fix(admin): address audit log review findings

SantiagoDePolonia · SantiagoDePolonia · commit d661d4085715 · 2026-02-28T21:11:32.000+01:00
diff --git a/cmd/gomodel/docs/docs.go b/cmd/gomodel/docs/docs.go
@@ -136,7 +136,7 @@ const docTemplate = `{
                         "in": "query"
                     },
                     {
-                        "type": "string",
+                        "type": "boolean",
                         "description": "Filter by stream mode (true/false)",
                         "name": "stream",
                         "in": "query"
diff --git a/cmd/gomodel/docs/swagger.json b/cmd/gomodel/docs/swagger.json
@@ -132,7 +132,7 @@
                         "in": "query"
                     },
                     {
-                        "type": "string",
+                        "type": "boolean",
                         "description": "Filter by stream mode (true/false)",
                         "name": "stream",
                         "in": "query"
diff --git a/internal/admin/dashboard/static/css/dashboard.css b/internal/admin/dashboard/static/css/dashboard.css
@@ -1127,6 +1127,11 @@ td.col-price {
     color: var(--text-muted);
 }
 
+.audit-status-badge.status-unknown {
+    color: var(--text-muted);
+    border-color: color-mix(in srgb, var(--border) 75%, transparent);
+}
+
 .audit-entry-details {
     border-top: 1px solid transparent;
     padding: 0 12px;
@@ -1207,7 +1212,6 @@ td.col-price {
 .audit-json-body {
     white-space: pre-wrap;
     overflow-wrap: anywhere;
-    word-break: break-word;
 }
 
 .conversation-body-highlight {
@@ -1375,11 +1379,11 @@ td.col-price {
 }
 
 .chat-content {
-    font-family: 'Inter', -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
+    font-family: Inter, -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, sans-serif;
     font-size: 13px;
     line-height: 1.5;
     white-space: pre-wrap;
-    word-break: break-word;
+    overflow-wrap: break-word;
     color: var(--text);
 }
 
diff --git a/internal/admin/dashboard/static/js/modules/audit-list.js b/internal/admin/dashboard/static/js/modules/audit-list.js
@@ -68,9 +68,12 @@
             },
 
             statusCodeClass(statusCode) {
-                if (statusCode >= 500) return 'status-error';
-                if (statusCode >= 400) return 'status-warning';
-                if (statusCode >= 300) return 'status-neutral';
+                if (statusCode === null || statusCode === undefined || statusCode === '') return 'status-unknown';
+                const parsedStatus = Number(statusCode);
+                if (!Number.isFinite(parsedStatus)) return 'status-unknown';
+                if (parsedStatus >= 500) return 'status-error';
+                if (parsedStatus >= 400) return 'status-warning';
+                if (parsedStatus >= 300) return 'status-neutral';
                 return 'status-success';
             },
 
