malty/ca-grow-ops-manager
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ca-grow-ops-manager/specs/audit-and-documents.md
fullsizemalt 558e0ac1e2
Some checks failed
Deploy to Production / deploy (push) Failing after 0s
Details
Test / backend-test (push) Failing after 0s
Details
Test / frontend-test (push) Failing after 0s
Details
feat: Full Spec Kit compliance implementation 
Photo Management (per specs/photo-management.md):
- Sharp integration for 3-size compression (thumb/medium/full)
- WebP output with 80-90% quality
- Client-side compression with browser-image-compression
- PhotoUpload component with camera/drag-drop support
- Upload API with bulk support and stats endpoint

Testing:
- Backend: Jest tests for all major API endpoints
- Frontend: Vitest tests for utilities and API clients
- CI: Updated Forgejo workflow for test execution

Specs (100% coverage):
- visitor-management.md (Phase 8)
- messaging.md (Phase 9)
- audit-and-documents.md (Phase 10)
- accessibility-i18n.md (Phase 11)
- hardware-integration.md (Phase 12)
- advanced-features.md (Phase 13)

Documentation:
- OpenAPI 3.0 spec (docs/openapi.yaml)
- All endpoints documented with schemas
2025-12-11 09:53:32 -08:00

107 lines
2.5 KiB
Markdown
Raw Blame History

# Feature Spec: Audit Trail & Document Management
**Priority**: 🔴 Critical (Compliance)
**Phase**: 10
**Status**: ✅ Implemented
---
## Overview
Zero-friction compliance reporting. Every action logged, every document versioned, instant report generation for inspectors.
---
## Audit Log
### Model: AuditLog
- `id`: UUID
- `userId`: FK to User
- `action`: string (CREATE, UPDATE, DELETE, VIEW, LOGIN, etc.)
- `entityType`: string (Batch, Room, Plant, etc.)
- `entityId`: string
- `beforeData`: JSON (state before change)
- `afterData`: JSON (state after change)
- `ipAddress`: string
- `userAgent`: string
- `timestamp`: datetime
- `metadata`: JSON (additional context)
### API Endpoints
- `GET /api/audit/logs` - Query logs with filters
- `GET /api/audit/logs/:entityType/:entityId` - Entity history
- `GET /api/audit/summary` - Dashboard statistics
- `GET /api/audit/export` - CSV/JSON export
### Implementation Notes
- Immutable storage (append-only, no deletions)
- Automatic logging via middleware
- 7-year retention for compliance
- Indexes on entityType, entityId, timestamp
---
## Document Management
### Model: Document
- `id`: UUID
- `title`: string
- `type`: enum (SOP, POLICY, FORM, CERTIFICATE, LICENSE, OTHER)
- `category`: string
- `content`: string (markdown) OR fileUrl
- `currentVersion`: number
- `status`: enum (DRAFT, PENDING_APPROVAL, APPROVED)
- `requiresAck`: boolean
- `createdById`: FK
- `approvedById`: FK (optional)
- `approvedAt`: datetime (optional)
### Model: DocumentVersion
- `id`: UUID
- `documentId`: FK
- `version`: number
- `content`: string OR fileUrl
- `changeNotes`: string
- `createdById`: FK
- `createdAt`: datetime
### Model: DocumentAck
- `id`: UUID
- `documentId`: FK
- `userId`: FK
- `version`: number
- `acknowledgedAt`: datetime
### API Endpoints
- `GET /api/documents` - List documents
- `POST /api/documents` - Create document
- `GET /api/documents/:id` - Get with versions
- `PUT /api/documents/:id` - Update (creates new version)
- `POST /api/documents/:id/approve` - Approve document
- `POST /api/documents/:id/acknowledge` - Ack document
- `GET /api/documents/:id/ack-status` - Who has acked
- `GET /api/documents/:id/versions` - Version history
---
## Compliance Reports
### Available Reports
1. **Audit Summary** - Actions by type, user, time period
2. **Document Compliance** - Ack rates, pending reviews
3. **User Activity** - Login history, action counts
4. **Entity History** - Full change log for any entity
### Export Formats
- CSV (for spreadsheets)
- JSON (for integrations)
- PDF (for auditors)
Reference in a new issue View git blame Copy permalink