Update what is being audit logged #11833
Conversation
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
There was a problem hiding this comment.
PR Summary
This PR updates audit logging practices and renames telemetry services for better clarity across the Twenty application.
- Removes
@WorkspaceIsNotAuditLoggeddecorator from multiple entities (api-key, blocklist, connected-account, etc.) to enable audit logging for important operations - Renames
MessagingTelemetryServicetoMessagingMonitoringServicefor better semantic clarity - Changes ClickHouse table name from 'migrations' to '_migration' and 'events' to 'event' for consistent naming
- Adds
@WorkspaceIsNotAuditLoggedtoWorkflowRunWorkspaceEntitysince runs already serve as audit logs - Modifies event table schema to include
userIdin ORDER BY clause for better indexing
24 file(s) reviewed, 3 comment(s)
Edit PR Review Bot Settings | Greptile
...ages/twenty-server/src/modules/messaging/monitoring/services/messaging-monitoring.service.ts
Show resolved
Hide resolved
|
|
||
| await this.auditLogRepository.insert( | ||
| workspaceEventBatch.name, | ||
| eventProperties, | ||
| workspaceMemberId, | ||
| workspaceEventBatch.name.split('.')[0], |
There was a problem hiding this comment.
style: splitting on '.' is fragile - consider using a more robust method to extract object name
| if (workspaceEventBatch.name.endsWith('.updated')) { | ||
| analytics.track(OBJECT_RECORD_UPDATED_EVENT, eventData.properties); | ||
| analytics.track(OBJECT_RECORD_UPDATED_EVENT, eventProperties); | ||
| } else if (workspaceEventBatch.name.endsWith('.created')) { | ||
| analytics.track(OBJECT_RECORD_CREATED_EVENT, eventData.properties); | ||
| analytics.track(OBJECT_RECORD_CREATED_EVENT, eventProperties); | ||
| } else if (workspaceEventBatch.name.endsWith('.deleted')) { | ||
| analytics.track(OBJECT_RECORD_DELETED_EVENT, eventData.properties); | ||
| analytics.track(OBJECT_RECORD_DELETED_EVENT, eventProperties); | ||
| } |
There was a problem hiding this comment.
style: consider using a switch statement or event type enum for better maintainability
|
🚀 Preview Environment Ready! Your preview environment is available at: http://bore.pub:59364 This environment will automatically shut down when the PR is closed or after 5 hours. |
|
@greptileai review again |
There was a problem hiding this comment.
Pull Request Overview
This PR consolidates audit logging by merging analytics into the audit module, updating ClickHouse-related integrations, and renaming/refining related components.
- Removed the analytics module and its corresponding tests in favor of the audit module.
- Updated the ClickHouse seeds, migrations, and service to reflect new audit log table names and configurations.
- Adjusted front-end components by removing deprecated feature flag checks for analytics.
Reviewed Changes
Copilot reviewed 95 out of 98 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| packages/twenty-server/src/engine/core-modules/analytics/services/clickhouse.service.spec.ts | Removed analytics clickhouse service tests. |
| packages/twenty-server/src/engine/core-modules/analytics/analytics.module.ts | Removed analytics module as part of consolidation. |
| packages/twenty-server/src/engine/api/graphql/workspace-query-runner/workspace-query-runner.module.ts | Swapped AnalyticsModule for AuditModule and adjusted import order. |
| packages/twenty-server/src/engine/api/graphql/workspace-query-runner/listeners/telemetry.listener.ts | Replaced analyticsService with auditService for telemetry logging. |
| packages/twenty-server/src/database/clickHouse/seeds/run-seeds.ts | Updated target table name from 'events' to 'auditEvent'. |
| packages/twenty-server/src/database/clickHouse/migrations/run-migrations.ts | Changed migration table name from 'migrations' to '_migration'. |
| packages/twenty-front/src/pages/settings/security/SettingsSecurity.tsx | Removed conditional UI block based on deprecated feature flags. |
| Other files | Adjusted import paths and renamed identifiers to support new audit logging approach. |
Files not reviewed (3)
- packages/twenty-server/project.json: Language not supported
- packages/twenty-server/src/database/clickHouse/migrations/001-create-audit-event-table.sql: Language not supported
- packages/twenty-server/src/database/clickHouse/migrations/003-create-external-event-table.sql: Language not supported
Comments suppressed due to low confidence (3)
packages/twenty-server/src/engine/api/graphql/workspace-query-runner/listeners/telemetry.listener.ts:23
- [nitpick] The method name 'createAnalyticsContext' in the auditService may cause confusion given the module merge; consider renaming it to better reflect its audit logging purpose.
this.auditService.createAnalyticsContext({
packages/twenty-front/src/pages/settings/security/SettingsSecurity.tsx:65
- [nitpick] The removal of the conditional rendering based on the 'IsApprovedAccessDomainsEnabled' feature flag should be reviewed to ensure it aligns with the overall business logic and feature flag strategy.
