Add ward audit read surface via cli-guard scope (audit tail/path, scope filter) #58

Closed
opened 2026-06-06 04:05:52 +00:00 by coilysiren · 0 comments
Owner

Summary

Add an audit read surface to ward by adopting cli-guard's scope package: ward audit {tail,path} plus scope-filtered query, mirroring coily audit / coily git audit-show --scope <repo>.

Motivation

Ward writes append-only JSONL audit rows via audit.Writer and stamps a best-effort repo_root, but ships no way to read those rows back. A contributor cannot answer "what did ward run in this repo" without hand-grepping ~/.coily/audit/<repo>.jsonl. coily imports cli-guard/scope to resolve cwd->git-toplevel for audit records and exposes coily audit {path,tail} + coily git audit-show --scope.

Scope

  • Import cli-guard/scope.
  • Add ward audit path (print the resolved audit log path) and ward audit tail (tail recent rows).
  • Add scope filtering so a contributor can restrict to the current repo's rows.
  • Update docs/FEATURES.md and add a short docs/audit.md if warranted.

Out of scope

The audit dashboard / personal-dashboard surfaces (operator-only). Rotation config beyond what audit.Writer already provides.

Boundary check

Contributor-safe: read-only inspection of ward's own audit trail.

## Summary Add an audit read surface to ward by adopting cli-guard's `scope` package: `ward audit {tail,path}` plus scope-filtered query, mirroring `coily audit` / `coily git audit-show --scope <repo>`. ## Motivation Ward writes append-only JSONL audit rows via `audit.Writer` and stamps a best-effort `repo_root`, but ships no way to read those rows back. A contributor cannot answer "what did ward run in this repo" without hand-grepping `~/.coily/audit/<repo>.jsonl`. coily imports `cli-guard/scope` to resolve cwd->git-toplevel for audit records and exposes `coily audit {path,tail}` + `coily git audit-show --scope`. ## Scope - Import `cli-guard/scope`. - Add `ward audit path` (print the resolved audit log path) and `ward audit tail` (tail recent rows). - Add scope filtering so a contributor can restrict to the current repo's rows. - Update `docs/FEATURES.md` and add a short `docs/audit.md` if warranted. ## Out of scope The audit dashboard / personal-dashboard surfaces (operator-only). Rotation config beyond what `audit.Writer` already provides. ## Boundary check Contributor-safe: read-only inspection of ward's own audit trail.
Sign in to join this conversation.
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
coilyco-flight-deck/ward#58
No description provided.