Skip to content

WIP: Audit Trails#161

Draft
itsyaasir wants to merge 103 commits intomainfrom
feat/audit-trails-dev
Draft

WIP: Audit Trails#161
itsyaasir wants to merge 103 commits intomainfrom
feat/audit-trails-dev

Conversation

@itsyaasir
Copy link
Contributor

@itsyaasir itsyaasir commented Dec 11, 2025

Description of change

Links to any relevant issues

Type of change

  • Bug fix (a non-breaking change which fixes an issue)
  • Enhancement (a non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation Fix

How the change has been tested

Change checklist

  • I have followed the contribution guidelines for this project
  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that new and existing unit tests pass locally with my changes
  • I have updated the CHANGELOG.md, if my changes are significant enough

itsyaasir and others added 26 commits December 11, 2025 18:44
@itsyaasir
feat: Add initial implementation of audit trails module
e7699c3
@itsyaasir
refactor: Rename module and package from audit_trails_poc to audit_tr…
c4f79fb 
…ails for consistency
@chrisgitiota
feat: Audit Trails_ Rename move directory and add some folders (#162)
f6e7e11 
* rename `audit_trails` folder to `audit-trails-move`
* Add folders for audit-trails-rs and audit_trails_wasm
@itsyaasir
feat: Implement audit trails with role-based access control
e449177
@itsyaasir
feat: Introduce locking and record modules for audit trails
c2b11bd
@chrisgitiota
First version of permission
d1d8dc5 
* First implementation of the permission module based on a `Permission` enum
* Unit tests for the `Permission` enum
* Renamed `AuditTrail::permissions` to `AuditTrail::roles`
* Renamed all modules and type-names from plural to singular name
  * audit_trails -> audit_trail
  * permissions -> permission
  * capabilities -> capability
@chrisgitiota
First version of initial roles config and Admin role Capability creation
632d1e7 
Unit tests are still buggy and will be fixed with the next commit.
@chrisgitiota
Add missing tests for create AT
f5b6b2a
@chrisgitiota
Fixes for the create AT tests
395a68f
@chrisgitiota
New test test_create_metadata_admin_role() in create_tests.move
713c494
@chrisgitiota
Fix dprint issues
6cb397b
@itsyaasir
refactor: Rename audit_trails module to main and update locking confi…
bc512d8 
…guration structure
@chrisgitiota
New test for the role-based access control delegation workflow
ed79a98
@chrisgitiota
Add access control check for update_metadata()
09ae22b
@chrisgitiota @itsyaasir
Update audit-trail-move/sources/permission.move
75c8487 
Rename MetaDataUpdate to MetadataUpdate

Co-authored-by: Yasir <yasir@shariff.dev>
@chrisgitiota
Implementation for the issued_capabilities whitelist management plus …
60f5562 
…corresponding tests
@chrisgitiota
Merge branch 'feat/audit-trails-api-roles-management' of github.com:i…
7938050 
…otaledger/notarization into feat/audit-trails-api-roles-management
@chrisgitiota
Globally rename 'MetaData' to 'Metadata'
520eda0
@chrisgitiota
Rename 'create_tests' to 'create_audit_trail_tests'
e5a71a1
@chrisgitiota
Rename all Permissions variants and creator functions according to th…
cfb8c84 
…e verb-subject format
@chrisgitiota
Merge branch 'feat/audit-trails-api' into feat/audit-trails-api-roles…
ffe4871 
…-management

# Conflicts:
#	audit-trail-move/sources/locking.move
#	audit-trails-move/sources/audit_trails.move
@chrisgitiota
Rewrite of all LockingConfig creating function calls in Move tests
600ae26
@chrisgitiota
Add access control check for AuditTrail.update_metadata() and `delete…
c029e29 
…_record_lock`
@itsyaasir
Merge pull request #173 from iotaledger/feat/audit-trails-api-roles-m…
09f1a96 
…anagement

Feat/audit trails api roles management
@itsyaasir
Merge pull request #164 from iotaledger/feat/audit-trails-api
e89679a 
Audit Trails API
@itsyaasir
Merge branch 'main' into feat/audit-trails-dev
f30459f
itsyaasir
itsyaasir commented Jan 5, 2026
View reviewed changes
audit-trail-move/sources/capability.move Outdated
Comment on lines +31 to +38
// TODO: Is this needed? What is a setup capability?
//
// /// Create a setup capability for trail initialization
// public fun new_setup_cap(ctx: &mut TxContext): Capability {
// Capability {
// id: object::new(ctx),
// }
// }
Copy link
Contributor Author

