steve/restic-manager
1
0
Fork 0
Code Issues Pull Requests Actions Projects Releases 1 Wiki Activity

feat(audit): P3-08 — audit log UI with filters

Browse Source
This commit is contained in:
Steve Cliff
2026-05-05 07:49:25 +01:00
parent 4f94ddbbcb
commit 16c77a8cc5
9 changed files with 617 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
internal/server/http/server.go
+5
View File
@@ -207,6 +207,9 @@ func (s *Server) routes(r chi.Router) {
// Alert list (JSON variant). Same filter shape as the UI page.
r.Get("/alerts", s.handleAPIAlerts)
// Audit log (JSON variant).
r.Get("/audit", s.handleAPIAudit)
// Notification channel test-fire. Dispatches a synthetic payload
// through a single named channel; returns JSON result.
r.Post("/notifications/{id}/test", s.handleAPINotificationTest)
@@ -317,6 +320,8 @@ func (s *Server) routes(r chi.Router) {
r.Get("/alerts", s.handleUIAlerts)
r.Post("/alerts/{id}/acknowledge", s.handleUIAlertAcknowledge)
r.Post("/alerts/{id}/resolve", s.handleUIAlertResolve)
// Audit log (read-only).
r.Get("/audit", s.handleUIAudit)
// Settings shell + Notifications sub-tab CRUD.
r.Get("/settings", s.handleUISettings)
r.Get("/settings/notifications", s.handleUINotificationsList)
internal/server/http/ui_audit.go
+130
View File
@@ -0,0 +1,130 @@
// ui_audit.go — Audit log read-only surfaces.
//
// Routes (wired in server.go):
//
// GET /audit → handleUIAudit (HTML)
// GET /api/audit → handleAPIAudit (JSON)
//
// Filters: user, actor, action (substring), target_kind, time-range
// preset (24h | 7d | 30d | all). Page-level live refresh is *not*
// added here — audit is append-only and operators inspect history,
// not current state.
package http
import (
"encoding/json"
"log/slog"
stdhttp "net/http"
"strings"
"time"
"gitea.dcglab.co.uk/steve/restic-manager/internal/store"
)
type auditPage struct {
Filter store.AuditFilter
Range string // "24h" | "7d" | "30d" | "all"
Entries []store.AuditEntry
UserNames map[string]string // user_id → username for row rendering
HostNames map[string]string // host_id → name (for target_kind=host display)
Actions []string // distinct actions seen so far, for the dropdown
}
// rangeToSince converts the time-range preset to a Since cutoff. "all"
// (or unrecognised) returns the zero time, meaning "no lower bound".
func rangeToSince(r string, now time.Time) time.Time {
switch r {
case "24h", "":
return now.Add(-24 * time.Hour)
case "7d":
return now.Add(-7 * 24 * time.Hour)
case "30d":
return now.Add(-30 * 24 * time.Hour)
default:
return time.Time{}
}
}
func (s *Server) handleUIAudit(w stdhttp.ResponseWriter, r *stdhttp.Request) {
u := s.requireUIUser(w, r)
if u == nil {
return
}
q := r.URL.Query()
rng := q.Get("range")
if rng == "" {
rng = "24h"
}
f := store.AuditFilter{
UserID: q.Get("user_id"),
Actor: q.Get("actor"),
ActionLike: strings.TrimSpace(q.Get("action")),
TargetKind: q.Get("target_kind"),
Since: rangeToSince(rng, time.Now().UTC()),
Limit: 500,
}
entries, err := s.deps.Store.ListAudit(r.Context(), f)
if err != nil {
slog.Error("ui audit: list", "err", err)
stdhttp.Error(w, "internal", stdhttp.StatusInternalServerError)
return
}
page := auditPage{
Filter: f,
Range: rng,
Entries: entries,
UserNames: map[string]string{},
HostNames: map[string]string{},
}
if users, err := s.deps.Store.ListUsers(r.Context()); err == nil {
for _, ux := range users {
page.UserNames[ux.ID] = ux.Username
}
}
if hosts, err := s.deps.Store.ListHosts(r.Context()); err == nil {
for _, h := range hosts {
page.HostNames[h.ID] = h.Name
}
}
if actions, err := s.deps.Store.DistinctAuditActions(r.Context()); err == nil {
page.Actions = actions
}
view := s.baseView(r, u)
view.Title = "Audit · restic-manager"
view.Active = "audit"
view.Page = page
if err := s.deps.UI.Render(w, "audit", view); err != nil {
slog.Error("ui audit: render", "err", err)
}
}
// handleAPIAudit is the JSON variant — same filters as the HTML page.