diff --git a/internal/admin/dashboard/templates/index.html b/internal/admin/dashboard/templates/index.html
@@ -344,22 +344,22 @@ <h2>Audit Logs</h2>
     <div class="audit-log-section">
         <div class="audit-log-toolbar">
             <div class="audit-filter-row">
-                <input type="text" placeholder="Search by request ID, path, provider, error..." x-model="auditSearch" @input.debounce.300ms="fetchAuditLog(true)" class="filter-input">
-                <input type="text" placeholder="Model" x-model="auditModel" @input.debounce.300ms="fetchAuditLog(true)" class="filter-input audit-filter-input">
-                <input type="text" placeholder="Provider" x-model="auditProvider" @input.debounce.300ms="fetchAuditLog(true)" class="filter-input audit-filter-input">
-                <input type="text" placeholder="Path" x-model="auditPath" @input.debounce.300ms="fetchAuditLog(true)" class="filter-input audit-filter-input">
+                <input id="audit-filter-search" type="text" placeholder="Search by request ID, path, provider, error..." aria-label="Search by request ID, path, provider, or error" x-model="auditSearch" @input.debounce.300ms="fetchAuditLog(true)" class="filter-input">
+                <input id="audit-filter-model" type="text" placeholder="Model" aria-label="Model filter" x-model="auditModel" @input.debounce.300ms="fetchAuditLog(true)" class="filter-input audit-filter-input">
+                <input id="audit-filter-provider" type="text" placeholder="Provider" aria-label="Provider filter" x-model="auditProvider" @input.debounce.300ms="fetchAuditLog(true)" class="filter-input audit-filter-input">
+                <input id="audit-filter-path" type="text" placeholder="Path" aria-label="Path filter" x-model="auditPath" @input.debounce.300ms="fetchAuditLog(true)" class="filter-input audit-filter-input">
                 <button class="pagination-btn" @click="clearAuditFilters()">Clear</button>
             </div>
             <div class="audit-filter-row audit-filter-row-selects">
-                <select x-model="auditMethod" @change="fetchAuditLog(true)" class="usage-log-select audit-filter-select">
+                <select id="audit-filter-method" aria-label="HTTP method filter" x-model="auditMethod" @change="fetchAuditLog(true)" class="usage-log-select audit-filter-select">
                     <option value="">All Methods</option>
                     <option value="GET">GET</option>
                     <option value="POST">POST</option>
                     <option value="PUT">PUT</option>
                     <option value="PATCH">PATCH</option>
                     <option value="DELETE">DELETE</option>
                 </select>
-                <select x-model="auditStatusCode" @change="fetchAuditLog(true)" class="usage-log-select audit-filter-select">
+                <select id="audit-filter-status" aria-label="Status code filter" x-model="auditStatusCode" @change="fetchAuditLog(true)" class="usage-log-select audit-filter-select">
                     <option value="">All Statuses</option>
                     <option value="200">200</option>
                     <option value="201">201</option>
@@ -372,7 +372,7 @@ <h2>Audit Logs</h2>
                     <option value="502">502</option>
                     <option value="503">503</option>
                 </select>
-                <select x-model="auditStream" @change="fetchAuditLog(true)" class="usage-log-select audit-filter-select">
+                <select id="audit-filter-stream" aria-label="Streaming mode filter" x-model="auditStream" @change="fetchAuditLog(true)" class="usage-log-select audit-filter-select">
                     <option value="">All Modes</option>
                     <option value="true">Streaming</option>
                     <option value="false">Non-streaming</option>
@@ -397,6 +397,7 @@ <h2>Audit Logs</h2>
                             <button class="audit-conversation-trigger"
                                     x-show="canShowConversation(entry)"
                                     title="Open conversation"
+                                    aria-label="Open conversation"
                                     @click.stop.prevent="openConversation(entry, $el.closest('details'), true)">
                                 <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2">
                                     <path d="M9 6l6 6-6 6"/>
diff --git a/internal/admin/handler.go b/internal/admin/handler.go
@@ -320,7 +320,7 @@ func (h *Handler) UsageLog(c echo.Context) error {
 // @Param        path         query     string  false  "Filter by request path"
 // @Param        error_type   query     string  false  "Filter by error type"
 // @Param        status_code  query     int     false  "Filter by status code"
-// @Param        stream       query     string  false  "Filter by stream mode (true/false)"
+// @Param        stream       query     bool    false  "Filter by stream mode (true/false)"
 // @Param        search       query     string  false  "Search across request_id/model/provider/method/path/error_type"
 // @Param        limit        query     int     false  "Page size (default 25, max 100)"
 // @Param        offset       query     int     false  "Offset for pagination"
@@ -423,6 +423,9 @@ func (h *Handler) AuditConversation(c echo.Context) error {
 		if err != nil {
 			return handleError(c, core.NewInvalidRequestError("invalid limit, expected integer", nil))
 		}
+		if parsed < 1 || parsed > 200 {
+			return handleError(c, core.NewInvalidRequestError("invalid limit parameter: limit must be between 1 and 200", nil))
+		}
 		limit = parsed
 	}
 
diff --git a/internal/auditlog/reader_mongodb.go b/internal/auditlog/reader_mongodb.go
@@ -17,6 +17,40 @@ type MongoDBReader struct {
 	collection *mongo.Collection
 }
 
