to 'Metadata'
520eda0
@chrisgitiota
Rename 'create_tests' to 'create_audit_trail_tests'
e5a71a1
@chrisgitiota
Rename all Permissions variants and creator functions according to th…
cfb8c84 
…e verb-subject format
@chrisgitiota
Merge branch 'feat/audit-trails-api' into feat/audit-trails-api-roles…
ffe4871 
…-management

# Conflicts:
#	audit-trail-move/sources/locking.move
#	audit-trails-move/sources/audit_trails.move
@chrisgitiota
Rewrite of all LockingConfig creating function calls in Move tests
600ae26
@chrisgitiota
Add access control check for AuditTrail.update_metadata() and `delete…
c029e29 
…_record_lock`
@itsyaasir
Merge pull request #173 from iotaledger/feat/audit-trails-api-roles-m…
09f1a96 
…anagement

Feat/audit trails api roles management
@itsyaasir
Merge pull request #164 from iotaledger/feat/audit-trails-api
e89679a 
Audit Trails API
@itsyaasir
Merge branch 'main' into feat/audit-trails-dev
f30459f
itsyaasir
itsyaasir commented Jan 5, 2026
View reviewed changes
itsyaasir and others added 3 commits January 5, 2026 09:59
@itsyaasir
chore: fmt fixes & add prettier configuration
213ac6b
@chrisgitiota
New Capability restrictions: issued_to, valid_until and valid_from
71d2dd4 
Also split of the role and capability management from the AT main module to allow reuse with other products.
@chrisgitiota
Merge branch 'feat/audit-trails-dev' into feat/audit-trails-dev-caps-…
d9f7829 
…extended

# Conflicts:
#	audit-trail-move/sources/audit_trail.move
#	audit-trail-move/sources/capability.move
#	audit-trail-move/tests/capability_tests.move
#	audit-trail-move/tests/create_audit_trail_tests.move
#	audit-trail-move/tests/role_tests.move
#	audit-trail-move/tests/test_utils.move
itsyaasir and others added 30 commits April 2, 2026 17:21
@itsyaasir
fix: enforce tag access checks on record deletion
1d484bd
@itsyaasir
test: add tagged delete authorization regressions
f619e8d
@itsyaasir
test: move audit trail CRUD coverage to record suite
1f9439e
@itsyaasir
refactor: inline audit trail tag access checks
9de456e
@itsyaasir
style: format record tests
86d28e6
@itsyaasir
test: fix tagged batch delete expectation
59c47bb
@itsyaasir
Merge pull request #241 from iotaledger/fix/audit-trail-tagged-delete…
5218467 
…-auth

fix: enforce tag access checks on record deletion
@itsyaasir
Merge branch 'feat/audit-trails-dev' into feat/audit-trails-dev-examp…
47734a1 
…les-and-docs
@chrisgitiota
Some detail fixes
8dc1b25
@chrisgitiota
Extended Capability Validation Rules and `Managing Revoked Capabili…
2823dc1 
…ties` sections

Both sections need to be reviewed though
@chrisgitiota
Merge remote-tracking branch 'origin/feat/audit-trails-dev-examples-a…
7d8684b 
…nd-docs' into feat/audit-trails-dev-examples-and-docs
@chrisgitiota
Reviewed and fixed extended Capability Validation Rules and `Managi…
4a049f7 
…ng Revoked Capabilities` sections
@itsyaasir
examples: expand audit trail walkthroughs
317a43e
@itsyaasir
feat: add audit trail wasm examples and browser tests
60715a7
@itsyaasir
docs: refine audit trail examples and guides
cd093b1
@itsyaasir
fix: address audit trail wasm review issues
ed5a5af
@itsyaasir
fix: update audit trail wasm browser setup
09c617a
@itsyaasir
fix: polish audit trail browser examples
090d313
@itsyaasir
feat: add explicit audit trail capability selection
7250ca7
@itsyaasir
fix: address PR review — multi-actor examples and doc polish
d439de6 
- Introduce named actor clients across all audit trail examples so each
  client signs with its own key and capabilities are bound to specific
  addresses (issued_to) rather than left unrestricted
- Add //! ## Actors module-level doc to every example describing each
  actor's role and permissions
- Refactor 01_customs_clearance and 02_clinical_trial to use fully
  distinct clients per operational role (DocsOperator, ExportBroker,
  Inspector, Monitor, DataSafetyBoard, etc.)
- Replace plain-text document data with SHA-256 hash in customs
  clearance; add comment about off-chain TWIN node storage
- Add section-title comments to customs clearance for easier navigation
- Add capability auto-lookup comment to 09_tagged_records
- Move records accessor definition ALAP in 06_delete_records
- Add localnet eval-based quickstart section to WASM examples README
@itsyaasir
feat: apply multi-actor pattern to all TypeScript WASM audit trail ex…
8b3a92b 
…amples

Each actor now uses its own funded client with a distinct keypair, so
capability objects are bound to per-actor addresses and the Move-level
access-control is exercised as intended. All examples have structured
JSDoc ## Actors sections. The issueTaggedRecordRole helper accepts an
explicit issuedTo address parameter.
@itsyaasir
style: reformat doc comments and method chains in audit trail examples
032b46a
@itsyaasir
Merge branch 'feat/audit-trails-dev-examples-and-docs' into feat/audi…
d8747f3 
…t-trail-explicit-capability-selection
@itsyaasir
fix: use cfg-gated now_ms() helper for WASM-compatible timestamp in c…
c533193 
…apability lookup
@itsyaasir
refactor: inline accessor variables ALAP in 05_manage_access examples
4f4c940
@itsyaasir
fix: issue disposable capability to admin for destroyCapability demo
fe5a94e
@itsyaasir
chore: fmt &type fix
24c31a2
@itsyaasir
fix: use Web Crypto API for SHA-256 in customs clearance example
3a64d0e 
Node's crypto.createHash is not available in the browser. The Web
Crypto API (crypto.subtle.digest) works in both environments.
@itsyaasir
Merge pull request #244 from iotaledger/feat/audit-trail-explicit-cap…
29653e7 
…ability-selection

feat: add explicit audit trail capability selection
@itsyaasir
Merge pull request #242 from iotaledger/feat/audit-trails-dev-example…
a49de71 
…s-and-docs

AT : Rust & TS Examples
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@itsyaasir itsyaasir

@chrisgitiota chrisgitiota

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[AT]: Extend the CI to include the AT Packages

3 participants

@itsyaasir @chrisgitiota @qrayven