func (s *Server) handleAPIAudit(w stdhttp.ResponseWriter, r *stdhttp.Request) {
if _, ok := s.requireUser(r); !ok {
writeJSONError(w, stdhttp.StatusUnauthorized, "unauthorised", "")
return
}
q := r.URL.Query()
rng := q.Get("range")
if rng == "" {
rng = "24h"
}
f := store.AuditFilter{
UserID: q.Get("user_id"),
Actor: q.Get("actor"),
ActionLike: strings.TrimSpace(q.Get("action")),
TargetKind: q.Get("target_kind"),
Since: rangeToSince(rng, time.Now().UTC()),
Limit: 500,
}
entries, err := s.deps.Store.ListAudit(r.Context(), f)
if err != nil {
writeJSONError(w, stdhttp.StatusInternalServerError, "internal", err.Error())
return
}
w.Header().Set("Content-Type", "application/json; charset=utf-8")
_ = json.NewEncoder(w).Encode(map[string]any{"entries": entries})
}
internal/store/audit.go
+132
View File
@@ -2,11 +2,143 @@ package store
import (
"context"
"database/sql"
"encoding/json"
"errors"
"fmt"
"strings"
"time"
)
// AuditFilter narrows ListAudit. Empty fields match anything.
type AuditFilter struct {
UserID string // empty matches any user OR system rows
Actor string // user | agent | system | "" (any)
Action string // exact match (e.g. "host.enrolled")
ActionLike string // substring match (e.g. "alert." matches alert.acknowledge / alert.resolve)
TargetKind string // host | source_group | alert | notification_channel | "" (any)
TargetID string // exact match on target_id
Since time.Time // zero = no lower bound
Until time.Time // zero = no upper bound
Limit int // 0 = no limit
}
// ListAudit returns audit_log rows ordered by ts DESC.
func (s *Store) ListAudit(ctx context.Context, f AuditFilter) ([]AuditEntry, error) {
q := `SELECT id, user_id, actor, action, target_kind, target_id, ts, payload FROM audit_log`
conds := []string{}
args := []any{}
if f.UserID != "" {
conds = append(conds, "user_id = ?")
args = append(args, f.UserID)
}
if f.Actor != "" {
conds = append(conds, "actor = ?")
args = append(args, f.Actor)
}
if f.Action != "" {
conds = append(conds, "action = ?")
args = append(args, f.Action)
}
if f.ActionLike != "" {
conds = append(conds, "action LIKE ?")
args = append(args, "%"+f.ActionLike+"%")
}
if f.TargetKind != "" {
conds = append(conds, "target_kind = ?")
args = append(args, f.TargetKind)
}
if f.TargetID != "" {
conds = append(conds, "target_id = ?")
args = append(args, f.TargetID)
}
if !f.Since.IsZero() {
conds = append(conds, "ts >= ?")
args = append(args, f.Since.UTC().Format(time.RFC3339Nano))
}
if !f.Until.IsZero() {
conds = append(conds, "ts <= ?")
args = append(args, f.Until.UTC().Format(time.RFC3339Nano))
}
if len(conds) > 0 {
q += " WHERE " + strings.Join(conds, " AND ")
}
q += ` ORDER BY ts DESC`
if f.Limit > 0 {
q += ` LIMIT ?`
args = append(args, f.Limit)
}
rows, err := s.db.QueryContext(ctx, q, args...)
if err != nil {
return nil, fmt.Errorf("store: list audit: %w", err)
}
defer func() { _ = rows.Close() }()
var out []AuditEntry
for rows.Next() {
e, err := scanAuditRow(rows.Scan)
if err != nil {
return nil, err
}
out = append(out, *e)
}
return out, rows.Err()
}
// DistinctAuditActions returns the set of distinct action strings
// currently present in the table — used to populate the action filter
// dropdown so the operator picks from what actually exists, not a
// hardcoded list that might drift from the codebase.
