azcomputerguru/claudetools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
claudetools/api/models/credential_audit_log.py
Mike Swanson 390b10b32c Complete Phase 6: MSP Work Tracking with Context Recall System 
Implements production-ready MSP platform with cross-machine persistent memory for Claude.

API Implementation:
- 130 REST API endpoints across 21 entities
- JWT authentication on all endpoints
- AES-256-GCM encryption for credentials
- Automatic audit logging
- Complete OpenAPI documentation

Database:
- 43 tables in MariaDB (172.16.3.20:3306)
- 42 SQLAlchemy models with modern 2.0 syntax
- Full Alembic migration system
- 99.1% CRUD test pass rate

Context Recall System (Phase 6):
- Cross-machine persistent memory via database
- Automatic context injection via Claude Code hooks
- Automatic context saving after task completion
- 90-95% token reduction with compression utilities
- Relevance scoring with time decay
- Tag-based semantic search
- One-command setup script

Security Features:
- JWT tokens with Argon2 password hashing
- AES-256-GCM encryption for all sensitive data
- Comprehensive audit trail for credentials
- HMAC tamper detection
- Secure configuration management

Test Results:
- Phase 3: 38/38 CRUD tests passing (100%)
- Phase 4: 34/35 core API tests passing (97.1%)
- Phase 5: 62/62 extended API tests passing (100%)
- Phase 6: 10/10 compression tests passing (100%)
- Overall: 144/145 tests passing (99.3%)

Documentation:
- Comprehensive architecture guides
- Setup automation scripts
- API documentation at /api/docs
- Complete test reports
- Troubleshooting guides

Project Status: 95% Complete (Production-Ready)
Phase 7 (optional work context APIs) remains for future enhancement.

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-01-17 06:00:26 -07:00

96 lines
3.0 KiB
Python
Raw Permalink Blame History

"""
Credential audit log model for tracking credential access and modifications.
This model provides a comprehensive audit trail for all credential-related
operations including views, updates, rotations, and decryptions.
"""
from datetime import datetime
from typing import Optional
from sqlalchemy import CHAR, CheckConstraint, ForeignKey, Index, String, Text
from sqlalchemy.orm import Mapped, mapped_column, relationship
from sqlalchemy.sql import func
from api.models.base import Base, UUIDMixin
class CredentialAuditLog(UUIDMixin, Base):
"""
Audit trail for credential access and modifications.
Records all operations performed on credentials including who accessed them,
when, from where, and what action was performed.
Attributes:
id: UUID primary key
credential_id: Reference to the credential
action: Type of action performed (view, create, update, delete, rotate, decrypt)
user_id: User who performed the action (JWT sub claim)
ip_address: IP address of the user
user_agent: Browser/client user agent
details: JSON string with additional context about the action
timestamp: When the action was performed
"""
__tablename__ = "credential_audit_log"
# Foreign keys
credential_id: Mapped[str] = mapped_column(
CHAR(36),
ForeignKey("credentials.id", ondelete="CASCADE"),
nullable=False,
doc="Reference to credential",
)
# Action details
action: Mapped[str] = mapped_column(
String(50),
nullable=False,
doc="Type of action performed",
)
user_id: Mapped[str] = mapped_column(
String(255),
nullable=False,
doc="User who performed the action (JWT sub claim)",
)
# Context information
ip_address: Mapped[Optional[str]] = mapped_column(
String(45),
nullable=True,
doc="IP address (IPv4 or IPv6)",
)
user_agent: Mapped[Optional[str]] = mapped_column(
Text,
nullable=True,
doc="Browser/client user agent string",
)
details: Mapped[Optional[str]] = mapped_column(
Text,
nullable=True,
doc="JSON string with additional context (what changed, why, etc.)",
)
# Timestamp
timestamp: Mapped[datetime] = mapped_column(
nullable=False,
server_default=func.now(),
doc="When the action was performed",
)
# Table constraints
__table_args__ = (
CheckConstraint(
"action IN ('view', 'create', 'update', 'delete', 'rotate', 'decrypt')",
name="ck_credential_audit_action",
),
Index("idx_cred_audit_credential", "credential_id"),
Index("idx_cred_audit_user", "user_id"),
Index("idx_cred_audit_timestamp", "timestamp"),
)
def __repr__(self) -> str:
"""String representation of the audit log entry."""
return f"<CredentialAuditLog(id={self.id}, action={self.action}, user={self.user_id}, timestamp={self.timestamp})>"
Reference in New Issue View Git Blame Copy Permalink