+type mongoLogRow struct {
+	ID         string    `bson:"_id"`
+	Timestamp  time.Time `bson:"timestamp"`
+	DurationNs int64     `bson:"duration_ns"`
+	Model      string    `bson:"model"`
+	Provider   string    `bson:"provider"`
+	StatusCode int       `bson:"status_code"`
+	RequestID  string    `bson:"request_id"`
+	ClientIP   string    `bson:"client_ip"`
+	Method     string    `bson:"method"`
+	Path       string    `bson:"path"`
+	Stream     bool      `bson:"stream"`
+	ErrorType  string    `bson:"error_type"`
+	Data       *LogData  `bson:"data"`
+}
+
+func (r mongoLogRow) toLogEntry() *LogEntry {
+	return &LogEntry{
+		ID:         r.ID,
+		Timestamp:  r.Timestamp,
+		DurationNs: r.DurationNs,
+		Model:      r.Model,
+		Provider:   r.Provider,
+		StatusCode: r.StatusCode,
+		RequestID:  r.RequestID,
+		ClientIP:   r.ClientIP,
+		Method:     r.Method,
+		Path:       r.Path,
+		Stream:     r.Stream,
+		ErrorType:  r.ErrorType,
+		Data:       r.Data,
+	}
+}
+
 // NewMongoDBReader creates a new MongoDB audit log reader.
 func NewMongoDBReader(database *mongo.Database) (*MongoDBReader, error) {
 	if database == nil {
@@ -180,21 +214,7 @@ func (r *MongoDBReader) GetLogs(ctx context.Context, params LogQueryParams) (*Lo
 
 // GetLogByID returns a single audit log entry by ID.
 func (r *MongoDBReader) GetLogByID(ctx context.Context, id string) (*LogEntry, error) {
-	var row struct {
-		ID         string    `bson:"_id"`
-		Timestamp  time.Time `bson:"timestamp"`
-		DurationNs int64     `bson:"duration_ns"`
-		Model      string    `bson:"model"`
-		Provider   string    `bson:"provider"`
-		StatusCode int       `bson:"status_code"`
-		RequestID  string    `bson:"request_id"`
-		ClientIP   string    `bson:"client_ip"`
-		Method     string    `bson:"method"`
-		Path       string    `bson:"path"`
-		Stream     bool      `bson:"stream"`
-		ErrorType  string    `bson:"error_type"`
-		Data       *LogData  `bson:"data"`
-	}
+	var row mongoLogRow
 
 	err := r.collection.FindOne(ctx, bson.D{{Key: "_id", Value: id}}).Decode(&row)
 	if err != nil {
@@ -204,21 +224,7 @@ func (r *MongoDBReader) GetLogByID(ctx context.Context, id string) (*LogEntry, e
 		return nil, fmt.Errorf("failed to query audit log by id: %w", err)
 	}
 
-	return &LogEntry{
-		ID:         row.ID,
-		Timestamp:  row.Timestamp,
-		DurationNs: row.DurationNs,
-		Model:      row.Model,
-		Provider:   row.Provider,
-		StatusCode: row.StatusCode,
-		RequestID:  row.RequestID,
-		ClientIP:   row.ClientIP,
-		Method:     row.Method,
-		Path:       row.Path,
-		Stream:     row.Stream,
-		ErrorType:  row.ErrorType,
-		Data:       row.Data,
-	}, nil
+	return row.toLogEntry(), nil
 }
 