func (s *Store) DistinctAuditActions(ctx context.Context) ([]string, error) {
rows, err := s.db.QueryContext(ctx,
`SELECT DISTINCT action FROM audit_log ORDER BY action`)
if err != nil {
return nil, fmt.Errorf("store: distinct audit actions: %w", err)
}
defer func() { _ = rows.Close() }()
var out []string
for rows.Next() {
var a string
if err := rows.Scan(&a); err != nil {
return nil, err
}
out = append(out, a)
}
return out, rows.Err()
}
func scanAuditRow(scan func(...any) error) (*AuditEntry, error) {
var e AuditEntry
var userID, targetKind, targetID, payload sql.NullString
var ts string
if err := scan(&e.ID, &userID, &e.Actor, &e.Action, &targetKind, &targetID, &ts, &payload); err != nil {
if errors.Is(err, sql.ErrNoRows) {
return nil, ErrNotFound
}
return nil, fmt.Errorf("store: scan audit: %w", err)
}
if userID.Valid {
v := userID.String
e.UserID = &v
}
if targetKind.Valid {
v := targetKind.String
e.TargetKind = &v
}
if targetID.Valid {
v := targetID.String
e.TargetID = &v
}
t, err := time.Parse(time.RFC3339Nano, ts)
if err != nil {
return nil, fmt.Errorf("store: parse audit ts: %w", err)
}
e.TS = t
if payload.Valid && payload.String != "" {
e.Payload = json.RawMessage(payload.String)
}
return &e, nil
}
// AppendAudit records an audit log entry.
func (s *Store) AppendAudit(ctx context.Context, e AuditEntry) error {
if len(e.Payload) == 0 {
internal/store/audit_test.go
+134
View File
@@ -0,0 +1,134 @@
package store
import (
"context"
"encoding/json"
"path/filepath"
"testing"
"time"
"github.com/oklog/ulid/v2"
)
func newAuditTestStore(t *testing.T) (*Store, string) {
t.Helper()
st, err := Open(context.Background(), filepath.Join(t.TempDir(), "rm.db"))
if err != nil {
t.Fatalf("open: %v", err)
}
t.Cleanup(func() { _ = st.Close() })
uid := ulid.Make().String()
if err := st.CreateUser(context.Background(), User{
ID: uid, Username: "alice", PasswordHash: "x",
Role: RoleOperator, CreatedAt: time.Now().UTC(),
}); err != nil {
t.Fatalf("create user: %v", err)
}
return st, uid
}
func appendAudit(t *testing.T, st *Store, uid, actor, action, targetKind, targetID string, ts time.Time) {
t.Helper()
var u, tk, ti *string
if uid != "" {
u = &uid
}
if targetKind != "" {
tk = &targetKind
}
if targetID != "" {
ti = &targetID
}
if err := st.AppendAudit(context.Background(), AuditEntry{
ID: ulid.Make().String(), UserID: u, Actor: actor, Action: action,
TargetKind: tk, TargetID: ti, TS: ts, Payload: json.RawMessage(`{}`),
}); err != nil {
t.Fatalf("append: %v", err)
}
}
func TestListAuditFiltersAndOrdering(t *testing.T) {
t.Parallel()
st, uid := newAuditTestStore(t)
t0 := time.Now().UTC()
appendAudit(t, st, uid, "user", "host.enrolled", "host", "h1", t0.Add(-3*time.Hour))
appendAudit(t, st, uid, "user", "alert.acknowledge", "alert", "a1", t0.Add(-2*time.Hour))
appendAudit(t, st, uid, "user", "alert.resolve", "alert", "a1", t0.Add(-time.Hour))
appendAudit(t, st, "", "system", "host.auto_init", "host", "h1", t0.Add(-30*time.Minute))
all, err := st.ListAudit(context.Background(), AuditFilter{})
if err != nil {
t.Fatalf("list: %v", err)
}
if len(all) != 4 {
t.Fatalf("len: got %d want 4", len(all))
}
// Ordered ts DESC — most recent first.