@itsyaasir itsyaasir Jan 5, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Remove this

itsyaasir and others added 3 commits January 5, 2026 09:59
@itsyaasir
chore: fmt fixes & add prettier configuration
213ac6b
@chrisgitiota
New Capability restrictions: issued_to, valid_until and valid_from
71d2dd4 
Also split of the role and capability management from the AT main module to allow reuse with other products.
@chrisgitiota
Merge branch 'feat/audit-trails-dev' into feat/audit-trails-dev-caps-…
d9f7829 
…extended

# Conflicts:
#	audit-trail-move/sources/audit_trail.move
#	audit-trail-move/sources/capability.move
#	audit-trail-move/tests/capability_tests.move
#	audit-trail-move/tests/create_audit_trail_tests.move
#	audit-trail-move/tests/role_tests.move
#	audit-trail-move/tests/test_utils.move
itsyaasir and others added 20 commits February 10, 2026 15:29
@itsyaasir
Refactor audit trail creation and record management
c44e69c
@itsyaasir
Implement role management operations and associated events in the aud…
1059f7b 
…it trail module

- Added `RolesOps` struct with methods for creating, updating, deleting roles, and issuing capabilities.
- Removed the `capability` module and integrated its functionality into the `role_map` module.
- Introduced new event types: `RoleCreated`, `RoleUpdated`, and `RoleDeleted` to track role changes.
- Updated the `AuditTrailHandle` to remove capability-related methods and focus on role management.
- Created comprehensive end-to-end tests for role creation, permission updates, capability issuance, revocation, and destruction.
- Refactored client tests to remove unnecessary dependencies and streamline functionality.
@itsyaasir
feat: add destroy and revoke functionality for initial admin capabili…
3a750e8 
…ties