{IsApprovedAccessDomainsEnabled && (
packages/twenty-server/src/database/clickHouse/seeds/run-seeds.ts:21
- Verify that the change from 'events' to 'auditEvent' is consistent across the codebase and documentation, ensuring that all references and integrations align with the new audit logging design.
table: 'auditEvent',
packages/twenty-server/src/database/clickHouse/migrations/run-migrations.ts
Show resolved
Hide resolved
There was a problem hiding this comment.
PR Summary
(updates since last review)
This PR continues the audit logging system overhaul by consolidating analytics and audit functionality into a unified audit module, with significant architectural changes.
- Replaces AnalyticsService with AuditService across the application, moving from traditional database-backed audit logs to ClickHouse for better performance
- Removes AuditLogWorkspaceEntity and BehavioralEventWorkspaceEntity from standard objects, centralizing event tracking in the new audit system
- Adds new ClickHouse tables (
auditEvent,pageview,externalEvent) with optimized schemas for different types of events - Removes feature flags
IsAnalyticsV2Enabled,IsEventObjectEnabled, andIsApprovedAccessDomainsEnabledas these features are now permanent - Concerning: MessagingMonitoringService has commented-out tracking logic with a TODO about Prometheus replacement, potentially missing audit logs
80 file(s) reviewed, 17 comment(s)
Edit PR Review Bot Settings | Greptile
| jest | ||
| .spyOn(service, 'connectToClient') | ||
| .mockResolvedValueOnce(mockClickHouseClient); |
There was a problem hiding this comment.
logic: Mocking connectToClient while testing connectToClient creates a circular dependency and may mask real issues. Consider testing the actual implementation instead.
| mockClickHouseClient.query.mockResolvedValueOnce({ | ||
| json: jest.fn().mockResolvedValueOnce([{ id: 1, name: 'test' }]), | ||
| } as any); |
There was a problem hiding this comment.
style: Type assertion to 'any' could hide type mismatches. Consider creating a proper mock type that matches ClickHouseClient's QueryResult interface.
packages/twenty-server/src/database/clickHouse/migrations/003-create-external-event-table.sql
Outdated
Show resolved
Hide resolved
packages/twenty-server/src/database/clickHouse/migrations/003-create-external-event-table.sql
Outdated
Show resolved
Hide resolved
| ObjectRecordDeletedTrackEvent, | ||
| } from 'src/engine/core-modules/audit/utils/events/track/object-record/object-record-delete'; |
There was a problem hiding this comment.
style: File name in import path contains 'delete' but the event name uses 'deleted'. Consider renaming file to match event name for consistency
| useValue: { | ||
| createAnalyticsContext: AnalyticsContextMock, | ||
| }, |
There was a problem hiding this comment.
style: Mock should be renamed from createAnalyticsContext to createAuditContext to match service name changes
| @@ -75,7 +75,7 @@ export class UserResolver { | |||
| private readonly onboardingService: OnboardingService, | |||
| private readonly userVarService: UserVarsService, | |||
| private readonly fileService: FileService, | |||
| private readonly analyticsService: AnalyticsService, | |||
| private readonly auditService: AuditService, | |||
There was a problem hiding this comment.
style: The auditService is injected but not used anywhere in this resolver. Consider removing if unused.
...ages/twenty-server/src/modules/messaging/monitoring/services/messaging-monitoring.service.ts
Show resolved
Hide resolved
...ages/twenty-server/src/modules/messaging/monitoring/services/messaging-monitoring.service.ts
Outdated
Show resolved
Hide resolved
…create-external-event-table.sql Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
…create-external-event-table.sql Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
No need to audit log workflow runs as it's already a form of audit log.
Add more audit log for other objects
Rename MessagingTelemetry to MessagingMonitoring
Merge Analytics and Audit in one (Audit)