if all[0].Action != "host.auto_init" || all[3].Action != "host.enrolled" {
t.Errorf("ordering: got %s ... %s", all[0].Action, all[3].Action)
}
// Action prefix filter: alert.* → 2 rows.
got, err := st.ListAudit(context.Background(), AuditFilter{ActionLike: "alert."})
if err != nil {
t.Fatalf("filter alert.: %v", err)
}
if len(got) != 2 {
t.Errorf("alert.* filter: got %d want 2", len(got))
}
// User filter excludes system rows.
got, _ = st.ListAudit(context.Background(), AuditFilter{UserID: uid})
if len(got) != 3 {
t.Errorf("user filter: got %d want 3", len(got))
}
// Actor=system isolates the auto_init.
got, _ = st.ListAudit(context.Background(), AuditFilter{Actor: "system"})
if len(got) != 1 || got[0].Action != "host.auto_init" {
t.Errorf("actor=system: got %+v", got)
}
// Target kind filter.
got, _ = st.ListAudit(context.Background(), AuditFilter{TargetKind: "alert"})
if len(got) != 2 {
t.Errorf("target_kind=alert: got %d want 2", len(got))
}
// Time range: last 90m → resolve + auto_init.
got, _ = st.ListAudit(context.Background(), AuditFilter{Since: t0.Add(-90 * time.Minute)})
if len(got) != 2 {
t.Errorf("since 90m: got %d want 2", len(got))
}
// Limit clamps result count.
got, _ = st.ListAudit(context.Background(), AuditFilter{Limit: 2})
if len(got) != 2 {
t.Errorf("limit: got %d want 2", len(got))
}
}
func TestDistinctAuditActions(t *testing.T) {
t.Parallel()
st, uid := newAuditTestStore(t)
t0 := time.Now().UTC()
appendAudit(t, st, uid, "user", "host.enrolled", "host", "h1", t0)
appendAudit(t, st, uid, "user", "host.enrolled", "host", "h2", t0)
appendAudit(t, st, uid, "user", "alert.acknowledge", "alert", "a1", t0)
got, err := st.DistinctAuditActions(context.Background())
if err != nil {
t.Fatalf("distinct: %v", err)
}
want := []string{"alert.acknowledge", "host.enrolled"}
if len(got) != len(want) {
t.Fatalf("got %v want %v", got, want)
}
for i := range want {
if got[i] != want[i] {
t.Errorf("[%d]: got %q want %q", i, got[i], want[i])
}
}
}
internal/store/users.go
+32
View File
@@ -38,6 +38,38 @@ func (s *Store) GetUserByID(ctx context.Context, id string) (*User, error) {
return scanUser(row)
}
// ListUsers returns every user, sorted by username. Used by surfaces
// that need to render a user-id → username map (audit log filter,
// "ack'd by" projections).
func (s *Store) ListUsers(ctx context.Context) ([]User, error) {
rows, err := s.db.QueryContext(ctx,
`SELECT id, username, password_hash, role, created_at, last_login_at
FROM users ORDER BY username`)
if err != nil {
return nil, fmt.Errorf("store: list users: %w", err)
}
defer func() { _ = rows.Close() }()
var out []User
for rows.Next() {
var u User
var role string
var lastLogin sql.NullString
var created string
if err := rows.Scan(&u.ID, &u.Username, &u.PasswordHash, &role, &created, &lastLogin); err != nil {
return nil, fmt.Errorf("store: scan user row: %w", err)
}
u.Role = Role(role)
t, _ := time.Parse(time.RFC3339Nano, created)
u.CreatedAt = t
if lastLogin.Valid {
t, _ := time.Parse(time.RFC3339Nano, lastLogin.String)
u.LastLoginAt = &t
}
out = append(out, u)
}
return out, rows.Err()
}
// CountUsers returns the total number of user rows. The first-run
// bootstrap uses this to detect a fresh install.
func (s *Store) CountUsers(ctx context.Context) (int, error) {
tasks.md
+4 -2
View File
@@ -278,9 +278,11 @@ Sizes: **S** = under a day, **M** = 13 days, **L** = 37 days.
