Persist Compliance Audit Logs for PII Sanitization Events

[007-SARANG]

I am Sarang, a GSoC contributor interested in improving observability and compliance in this project.

The function log_audit_events is currently a placeholder, meaning PII-related operations are not being recorded. This limits traceability, compliance readiness, and incident investigation capabilities.

Proposed Improvement:

• Implement structured audit logging for PII-related actions
• Capture key metadata such as user_id, task_id, entity type, action, and timestamp
• Ensure logs are consistent and queryable for monitoring and analysis

Acceptance Criteria:

• Implement log_audit_events to record structured audit logs
• Include fields such as:
  • user_id
  • task_id
  • entity type
  • action performed
  • timestamp
• Ensure logs are stored reliably (database or logging system)
• Maintain minimal performance overhead
• Add tests to verify correct logging behavior

Note:
This can be expanded into a more comprehensive compliance and audit framework in future iterations.

[Rasesh2005]

currently We are under discussion on project schema, so plz keep this on hold for now

[007-SARANG]

Sure @Rasesh2005, thanks for the update — I’ll keep this on hold for now.

Hi @PratikDhanave, I’ve been exploring the codebase and have started working on #9 (duplicate transaction handling). I’ll open a PR soon for your review.

Also, I’m currently unable to join the Slack workspace as the invite link seems to be expired. Could you please share an updated link or suggest an alternative way to stay in touch?

Thanks!
Sarang