openclaw

romtuck/openclaw

Fork 0

Commit Graph

Author	SHA1	Message	Date
Mike	2bbbfc8735	feat(security): add audit logging system Add comprehensive audit logging for security-sensitive operations. Features: - Structured JSON log format with ISO 8601 timestamps - Configurable categories: auth, config, exec, tool, message, file, session, channel, cron, pairing, admin - Severity levels: info, warn, critical - PII redaction (emails, phone numbers, API keys) - Optional tamper-evident hash chain - File rotation support - Singleton pattern with global instance Usage: import { audit } from './security/audit-log'; audit.auth('auth.login', { message: 'User logged in', actor: { type: 'user', id: '123' } }); audit.exec('exec.run', { message: 'Command executed', command: 'ls -la' }); audit.tool('tool.invoke', { toolName: 'web_search', message: 'Search invoked' }); Part of security hardening initiative step 6: Audit logging Related: #3927 (security hardening roadmap)	2026-01-29 19:58:24 +08:00

Author

SHA1

Message

Date

Mike

2bbbfc8735

feat(security): add audit logging system

Add comprehensive audit logging for security-sensitive operations.

Features:
- Structured JSON log format with ISO 8601 timestamps
- Configurable categories: auth, config, exec, tool, message, file, session, channel, cron, pairing, admin
- Severity levels: info, warn, critical
- PII redaction (emails, phone numbers, API keys)
- Optional tamper-evident hash chain
- File rotation support
- Singleton pattern with global instance

Usage:
  import { audit } from './security/audit-log';

  audit.auth('auth.login', { message: 'User logged in', actor: { type: 'user', id: '123' } });
  audit.exec('exec.run', { message: 'Command executed', command: 'ls -la' });
  audit.tool('tool.invoke', { toolName: 'web_search', message: 'Search invoked' });

Part of security hardening initiative step 6: Audit logging

Related: #3927 (security hardening roadmap)

2026-01-29 19:58:24 +08:00

1 Commits