> **As shipped (Playwright sweep, 2026-05-04):** /settings/notifications → 3 channels created (sweep-webhook → local Python sink, sweep-ntfy → ntfy.sh public topic, sweep-smtp → MailHog at 127.0.0.1:1025). Test buttons fire alert.test on each: webhook 200/1ms, ntfy 200/322ms, SMTP 250/3ms. Synthetic critical `backup_failed` raised → /alerts shows row with severity dot, kind chip, host, message, raised/last-seen, Ack + Resolve buttons; nav badge `1`; dashboard critical-alert banner appears with Review→ link; OPEN ALERTS card reads `1 unresolved`. Acknowledge → fan-out to all 3 channels emits alert.acknowledged (verified in webhook sink, MailHog inbox, notification_log); Acknowledged tab shows row with `ack'd by <user>` line. Resolve → fan-out emits alert.resolved across all 3 channels; banner clears; dashboard reads `0 unresolved · all clear`; host alerts column reads —. Three live bugs found and fixed mid-sweep: (a) `enabled` form value lost because hidden+checkbox both named `enabled` and `PostForm.Get` returned the first ("0"); (b) Ack/Resolve handlers stored the state change but never dispatched alert.acknowledged / alert.resolved; (c) `hosts.open_alert_count` projection was never recomputed on Raise/Resolve/AutoResolve, so the dashboard count always read 0.
### Phase 3 — Audit log UI (not started)
### Phase 3 — Audit log UI
- [ ] **P3-08** (S) Audit log UI with filters (user, action, target, time range)
- [x] **P3-08** (S) Audit log UI with filters (user, action, target, time range)
> **As shipped (2026-05-05):** Read-only `/audit` page (+ `/api/audit` JSON). Filters: time-range presets (24h / 7d / 30d / all), user dropdown (any registered user), actor dropdown (user / agent / system), target-kind dropdown (host / schedule / source_group / alert / notification_channel / job / user), action substring search box. Table columns: when (relative + abstime tooltip), actor tag (user accent / agent green / system grey), user (or em-dash for system rows), action string, target (kind · resolved name for hosts, kind · id otherwise), payload `<details>` block when non-empty. New `Store.ListAudit(AuditFilter)` and `Store.DistinctAuditActions` plus `Store.ListUsers`. Append-only — no edit/delete surface, deliberately.
### Phase 3 acceptance
web/static/css/styles.css
+1 -1
View File
File diff suppressed because one or more lines are too long
web/styles/input.css
+18
View File
@@ -311,6 +311,24 @@
.tag-critical { color: var(--bad); border-color: color-mix(in oklch, var(--bad), transparent 60%); background: color-mix(in oklch, var(--bad), transparent 92%); }
.tag-info { color: var(--ink-mid); }
/* ---------- audit rows (/audit list) ---------- */
.audit-row {
display: grid; align-items: center;
grid-template-columns: 110px 80px 110px 1.4fr 1.6fr 110px;
column-gap: 16px;
padding: 11px 16px; font-size: 13px;
border-bottom: 1px solid var(--line-soft);
transition: background 100ms ease;
}
.audit-row:hover { background: var(--panel-hi); }
.audit-row:last-child { border-bottom: 0; }
.audit-row.head {
cursor: default; padding-top: 9px; padding-bottom: 9px;
font-size: 11px; color: var(--ink-fade);
text-transform: uppercase; letter-spacing: 0.08em;
}
.audit-row.head:hover { background: transparent; }
/* ---------- schedule rows (Schedules tab) ---------- */
.schd-row {
display: grid; align-items: center;
web/templates/pages/audit.html
+161
View File
@@ -0,0 +1,161 @@
{{define "title"}}Audit · restic-manager{{end}}
{{define "content"}}
{{$page := .Page}}
{{$filter := $page.Filter}}
{{$rng := $page.Range}}
<div class="max-w-[1280px] mx-auto px-8 pb-14">
{{/* crumbs */}}
<div class="crumbs pt-6">
<a href="/">Dashboard</a><span class="sep">/</span>
<span class="text-ink-mid">audit</span>
</div>
{{/* page header */}}
<div class="flex items-baseline justify-between mt-3.5">
<div>
<h1 class="text-[22px] font-medium tracking-[-0.005em]">
Audit log
<span class="text-ink-fade font-normal text-[14px] ml-2">
{{len $page.Entries}} entries · last {{if eq $rng "all"}}all-time{{else}}{{$rng}}{{end}}
</span>
</h1>
</div>
</div>
<div class="text-ink-mute mt-2 leading-[1.55]" style="font-size: 11.5px; max-width: 760px;">
Append-only history of every operator action, agent message, and system-driven change.
