docs(plan): audit logging & DPA compliance (6 phases, ~30 commits)

Browse Source

Implementation plan for the spec at docs/superpowers/specs/2026-05-11-
audit-and-compliance-design.md. Six phases:

- Phase 1: AuditLogProtocol + AuditEntry type + truncateIp helper in
  core-shared; BindContext.auditLog? (5th generic).
- Phase 2: @repo/core-audit optional package — NoopAuditLog,
  StdoutJsonAuditLog, append-only audit-logs Payload collection,
  PayloadAuditLog (record), MultiSinkAuditLog fan-out, bindAudit
  binder with prod salt validation, RecordingAuditLog in core-testing.
- Phase 3: GDPR erasure plumbing — pseudonymize helper (sha256 +
  AUDIT_PSEUDONYM_SALT), PayloadAuditLog.eraseSubject via
  overrideAccess, createAuditErasureHook Payload afterDelete factory,
  admin tRPC procedure (audit.eraseSubject).
- Phase 4: OTel correlation bridge — currentTraceId() in core-shared,
  TraceIdEnrichingAuditLog decorator wraps inner sinks at bindAudit
  time. Explicit caller correlationId wins.
- Phase 5: createAuditAfterReadHook factory for opt-in per-collection
  VIEW capture; fire-and-forget semantics with stderr fallback.
- Phase 6: ADR-018 + audit-and-compliance.md guide + generator template
  at turbo/generators/templates/core-package/audit/ + byte-identical
  snapshot + e2e test + 6 doc surface refreshes (template-tiers,
  scaffolding-doc, CLAUDE.md, AGENTS.md, data-flow-explainer, README).

Total: ~30 commits expected.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

...

This commit is contained in:

Danijel Martinek

2026-05-11 16:01:11 +02:00

parent 40b5b1a94f

commit ac8dfcc5d4

1 changed files with 3259 additions and 0 deletions

Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL

Download Patch File Download Diff File Expand all files Collapse all files

3259

docs/superpowers/plans/2026-05-11-audit-and-compliance.md Normal file

File diff suppressed because it is too large Load Diff