fix(auditlog): restore capture and stabilize integration tests

SantiagoDePolonia · SantiagoDePolonia · commit b57e57c328d2 · 2026-03-26T19:53:45.000+01:00
diff --git a/internal/auditlog/auditlog_test.go b/internal/auditlog/auditlog_test.go
@@ -1211,6 +1211,18 @@ func (t *trackingReadCloser) Close() error {
 	return nil
 }
 
+type chainReadCloser struct {
+	io.Reader
+	closer io.Closer
+}
+
+func (c *chainReadCloser) Close() error {
+	if c == nil || c.closer == nil {
+		return nil
+	}
+	return c.closer.Close()
+}
+
 // discardWriter implements http.ResponseWriter but discards all output.
 type discardWriter struct{}
 
@@ -1304,9 +1316,9 @@ func TestLimitedReaderRequestBodyCapture(t *testing.T) {
 		}
 
 		origBody := req.Body
-		req.Body = &combinedReadCloser{
+		req.Body = &chainReadCloser{
 			Reader: io.MultiReader(bytes.NewReader(bodyBytes), origBody),
-			rc:     origBody,
+			closer: origBody,
 		}
 
 		// Read full body from reconstructed reader
diff --git a/internal/auditlog/entry_capture.go b/internal/auditlog/entry_capture.go
@@ -0,0 +1,55 @@
+package auditlog
+
+import (
+	"net/http"
+
+	"gomodel/internal/core"
+)
+
+// PopulateRequestData copies the configured request capture fields into the log entry.
+// Streaming handlers call this before creating the detached stream entry so request
+// metadata is preserved even though the middleware finishes later.
+func PopulateRequestData(entry *LogEntry, req *http.Request, cfg Config) {
+	if entry == nil || req == nil {
+		return
+	}
+
+	data := ensureLogData(entry)
+
+	if cfg.LogHeaders {
+		data.RequestHeaders = extractHeaders(req.Header)
+	}
+
+	if !cfg.LogBodies {
+		return
+	}
+
+	snapshot := core.GetRequestSnapshot(req.Context())
+	if snapshot == nil {
+		return
+	}
+
+	switch body := snapshot.CapturedBody(); {
+	case snapshot.BodyNotCaptured:
+		data.RequestBodyTooBigToHandle = true
+	case body != nil:
+		captureLoggedRequestBody(entry, body)
+	}
+}
+
+// PopulateResponseHeaders copies response headers into the log entry when header logging is enabled.
+func PopulateResponseHeaders(entry *LogEntry, headers http.Header) {
+	if entry == nil || headers == nil {
+		return
+	}
+
+	data := ensureLogData(entry)
+	data.ResponseHeaders = extractHeaders(headers)
+}
+
+func ensureLogData(entry *LogEntry) *LogData {
+	if entry.Data == nil {
+		entry.Data = &LogData{}
+	}
+	return entry.Data
+}
diff --git a/internal/auditlog/middleware.go b/internal/auditlog/middleware.go
@@ -72,28 +72,6 @@ func Middleware(logger LoggerInterface) echo.MiddlewareFunc {
 				entry.Data.APIKeyHash = hashAPIKey(authHeader)
 			}
 
-			// Log request headers if enabled
-			if cfg.LogHeaders {
-				entry.Data.RequestHeaders = extractHeaders(req.Header)
-			}
-
-			// Capture request body if enabled
-			if cfg.LogBodies && req.Body != nil {
-				if snapshot := core.GetRequestSnapshot(req.Context()); snapshot != nil {
-					body := snapshot.CapturedBody()
-					switch {
-					case snapshot.BodyNotCaptured:
-						entry.Data.RequestBodyTooBigToHandle = true
-					case body != nil:
-						captureLoggedRequestBody(entry, body)
-					default:
-						captureRequestBodyForLogging(entry, req)
-					}
-				} else {
-					captureRequestBodyForLogging(entry, req)
-				}
-			}
-
 			// Store entry in context for potential enrichment by handlers
 			c.Set(string(LogEntryKey), entry)
 
