Skip to content

Commit f0a18ef

Browse files
committed
fix(audit): null actor FK when the user lookup throws
Address Greptile P1: the catch branch left the original actorId, so a system actor like 'admin-api' (or a since-deleted user) would FK-violate the insert and lose the row when the existence lookup errored. Mirror the not-found branch — null the FK with a readable label — so the audit row always persists.
1 parent 59ee511 commit f0a18ef

2 files changed

Lines changed: 9 additions & 4 deletions

File tree

packages/audit/src/log.test.ts

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -318,12 +318,12 @@ describe('recordAudit', () => {
318318
)
319319
})
320320

321-
it('inserts without actor info when lookup fails', async () => {
321+
it('nulls the actor FK when the lookup throws so the insert cannot FK-violate', async () => {
322322
dbChainMockFns.limit.mockRejectedValue(new Error('DB down'))
323323

324324
recordAudit({
325325
workspaceId: 'ws-1',
326-
actorId: 'user-1',
326+
actorId: 'admin-api',
327327
action: AuditAction.KNOWLEDGE_BASE_CREATED,
328328
resourceType: AuditResourceType.KNOWLEDGE_BASE,
329329
})
@@ -333,8 +333,8 @@ describe('recordAudit', () => {
333333
expect(dbChainMockFns.select).toHaveBeenCalledTimes(1)
334334
expect(dbChainMockFns.values).toHaveBeenCalledWith(
335335
expect.objectContaining({
336-
actorId: 'user-1',
337-
actorName: undefined,
336+
actorId: null,
337+
actorName: 'Admin API',
338338
actorEmail: undefined,
339339
})
340340
)

packages/audit/src/log.ts

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -87,7 +87,12 @@ async function insertAuditLog(params: AuditLogParams): Promise<void> {
8787
actorId = null
8888
}
8989
} catch (error) {
90+
// The lookup couldn't confirm the user exists, so null the FK to guarantee
91+
// the insert can't violate it (e.g. a system actor like 'admin-api', or a
92+
// since-deleted user). The label still identifies the actor.
9093
logger.warn('Failed to resolve actor info', { error, actorId })
94+
actorName = actorId === 'admin-api' ? 'Admin API' : 'System'
95+
actorId = null
9196
}
9297
}
9398

0 commit comments

Comments
 (0)