PR for #170 added the admin_audit_events table and wired registered_client CRUD to write rows. The table is intentionally generic so other admin mutations can reuse it.
Follow-up: emit admin_audit_events rows from the handlers that today only emit tracing::info! lines:
- claim-token create / batch / regenerate / invalidate (
api/src/api/http/admin.rs::create_claim_token, batch_create_claim_tokens, invalidate_claim_token)
- support-admin add / remove (
add_support_admin, remove_support_admin)
- preload-user create / user-token (
preload_user, get_user_token)
Use record_registered_client_audit (create/delete) and record_registered_client_update_audit (update with before/after) in admin.rs as the shape — best-effort, logs on failure, never fails the admin call. For updates, follow the SELECT ... FOR UPDATE + UPDATE in a single transaction pattern so {before, after} is captured atomically even under concurrent writers.
PR for #170 added the
admin_audit_eventstable and wired registered_client CRUD to write rows. The table is intentionally generic so other admin mutations can reuse it.Follow-up: emit
admin_audit_eventsrows from the handlers that today only emittracing::info!lines:api/src/api/http/admin.rs::create_claim_token,batch_create_claim_tokens,invalidate_claim_token)add_support_admin,remove_support_admin)preload_user,get_user_token)Use
record_registered_client_audit(create/delete) andrecord_registered_client_update_audit(update with before/after) inadmin.rsas the shape — best-effort, logs on failure, never fails the admin call. For updates, follow theSELECT ... FOR UPDATE+UPDATEin a single transaction pattern so{before, after}is captured atomically even under concurrent writers.