Read-only — entries cannot be edited or deleted.
</div>
{{/* filter strip */}}
<div class="panel mt-4 px-4 py-3 rounded-[7px]"
style="display: grid; grid-template-columns: auto auto auto auto 1fr; gap: 14px; align-items: center;">
{{/* time-range pills */}}
<div class="inline-flex gap-1 p-[3px]" style="border: 1px solid var(--line-soft); border-radius: 5px;">
{{range list "24h" "7d" "30d" "all"}}
{{$r := .}}
{{$active := eq $r $rng}}
<a href="/audit?range={{$r}}{{if $filter.UserID}}&user_id={{$filter.UserID}}{{end}}{{if $filter.Actor}}&actor={{$filter.Actor}}{{end}}{{if $filter.ActionLike}}&action={{$filter.ActionLike}}{{end}}{{if $filter.TargetKind}}&target_kind={{$filter.TargetKind}}{{end}}"
class="btn btn-ghost"
style="padding: 5px 10px; font-size: 11.5px;{{if $active}} background: var(--panel-hi); color: var(--ink);{{end}}">
{{if eq $r "all"}}All{{else}}{{$r}}{{end}}
</a>
{{end}}
</div>
{{/* user dropdown */}}
<div>
<select class="field" style="padding: 6px 10px; font-size: 11.5px; min-width: 140px;"
onchange="window.location='/audit?range={{$rng}}&user_id='+this.value+'{{if $filter.Actor}}&actor={{$filter.Actor}}{{end}}{{if $filter.ActionLike}}&action={{$filter.ActionLike}}{{end}}{{if $filter.TargetKind}}&target_kind={{$filter.TargetKind}}{{end}}'">
<option value="" {{if eq $filter.UserID ""}}selected{{end}}>User · any</option>
{{range $id, $name := $page.UserNames}}
<option value="{{$id}}" {{if eq $filter.UserID $id}}selected{{end}}>{{$name}}</option>
{{end}}
</select>
</div>
{{/* actor dropdown — user/agent/system */}}
<div>
<select class="field" style="padding: 6px 10px; font-size: 11.5px; min-width: 130px;"
onchange="window.location='/audit?range={{$rng}}{{if $filter.UserID}}&user_id={{$filter.UserID}}{{end}}&actor='+this.value+'{{if $filter.ActionLike}}&action={{$filter.ActionLike}}{{end}}{{if $filter.TargetKind}}&target_kind={{$filter.TargetKind}}{{end}}'">
<option value="" {{if eq $filter.Actor ""}}selected{{end}}>Actor · any</option>
<option value="user" {{if eq $filter.Actor "user"}}selected{{end}}>user</option>
<option value="agent" {{if eq $filter.Actor "agent"}}selected{{end}}>agent</option>
<option value="system" {{if eq $filter.Actor "system"}}selected{{end}}>system</option>
</select>
</div>
{{/* target kind dropdown */}}
<div>
<select class="field" style="padding: 6px 10px; font-size: 11.5px; min-width: 160px;"
onchange="window.location='/audit?range={{$rng}}{{if $filter.UserID}}&user_id={{$filter.UserID}}{{end}}{{if $filter.Actor}}&actor={{$filter.Actor}}{{end}}{{if $filter.ActionLike}}&action={{$filter.ActionLike}}{{end}}&target_kind='+this.value">
<option value="" {{if eq $filter.TargetKind ""}}selected{{end}}>Target · any</option>
<option value="host" {{if eq $filter.TargetKind "host"}}selected{{end}}>host</option>
<option value="schedule" {{if eq $filter.TargetKind "schedule"}}selected{{end}}>schedule</option>
<option value="source_group" {{if eq $filter.TargetKind "source_group"}}selected{{end}}>source_group</option>
<option value="alert" {{if eq $filter.TargetKind "alert"}}selected{{end}}>alert</option>
<option value="notification_channel" {{if eq $filter.TargetKind "notification_channel"}}selected{{end}}>notification_channel</option>
<option value="job" {{if eq $filter.TargetKind "job"}}selected{{end}}>job</option>
<option value="user" {{if eq $filter.TargetKind "user"}}selected{{end}}>user</option>
</select>
</div>
{{/* action substring search */}}
<form method="get" action="/audit">
<input type="hidden" name="range" value="{{$rng}}">
{{if $filter.UserID}}<input type="hidden" name="user_id" value="{{$filter.UserID}}">{{end}}
{{if $filter.Actor}}<input type="hidden" name="actor" value="{{$filter.Actor}}">{{end}}
{{if $filter.TargetKind}}<input type="hidden" name="target_kind" value="{{$filter.TargetKind}}">{{end}}
<input type="text" name="action" value="{{$filter.ActionLike}}"
placeholder="action contains… (e.g. alert., host.)"
