feat(audit): HTTP correlation-id ingress directive + tapir input (Sto…#10
Merged
Conversation
…ry 13.7 Phase B gate #1) HttpCorrelation.withCorrelation — an akka-http directive (mirrors HttpMetrics.withMetrics, applied at the same ApiRoutes.mainRoutes attach point) that extracts-or-generates X-Correlation-Id, MDC-stamps the synchronous request thread (operational stdout), re-injects the canonical id onto the request so downstream tapir reads the same value, and echoes it on the response. HttpCorrelation.correlationInput — a reusable tapir EndpointInput[Option[String]] (extractFromRequest) so serverLogic receives the id as DATA and threads it onto the command (AuditableCommand.withCorrelationId) on the request thread, never an MDC read across the Future (C14). Builds on the Auditable/AuditableCommand/AuditableEvent carriers plus withCid already promoted in b4d0ee1. Bumps tapir 1.7.0->1.8.5, tapirHttpSession 0.2.0->0.3.0, logback 1.2.3->1.4.14, slf4j. HttpCorrelationSpec (7 tests, incl. end-to-end tapir serverLogic delivery) and HttpMetricsSpec green; +server/compile (2.12+2.13) and scalafmtAll clean. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Up to standards ✅🟢 Issues
|
| Metric | Results |
|---|---|
| Complexity | 6 |
| Duplication | 0 |
NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #10 +/- ##
==========================================
+ Coverage 60.94% 61.22% +0.27%
==========================================
Files 94 95 +1
Lines 1836 1849 +13
==========================================
+ Hits 1119 1132 +13
Misses 717 717
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Harness. 🚀 New features to boost your workflow:
|
…#1) Generic structured audit logger in core (co-located with the Auditable/AuditableEvent carriers) so every pod (licensing/notification/payment/scheduler) reuses one helper instead of an in-repo copy. One FIXED shared logger name app.softnetwork.audit -> a single additivity=false route in the shared logback.xml template; each pod still writes its own pod-local audit.log; the service field (per-eventType resolver, or a fixed value) distinguishes domains at query time. correlationId stays explicit data (never MDC across the async path, C2). Adds logstash-logback-encoder 8.1 to core (StructuredArguments.kv). AuditLogSpec (3 tests via logback ListAppender) green; +core/compile (2.12+2.13) + scalafmtAll clean. Also folds the ApiRoutes unused-import cleanup from gate #1. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…cho at the endpoint layer) correlationInput now yields String, generating a default cid when the header is absent, so serverLogic always receives a non-empty id (no None handling downstream). Endpoint.endpointsToRoute wraps the interpreted tapir route with withCorrelation, so every endpoint set generates-or-extracts the id, feeds correlationInput and echoes it on the response even when mounted outside mainRoutes. withCorrelation is now re-entrant (does not clobber an outer MDC scope; echoes only if the response has no header) so nesting under mainRoutes stays a single header + one MDC scope. HttpCorrelationSpec: +self-sufficiency test (no outer directive: default generated, delivered to serverLogic, echoed) and +re-entrancy test (single echoed header). 13 server tests green; +server/compile (2.12+2.13) + scalafmtAll clean. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
…ry 13.7 Phase B gate #1)
HttpCorrelation.withCorrelation — an akka-http directive (mirrors HttpMetrics.withMetrics, applied at the same ApiRoutes.mainRoutes attach point) that extracts-or-generates X-Correlation-Id, MDC-stamps the synchronous request thread (operational stdout), re-injects the canonical id onto the request so downstream tapir reads the same value, and echoes it on the response.
HttpCorrelation.correlationInput — a reusable tapir EndpointInput[Option[String]] (extractFromRequest) so serverLogic receives the id as DATA and threads it onto the command (AuditableCommand.withCorrelationId) on the request thread, never an MDC read across the Future (C14). Builds on the Auditable/AuditableCommand/AuditableEvent carriers plus withCid already promoted in b4d0ee1.
Bumps tapir 1.7.0->1.8.5, tapirHttpSession 0.2.0->0.3.0, logback 1.2.3->1.4.14, slf4j. HttpCorrelationSpec (7 tests, incl. end-to-end tapir serverLogic delivery) and HttpMetricsSpec green; +server/compile (2.12+2.13) and scalafmtAll clean.