Дмитрий
9bf97efb0b
docs(audit): comprehensive audit journaling closure — 3 plans + PILOT update
Sweeping audit of portal journaling (static + config + live dev/prod data)
found 9+ holes; three TDD plans authored to close them:
- P0 (152-ФЗ): docs/superpowers/plans/2026-05-22-audit-pd-impersonation.md
Empty pd_processing_log despite 417 deals on prod; impersonation outside
saas_admin_audit_log. 13 tasks + self-review.
- P1 (auth + attribution): docs/superpowers/plans/2026-05-22-audit-auth-attribution.md
auth_log only covers login; logout/2FA/password-reset/register missing.
activity_log 412 rows all with user_id=NULL. 9 tasks.
- P2 (operational + auto-incidents): docs/superpowers/plans/2026-05-22-audit-operational.md
Project/API-key/webhook-URL mutations unlogged; inbound supplier webhook
not in webhook_log; incidents_log not auto-populated (25k failed_webhook_jobs
passed silently). New tenant_operations_log table + cron watcher. 10 tasks.
ПИЛОТ.md §6 +pp.7-9 with plan references and priority order.
Execution: subagent-driven, P0 → P1 → P2 sequential (DealController in P0+P1).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-22 14:50:07 +03:00
..
2026-05-14 10:08:08 +03:00
2026-05-14 08:38:51 +03:00
2026-05-22 14:50:07 +03:00
2026-05-22 10:17:04 +03:00