class="field mono"
style="padding: 6px 10px; font-size: 11.5px;">
</form>
</div>
{{/* table */}}
<div class="panel mt-3.5 rounded-[7px] overflow-hidden">
<div class="audit-row head">
<div>When</div>
<div>Actor</div>
<div>User</div>
<div>Action</div>
<div>Target</div>
<div></div>
</div>
{{if eq (len $page.Entries) 0}}
<div style="padding: 40px; text-align: center;">
<div class="text-ink text-[14px] font-medium">No matching entries.</div>
<div class="text-ink-mute text-[12px] mt-1">
{{if eq $rng "24h"}}Try widening the time range.{{else}}Adjust filters or pick a longer range.{{end}}
</div>
</div>
{{else}}
{{range $page.Entries}}
{{$e := .}}
<div class="audit-row">
<div class="mono text-[12px] text-ink-mute" title="{{absTime $e.TS}}">
{{relTime $e.TS}}
</div>
<div>
{{if eq $e.Actor "user"}}<span class="tag" style="background: color-mix(in oklch, var(--accent), transparent 92%); border-color: color-mix(in oklch, var(--accent), transparent 60%); color: var(--accent);">user</span>
{{else if eq $e.Actor "agent"}}<span class="tag" style="background: color-mix(in oklch, var(--ok), transparent 92%); border-color: color-mix(in oklch, var(--ok), transparent 60%); color: var(--ok);">agent</span>
{{else}}<span class="tag" style="background: color-mix(in oklch, var(--ink-fade), transparent 92%); color: var(--ink-mute);">system</span>{{end}}
</div>
<div class="mono text-[12px] text-ink-mid">
{{if $e.UserID}}{{$un := index $page.UserNames (deref $e.UserID)}}{{if $un}}{{$un}}{{else}}<span class="text-ink-fade">{{deref $e.UserID}}</span>{{end}}{{else}}<span class="text-ink-fade"></span>{{end}}
</div>
<div class="mono text-[12px] text-ink">{{$e.Action}}</div>
<div class="mono text-[12px] text-ink-mute">
{{if $e.TargetKind}}
<span class="text-ink-fade">{{deref $e.TargetKind}}</span>
{{if $e.TargetID}}
{{$tid := deref $e.TargetID}}
{{if eq (deref $e.TargetKind) "host"}}{{$hn := index $page.HostNames $tid}}{{if $hn}} · {{$hn}}{{else}} · {{$tid}}{{end}}
{{else}} · {{$tid}}{{end}}
{{end}}
{{else}}
<span class="text-ink-fade"></span>
{{end}}
</div>
<div class="text-right">
{{if and $e.Payload (gt (len $e.Payload) 2)}}
<details class="inline-block">
<summary class="text-ink-fade cursor-pointer" style="font-size: 11px;">payload</summary>
<pre class="mono text-[11px] text-ink-mute mt-2" style="white-space: pre-wrap; max-width: 400px; text-align: left; background: var(--bg); border: 1px solid var(--line-soft); border-radius: 4px; padding: 6px 8px;">{{printf "%s" $e.Payload}}</pre>
</details>
{{end}}
</div>
</div>
{{end}}
{{end}}
</div>
</div>
{{end}}