📜 Audit Logging System #56
Description
📌 Overview
Enterprises require traceability and accountability for all critical actions to meet compliance and operational standards. GasGuard currently lacks a centralized audit system.
This task introduces a comprehensive Audit Logging System to capture API usage, key management, and gas transaction events, enabling full visibility and compliance readiness.
🎯 Objective
Build an audit logging system that:
- Tracks all relevant system events including:
- API requests
- API key creation and rotation
- Gas submissions and transactions
- Stores immutable, queryable logs
- Supports enterprise reporting and compliance requirements
🛠 Scope of Work
1️⃣ Event Tracking
Capture and log:
- API usage:
- Endpoint accessed
- HTTP method
- Requestor API key
- Timestamp
- Response status
- API key lifecycle events:
- Creation
- Rotation
- Revocation
- Gas-related submissions:
- Transaction hash
- Gas used
- Gas price
- Sender address
- Chain ID
- Timestamp
2️⃣ Log Storage & Structure
- Store logs in a structured format suitable for queries
- Suggested schema:
| Field | Type | Description |
|---|---|---|
| eventType | string | APIRequest / KeyEvent / GasTransaction |
| timestamp | datetime | Event occurrence time |
| user / apiKey | string | Originator |
| chainId | integer | Chain identifier (if applicable) |
| details | JSON | Event-specific data |
| outcome | string | Success / Failure / Warning |
- Immutable storage recommended (append-only)
- Support efficient search and filtering by user, event type, or date range
3️⃣ API Exposure & Reporting
-
Endpoints for enterprise review:
GET /audit/logs?eventType=&user=&from=&to=
GET /audit/logs/:id -
Support pagination and sorting
-
Optional: export logs as CSV / JSON for reporting
-
Access controlled via Admin role only
4️⃣ Security & Integrity
- Ensure logs cannot be tampered with
- Optional: cryptographic signing or hash chaining for high-security environments
- Access logs only via authenticated and authorized endpoints
- Retention policies configurable
🧰 Suggested Tech Stack
Core
- TypeScript
- Node.js
- Express / Fastify / NestJS
- PostgreSQL or MongoDB (append-only logs)
- Optional Redis (caching for fast queries)
Optional Enhancements
- Elasticsearch / OpenSearch (for large-scale querying)
- Prometheus metrics on event volume
- Jest (unit testing)
🧠 Implementation Expectations
- Clear separation between:
- Event emitter layer
- Logging storage layer
- Query and reporting API layer
- Deterministic and structured log format
- Support for multi-chain and multi-user contexts
- Unit tests covering:
- Event capture accuracy
- Log integrity
- Query and filter functionality
📊 Deliverables
- Audit logging engine capturing all relevant events
- Storage schema and retention strategy
- API endpoints for querying and exporting logs
- Documentation explaining:
- Event types
- Access control
- Querying best practices
- Unit tests (minimum 70% coverage)
- Updated README
🏷 Difficulty Level
Intermediate → Advanced
Ideal for contributors with:
- Backend TypeScript experience
- Enterprise compliance awareness
- Database and query optimization knowledge
- Security-focused mindset
🕒 Estimated Time
24hrs (part-time contributor)
✅ Acceptance Criteria
- All defined events captured and stored
- Logs immutable and queryable
- Reporting endpoints functional and secure
- Multi-chain and multi-user events supported
- Documentation updated
- All tests passing
🎯 Expected Outcome
GasGuard becomes enterprise-compliant, providing full traceability of API usage, key management, and gas submissions, enabling audits and operational accountability.