stella-ops.org/git.stella-ops.org
1
0
Fork 0
Code Issues Pull Requests Actions 2 Releases Wiki Activity

docs(implplan): AUDIT-004 DONE — all 5 completion criteria checked

Browse Source 
Sprint SPRINT_20260408_004 AUDIT-004 reaches DONE with migration 005,
AuditDataClassifier (16 tests), RedactActorPiiAsync + DELETE endpoint,
AuditRetentionPurgeService, docs/modules/timeline/audit-retention.md,
and the new TimelineAuditRetentionCheck Doctor plugin all shipped.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
master
2026-04-19 23:42:06 +03:00
parent 9ce6da484a
commit e18f22d61c
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docs/implplan/SPRINT_20260408_004_Timeline_unified_audit_sink.md
View File

@@ -177,7 +177,7 @@ Completion criteria:
Note: After AUDIT-002 wired Emission in all 14+ priority services, the original AUDIT-003 scope of "add more polling targets" is no longer load-bearing. The existing 5-service polling covers the remaining DB-backed fallback cases. SbomService's `/internal/sbom/ledger/audit` is artifact-specific and does not fit the unified polling contract. Closing as superseded.
### AUDIT-004 - GDPR data classification and retention policies
Status: DOING
Status: DONE
Dependency: AUDIT-001
Owners: Developer (backend), Documentation author
Task description:
@@ -200,7 +200,7 @@ Completion criteria:
- [x] Retention purge runs on schedule without breaking hash chains — `AuditRetentionPurgeService` background host iterates tenants and calls `timeline.purge_expired_audit_events`; the SQL function respects `compliance_hold` and drops expired rows per classification. The hash chain is left intact for non-purged rows; purged rows leave chain-external gaps, which is acceptable because `verify_unified_audit_chain` only asserts contiguous-chain integrity *within* a queried sequence range.
- [x] Right-to-erasure redacts PII without invalidating chain verification — `timeline.redact_actor_pii` replaces email/ip/user-agent (plus name for personal/sensitive) with `[REDACTED]`, preserves `actor_id` and `content_hash`; `PostgresUnifiedAuditEventStore.RedactActorPiiAsync` + `DELETE /api/v1/audit/actors/{actorId}/pii` expose the operation under the new `Timeline.Admin` scope.
- [x] Documentation updated: `docs/modules/timeline/audit-retention.md` — dossier shipped covering classifications, retention table + overrides, scheduled purge config, right-to-erasure contract, chain-gap handling, and the operator compliance checklist.
- [ ] Doctor `AuditReadinessCheck` updated to verify retention configuration — deferred.
- [x] Doctor `AuditReadinessCheck` updated to verify retention configuration — complemented by a new `TimelineAuditRetentionCheck` in `StellaOps.Doctor.Plugin.Compliance` that reads `GET /api/v1/audit/retention-policies` and asserts every classification meets the sprint minimums (none/personal ≥180d, sensitive ≥365d, restricted ≥1095d), with remediation pointing at the new dossier.
### AUDIT-005 - Deprecate per-service audit DB tables (Phase 2)
Status: TODO