@@ -104,7 +82,7 @@ func Middleware(logger LoggerInterface) echo.MiddlewareFunc {
 					ResponseWriter: c.Response(),
 					body:           &bytes.Buffer{},
 					shouldCapture: func() bool {
-						return shouldCaptureResponseBody(c)
+						return auditEnabledForContext(c.Request().Context()) && shouldCaptureResponseBody(c)
 					},
 				}
 				c.SetResponse(responseCapture)
@@ -115,16 +93,24 @@ func Middleware(logger LoggerInterface) echo.MiddlewareFunc {
 
 			applyExecutionPlan(entry, c.Request().Context())
 
+			if !auditEnabledForContext(c.Request().Context()) {
+				return err
+			}
+
 			// Calculate duration
 			entry.DurationNs = time.Since(start).Nanoseconds()
 
 			// ResolveResponseStatus applies Echo v5 precedence rules for committed responses,
 			// suggested status codes, and errors implementing HTTPStatusCoder.
 			_, entry.StatusCode = echo.ResolveResponseStatus(c.Response(), err)
 
+			// Request capture is deferred until after next so a later-resolved
+			// Audit=false plan can skip it entirely.
+			PopulateRequestData(entry, req, cfg)
+
 			// Log response headers if enabled
 			if cfg.LogHeaders {
-				entry.Data.ResponseHeaders = extractHeaders(c.Response().Header())
+				PopulateResponseHeaders(entry, c.Response().Header())
 			}
 
 			// Capture response body if enabled
@@ -205,35 +191,6 @@ func enrichEntryWithExecutionPlan(entry *LogEntry, plan *core.ExecutionPlan) {
 	}
 }
 
-func captureRequestBodyForLogging(entry *LogEntry, req *http.Request) {
-	if req.ContentLength > MaxBodyCapture {
-		entry.Data.RequestBodyTooBigToHandle = true
-		return
-	}
-
-	// Read up to MaxBodyCapture+1 to detect overflow safely.
-	// Uses io.LimitReader to enforce the cap regardless of
-	// Content-Length (handles chunked/unknown-length requests).
-	limitedReader := io.LimitReader(req.Body, MaxBodyCapture+1)
-	bodyBytes, err := io.ReadAll(limitedReader)
-	if err != nil {
-		return
-	}
-	if int64(len(bodyBytes)) > MaxBodyCapture {
-		entry.Data.RequestBodyTooBigToHandle = true
-		// Reconstruct full body for downstream: read bytes + unread remainder
-		origBody := req.Body
-		req.Body = &combinedReadCloser{
-			Reader: io.MultiReader(bytes.NewReader(bodyBytes), origBody),
-			rc:     origBody,
-		}
-		return
-	}
-
-	captureLoggedRequestBody(entry, bodyBytes)
-	req.Body = io.NopCloser(bytes.NewBuffer(bodyBytes))
-}
-
 func captureLoggedRequestBody(entry *LogEntry, bodyBytes []byte) {
 	if len(bodyBytes) == 0 {
 		return
@@ -250,17 +207,6 @@ func captureLoggedRequestBody(entry *LogEntry, bodyBytes []byte) {
 	entry.Data.RequestBody = toValidUTF8String(bodyBytes)
 }
 
-// combinedReadCloser delegates Read to an io.Reader and Close to an io.ReadCloser.
-// Used to reconstruct a request body that preserves the original closer.
-type combinedReadCloser struct {
-	io.Reader
-	rc io.ReadCloser
-}
-
-func (c *combinedReadCloser) Close() error {
-	return c.rc.Close()
-}
-
 // responseBodyCapture wraps http.ResponseWriter to capture the response body.
 // It implements http.Flusher and http.Hijacker by delegating to the underlying
 // ResponseWriter if it supports those interfaces.
diff --git a/internal/server/http.go b/internal/server/http.go
@@ -200,17 +200,19 @@ func New(provider core.RoutableProvider, cfg *Config) *Server {
 		e.Use(PassthroughSemanticEnrichment(cfg.PassthroughSemanticEnrichers, passthroughV1PrefixNormalizationEnabled(cfg)))
 	}
 
