Telegram (ask questions / claim the issue here first): https://t.me/+DOylgFv1jyJlNzM0
Why this matters
backend/src/middleware/auditLog.ts:63-111 fires the INSERT and calls next() before the handler runs, so audit_logs has no HTTP status / allowed-vs-denied / success flag - a rejected admin action and a successful one are indistinguishable. sanitizePayload (auditLog.ts:8-30) only redacts top-level keys (shallow for now), so secret/token/signedTxXdr nested under e.g. body.tx are written to the DB in cleartext.
Acceptance criteria
Files to touch
backend/src/middleware/auditLog.ts
Out of scope
- Audit-log IP correctness (depends on trust proxy, tracked separately)
- Retention/cleanup job
Why this matters
backend/src/middleware/auditLog.ts:63-111 fires the INSERT and calls next() before the handler runs, so audit_logs has no HTTP status / allowed-vs-denied / success flag - a rejected admin action and a successful one are indistinguishable. sanitizePayload (auditLog.ts:8-30) only redacts top-level keys (shallow for now), so secret/token/signedTxXdr nested under e.g. body.tx are written to the DB in cleartext.
Acceptance criteria
Files to touch
backend/src/middleware/auditLog.tsOut of scope