malty/ca-grow-ops-manager
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ca-grow-ops-manager/specs/audit-and-documents.md
fullsizemalt 558e0ac1e2
Some checks failed
Deploy to Production / deploy (push) Failing after 0s
Details
Test / backend-test (push) Failing after 0s
Details
Test / frontend-test (push) Failing after 0s
Details
feat: Full Spec Kit compliance implementation 
Photo Management (per specs/photo-management.md):
- Sharp integration for 3-size compression (thumb/medium/full)
- WebP output with 80-90% quality
- Client-side compression with browser-image-compression
- PhotoUpload component with camera/drag-drop support
- Upload API with bulk support and stats endpoint

Testing:
- Backend: Jest tests for all major API endpoints
- Frontend: Vitest tests for utilities and API clients
- CI: Updated Forgejo workflow for test execution

Specs (100% coverage):
- visitor-management.md (Phase 8)
- messaging.md (Phase 9)
- audit-and-documents.md (Phase 10)
- accessibility-i18n.md (Phase 11)
- hardware-integration.md (Phase 12)
- advanced-features.md (Phase 13)

Documentation:
- OpenAPI 3.0 spec (docs/openapi.yaml)
- All endpoints documented with schemas
2025-12-11 09:53:32 -08:00

2.5 KiB
Raw Blame History

Feature Spec: Audit Trail & Document Management

Priority: 🔴 Critical (Compliance)
Phase: 10
Status: Implemented

Overview

Zero-friction compliance reporting. Every action logged, every document versioned, instant report generation for inspectors.

Audit Log

Model: AuditLog

  • id: UUID
  • userId: FK to User
  • action: string (CREATE, UPDATE, DELETE, VIEW, LOGIN, etc.)
  • entityType: string (Batch, Room, Plant, etc.)
  • entityId: string
  • beforeData: JSON (state before change)
  • afterData: JSON (state after change)
  • ipAddress: string
  • userAgent: string
  • timestamp: datetime
  • metadata: JSON (additional context)

API Endpoints

  • GET /api/audit/logs - Query logs with filters
  • GET /api/audit/logs/:entityType/:entityId - Entity history
  • GET /api/audit/summary - Dashboard statistics
  • GET /api/audit/export - CSV/JSON export

Implementation Notes

  • Immutable storage (append-only, no deletions)
  • Automatic logging via middleware
  • 7-year retention for compliance
  • Indexes on entityType, entityId, timestamp

Document Management

Model: Document

  • id: UUID
  • title: string
  • type: enum (SOP, POLICY, FORM, CERTIFICATE, LICENSE, OTHER)
  • category: string
  • content: string (markdown) OR fileUrl
  • currentVersion: number
  • status: enum (DRAFT, PENDING_APPROVAL, APPROVED)
  • requiresAck: boolean
  • createdById: FK
  • approvedById: FK (optional)
  • approvedAt: datetime (optional)

Model: DocumentVersion

  • id: UUID
  • documentId: FK
  • version: number
  • content: string OR fileUrl
  • changeNotes: string
  • createdById: FK
  • createdAt: datetime

Model: DocumentAck

  • id: UUID
  • documentId: FK
  • userId: FK
  • version: number
  • acknowledgedAt: datetime

API Endpoints

  • GET /api/documents - List documents
  • POST /api/documents - Create document
  • GET /api/documents/:id - Get with versions
  • PUT /api/documents/:id - Update (creates new version)
  • POST /api/documents/:id/approve - Approve document
  • POST /api/documents/:id/acknowledge - Ack document
  • GET /api/documents/:id/ack-status - Who has acked
  • GET /api/documents/:id/versions - Version history

Compliance Reports

Available Reports

  1. Audit Summary - Actions by type, user, time period
  2. Document Compliance - Ack rates, pending reviews
  3. User Activity - Login history, action counts
  4. Entity History - Full change log for any entity

Export Formats

  • CSV (for spreadsheets)
  • JSON (for integrations)
  • PDF (for auditors)