-	// Request planning must run before audit so per-request feature flags can
-	// suppress audit capture entirely.
-	e.Use(ExecutionPlanningWithResolverAndPolicy(provider, modelResolver, executionPolicyResolver))
-
-	// Audit logging middleware runs after planning so Audit=false can bypass
-	// request/response capture, but still before authentication so rejected model
-	// requests are logged when auditing is enabled for the matched plan.
+	// Audit logging runs before request planning so early planning/validation
+	// failures are still logged. The middleware defers request capture and
+	// dynamically gates response capture on the final resolved execution plan, so
+	// Audit=false still suppresses per-request capture work.
 	if cfg != nil && cfg.AuditLogger != nil && cfg.AuditLogger.Config().Enabled {
 		e.Use(auditlog.Middleware(cfg.AuditLogger))
 	}
 
+	// Request planning resolves the request-scoped execution plan before auth and
+	// handler execution. This keeps rejected model requests loggable and lets
+	// downstream stages consume a shared policy decision.
+	e.Use(ExecutionPlanningWithResolverAndPolicy(provider, modelResolver, executionPolicyResolver))
+
 	// Authentication (skips public paths)
 	if cfg != nil && cfg.MasterKey != "" {
 		e.Use(AuthMiddleware(cfg.MasterKey, authSkipPaths))
diff --git a/internal/server/model_validation.go b/internal/server/model_validation.go
@@ -54,10 +54,6 @@ func ExecutionPlanningWithResolverAndPolicy(
 	}
 }
 
-func deriveExecutionPlan(c *echo.Context, provider core.RoutableProvider, resolver RequestModelResolver) (*core.ExecutionPlan, error) {
-	return deriveExecutionPlanWithPolicy(c, provider, resolver, nil)
-}
-
 func deriveExecutionPlanWithPolicy(
 	c *echo.Context,
 	provider core.RoutableProvider,
diff --git a/internal/server/passthrough_support.go b/internal/server/passthrough_support.go
@@ -244,12 +244,20 @@ func (s *passthroughService) proxyPassthroughResponse(c *echo.Context, providerT
 	if isSSEContentType(resp.Headers) {
 		auditlog.MarkEntryAsStreaming(c, true)
 		auditlog.EnrichEntryWithStream(c, true)
+		plan := core.GetExecutionPlan(c.Request().Context())
+		auditEnabled := s.logger != nil && s.logger.Config().Enabled && (plan == nil || plan.AuditEnabled())
 
 		entry := auditlog.GetStreamEntryFromContext(c)
+		if auditEnabled && entry != nil {
+			auditlog.PopulateRequestData(entry, c.Request(), s.logger.Config())
+		}
 		streamEntry := auditlog.CreateStreamEntry(entry)
 		if streamEntry != nil {
 			streamEntry.StatusCode = resp.StatusCode
 		}
+		if auditEnabled && streamEntry != nil && s.logger.Config().LogHeaders {
+			auditlog.PopulateResponseHeaders(streamEntry, c.Response().Header())
+		}
 
 		requestID := requestIDFromContextOrHeader(c.Request())
 		auditPath := passthroughAuditPath(c, providerType, endpoint, info)
@@ -261,11 +269,10 @@ func (s *passthroughService) proxyPassthroughResponse(c *echo.Context, providerT
 		if info != nil {
 			model = strings.TrimSpace(info.Model)
 		}
-		model = resolvedModelFromPlan(core.GetExecutionPlan(c.Request().Context()), model)
+		model = resolvedModelFromPlan(plan, model)
 
 		observers := make([]streaming.Observer, 0, 2)
-		plan := core.GetExecutionPlan(c.Request().Context())
-		if (plan == nil || plan.AuditEnabled()) && streamEntry != nil {
+		if auditEnabled && streamEntry != nil {
 			if observer := auditlog.NewStreamLogObserver(s.logger, streamEntry, auditPath); observer != nil {
 				observers = append(observers, observer)
 			}
diff --git a/internal/server/translated_inference_service.go b/internal/server/translated_inference_service.go
@@ -332,6 +332,10 @@ func (s *translatedInferenceService) handleStreamingResponse(
 	auditlog.EnrichEntryWithStream(c, true)
 