- Implemented `destroy_initial_admin_capability` and `revoke_initial_admin_capability` methods in `RolesOps`.
- Created new transaction types for managing roles and capabilities, including `CreateRole`, `UpdateRole`, `DeleteRole`, `IssueCapability`, `RevokeCapability`, `DestroyCapability`, `DestroyInitialAdminCapability`, and `RevokeInitialAdminCapability`.
- Updated `AuditTrailHandle` to remove unnecessary `records_as` method.
- Refactored `RoleMap` structure to improve clarity and maintainability.
- Enhanced end-to-end tests to cover new functionality for destroying and revoking initial admin capabilities, ensuring proper event emissions and error handling.
@itsyaasir
refactor: remove metadata module and related tests; introduce operati…
8330752 
…ons and transactions modules for better structure
@itsyaasir
Refactor transaction builders and operations for records and roles
cb0396c 
- Simplified transaction builder calls in `TrailRecords`, `TrailRoles`, and `RolesOps` by removing unnecessary line breaks.
- Updated `RecordsOps` to use a unified transaction building method with permission checks.
- Enhanced `RolesOps` to streamline role management operations, including creating, updating, and deleting roles.
- Improved error handling in `AuditTrailHandle` for fetching on-chain trail data.
- Refactored permission handling in `Permission` enum to include a method for retrieving Move function names.
- Cleaned up imports and organized code structure for better readability across multiple modules.
- Added tests for role and record functionalities to ensure proper integration and functionality.
@itsyaasir
Refactor role and permission handling in audit trail
bea9bae 
- Updated `RoleUpdated` struct to remove unused fields.
- Enhanced `Permission` enum with new methods for type tagging and programmable transaction building.
- Changed `PermissionSet` to use `HashSet` instead of `Vec` for permissions.
- Modified `PaginatedRecord` to use `BTreeMap` for ordered records.
- Added new test functions for role creation, capability issuance, and record management.
- Improved error handling and assertions in tests for better clarity and reliability.
- Updated dependencies in `Cargo.toml` for `iota_interaction` and `product_common` to use the latest branch with event emission features.
@itsyaasir
feat: implement migration functionality and refactor related components
4439e80
@itsyaasir
feat: implement audit trail migration functionality and refactor lock…
92f2adc 
…ing operations
@itsyaasir
feat: add batch deletion of records and permission management
dcb7d7f 
- Introduced `DeleteAllRecords` permission to manage batch deletions.
- Implemented `delete_records_batch` functionality in the records module to allow deletion of multiple records at once.
- Enhanced permission checks to ensure that only authorized roles can perform batch deletions.
- Added tests to validate the new batch deletion feature and its integration with existing audit trail functionalities.
- Updated the audit trail deletion process to ensure it fails when records exist, enforcing data integrity.
- Refactored locking mechanisms to accommodate new deletion workflows.
@chrisgitiota
Merge branch 'feat/audit-trail-rs-scaffold' of github.com:iotaledger/…
93897ce 
…notarization into feat/audit-trail-rs-scaffold
@itsyaasir
feat: Enhance locking mechanism with TimeLock support
5f4fcfe 
- Updated role_tests to include TimeLock parameters in locking configurations.
- Modified CreateOps to accept tf_components_package_id for trail creation.
- Introduced new transactions for updating delete trail locks and write locks.
- Enhanced LockingOps with methods to update delete trail locks and write locks.
- Expanded LockingConfig to include TimeLock fields for delete trail and write locks.
- Added TimeLock enum with various locking strategies and serialization methods.
- Updated permission types to include new locking permissions.
- Refactored tests to validate new locking configurations and permissions.
@itsyaasir
feat: Refactor capability validation method to assert_capability_valid
0bda0c0
@itsyaasir
Update dependencies and refactor event handling in audit trail
0b92660 
- Updated `Cargo.toml` to pin `iota_interaction`, `iota_interaction_rust`, `iota_interaction_ts`, and `product_common` to the `feat/tf-compoenents-dev` branch.
- Updated `Move.lock` to use the new chain ID and published IDs.
- Removed role-related event structs (`RoleCreated`, `RoleUpdated`, `RoleDeleted`) from `audit_trail.move` and replaced them with a single `RoleRemoved` struct.
- Refactored transaction handling in `transactions.rs` to accommodate the new `RoleRemoved` event.
- Updated event handling in `event.rs` to reflect the changes in role event structures.
- Adjusted tests across multiple files to ensure compatibility with the new role event structure and locking configurations.
- Updated package ID for `TF_COMPONENTS_PACKAGE_ID` in `package.rs`.
@itsyaasir
feat: Clean up unused imports and improve move_type implementation in…
bf12e8a 
… RoleMap
@itsyaasir
Merge branch 'feat/audit-trail-rs-scaffold' into feat/delete-and-writ…
3a69350 
…e-protection
@itsyaasir
Merge pull request #193 from iotaledger/feat/audit-trail-rs-scaffold
faae6a4 
AT: Rust Library Implementation
@itsyaasir
Merge branch 'feat/audit-trails-dev' into feat/delete-and-write-prote…
6d86386 
…ction
@itsyaasir
Merge pull request #205 from iotaledger/feat/delete-and-write-protection
9d71ab5 
Feat/delete and write protection
@chrisgitiota
Merge branch 'main' into feat/audit-trails-dev
79d6b03 
# Conflicts:
#	Cargo.toml
#	bindings/wasm/notarization_wasm/Cargo.toml
#	notarization-move/Move.history.json
#	notarization-move/Move.lock
@chrisgitiota
Use TfComponents from product-core "feat/tf-compoenents-dev" branch
ce4ea23
@chrisgitiota chrisgitiota marked this pull request as ready for review March 9, 2026 09:02
@chrisgitiota chrisgitiota marked this pull request as draft March 9, 2026 09:03
@chrisgitiota
Update audit-trail-move to be compilable and testable with generic ro…
50ac7b7 
…le-data (#207)

* Update audit-trail-move to be compilable and testable with generic role-data
* Temporarily deactivate Rust tests for Audit Trails
* Ignore AT Rust examples on CI checks
* Switch product-core TfComponents dependency to feat/tf-compoenents-dev branch
@itsyaasir itsyaasir changed the title feat: Add initial implementation of audit trails module WIP: Add initial implementation of audit trails module Mar 11, 2026
@itsyaasir itsyaasir changed the title WIP: Add initial implementation of audit trails module WIP: Audit Trails Mar 18, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@itsyaasir itsyaasir

@chrisgitiota chrisgitiota

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@itsyaasir @chrisgitiota