 	entry := auditlog.GetStreamEntryFromContext(c)
+	auditEnabled := s.logger != nil && s.logger.Config().Enabled && (plan == nil || plan.AuditEnabled())
+	if auditEnabled && entry != nil {
+		auditlog.PopulateRequestData(entry, c.Request(), s.logger.Config())
+	}
 	streamEntry := auditlog.CreateStreamEntry(entry)
 	if streamEntry != nil {
 		streamEntry.StatusCode = http.StatusOK
@@ -340,7 +344,7 @@ func (s *translatedInferenceService) handleStreamingResponse(
 	requestID := requestIDFromContextOrHeader(c.Request())
 	endpoint := c.Request().URL.Path
 	observers := make([]streaming.Observer, 0, 2)
-	if s.logger != nil && s.logger.Config().Enabled && streamEntry != nil && (plan == nil || plan.AuditEnabled()) {
+	if auditEnabled && streamEntry != nil {
 		observers = append(observers, auditlog.NewStreamLogObserver(s.logger, streamEntry, endpoint))
 	}
 	if s.usageLogger != nil && s.usageLogger.Config().Enabled && (plan == nil || plan.UsageEnabled()) {
@@ -356,12 +360,8 @@ func (s *translatedInferenceService) handleStreamingResponse(
 	c.Response().Header().Set("Cache-Control", "no-cache")
 	c.Response().Header().Set("Connection", "keep-alive")
 
-	if streamEntry != nil && streamEntry.Data != nil {
-		streamEntry.Data.ResponseHeaders = map[string]string{
-			"Content-Type":  "text/event-stream",
-			"Cache-Control": "no-cache",
-			"Connection":    "keep-alive",
-		}
+	if auditEnabled && streamEntry != nil && s.logger.Config().LogHeaders {
+		auditlog.PopulateResponseHeaders(streamEntry, c.Response().Header())
 	}
 
 	c.Response().WriteHeader(http.StatusOK)
diff --git a/tests/integration/main_test.go b/tests/integration/main_test.go
@@ -9,6 +9,7 @@ import (
 	"context"
 	"fmt"
 	"log"
+	"net/url"
 	"os"
 	"testing"
 	"time"
@@ -123,7 +124,7 @@ func setupMongoDB(ctx context.Context) error {
 	var err error
 
 	log.Println("Starting MongoDB container...")
-	mongoContainer, err = mongodb.Run(ctx, "mongo:7")
+	mongoContainer, err = mongodb.Run(ctx, "mongo:7", mongodb.WithReplicaSet("rs"))
 	if err != nil {
 		return fmt.Errorf("failed to start MongoDB container: %w", err)
 	}
@@ -133,11 +134,15 @@ func setupMongoDB(ctx context.Context) error {
 	if err != nil {
 		return fmt.Errorf("failed to get MongoDB connection string: %w", err)
 	}
+	mongoURL, err = withDirectMongoConnection(mongoURL)
+	if err != nil {
+		return fmt.Errorf("failed to normalize MongoDB connection string: %w", err)
+	}
 
 	log.Printf("MongoDB URL: %s", mongoURL)
 
 	// Create client
-	mongoClient, err = mongo.Connect(options.Client().ApplyURI(mongoURL))
+	mongoClient, err = mongo.Connect(options.Client().ApplyURI(mongoURL).SetDirect(true))
 	if err != nil {
 		return fmt.Errorf("failed to create MongoDB client: %w", err)
 	}
@@ -213,3 +218,14 @@ func GetMongoURL() string {
 func GetTestContext() context.Context {
 	return testCtx
 }
+
+func withDirectMongoConnection(rawURL string) (string, error) {
+	parsed, err := url.Parse(rawURL)
+	if err != nil {
+		return "", err
+	}
+	query := parsed.Query()
+	query.Set("directConnection", "true")
+	parsed.RawQuery = query.Encode()
+	return parsed.String(), nil
+}
diff --git a/tests/integration/setup_test.go b/tests/integration/setup_test.go

Original file line number	Diff line number	Diff line change
`@@ -54,10 +54,6 @@ func ExecutionPlanningWithResolverAndPolicy(`
`54`	`54`	`}`
`55`	`55`	`}`
`56`	`56`
`57`		`-func deriveExecutionPlan(c echo.Context, provider core.RoutableProvider, resolver RequestModelResolver) (core.ExecutionPlan, error) {`
`58`		`- return deriveExecutionPlanWithPolicy(c, provider, resolver, nil)`
`59`		`-}`
`60`		`-`
`61`	`57`	`func deriveExecutionPlanWithPolicy(`
`62`	`58`	`c *echo.Context,`
`63`	`59`	`provider core.RoutableProvider,`