 // GetConversation returns a linear conversation thread around a seed log entry.
@@ -318,21 +324,7 @@ func (r *MongoDBReader) findByResponseID(ctx context.Context, responseID string)
 	filter := bson.D{{Key: "data.response_body.id", Value: responseID}}
 	opts := options.FindOne().SetSort(bson.D{{Key: "timestamp", Value: 1}})
 
-	var row struct {
-		ID         string    `bson:"_id"`
-		Timestamp  time.Time `bson:"timestamp"`
-		DurationNs int64     `bson:"duration_ns"`
-		Model      string    `bson:"model"`
-		Provider   string    `bson:"provider"`
-		StatusCode int       `bson:"status_code"`
-		RequestID  string    `bson:"request_id"`
-		ClientIP   string    `bson:"client_ip"`
-		Method     string    `bson:"method"`
-		Path       string    `bson:"path"`
-		Stream     bool      `bson:"stream"`
-		ErrorType  string    `bson:"error_type"`
-		Data       *LogData  `bson:"data"`
-	}
+	var row mongoLogRow
 
 	if err := r.collection.FindOne(ctx, filter, opts).Decode(&row); err != nil {
 		if err == mongo.ErrNoDocuments {
@@ -341,42 +333,14 @@ func (r *MongoDBReader) findByResponseID(ctx context.Context, responseID string)
 		return nil, fmt.Errorf("failed to query audit log by response id: %w", err)
 	}
 
-	return &LogEntry{
-		ID:         row.ID,
-		Timestamp:  row.Timestamp,
-		DurationNs: row.DurationNs,
-		Model:      row.Model,
-		Provider:   row.Provider,
-		StatusCode: row.StatusCode,
-		RequestID:  row.RequestID,
-		ClientIP:   row.ClientIP,
-		Method:     row.Method,
-		Path:       row.Path,
-		Stream:     row.Stream,
-		ErrorType:  row.ErrorType,
-		Data:       row.Data,
-	}, nil
+	return row.toLogEntry(), nil
 }
 
 func (r *MongoDBReader) findByPreviousResponseID(ctx context.Context, previousResponseID string) (*LogEntry, error) {
 	filter := bson.D{{Key: "data.request_body.previous_response_id", Value: previousResponseID}}
 	opts := options.FindOne().SetSort(bson.D{{Key: "timestamp", Value: 1}})
 
-	var row struct {
-		ID         string    `bson:"_id"`
-		Timestamp  time.Time `bson:"timestamp"`
-		DurationNs int64     `bson:"duration_ns"`
-		Model      string    `bson:"model"`
-		Provider   string    `bson:"provider"`
-		StatusCode int       `bson:"status_code"`
-		RequestID  string    `bson:"request_id"`
-		ClientIP   string    `bson:"client_ip"`
-		Method     string    `bson:"method"`
-		Path       string    `bson:"path"`
-		Stream     bool      `bson:"stream"`
-		ErrorType  string    `bson:"error_type"`
-		Data       *LogData  `bson:"data"`
-	}
+	var row mongoLogRow
 
 	if err := r.collection.FindOne(ctx, filter, opts).Decode(&row); err != nil {
 		if err == mongo.ErrNoDocuments {
@@ -385,19 +349,5 @@ func (r *MongoDBReader) findByPreviousResponseID(ctx context.Context, previousRe
 		return nil, fmt.Errorf("failed to query audit log by previous_response_id: %w", err)
 	}
 
-	return &LogEntry{
-		ID:         row.ID,
-		Timestamp:  row.Timestamp,
-		DurationNs: row.DurationNs,
-		Model:      row.Model,
-		Provider:   row.Provider,
-		StatusCode: row.StatusCode,
-		RequestID:  row.RequestID,
-		ClientIP:   row.ClientIP,
-		Method:     row.Method,
-		Path:       row.Path,
-		Stream:     row.Stream,
-		ErrorType:  row.ErrorType,
-		Data:       row.Data,
-	}, nil
+	return row.toLogEntry(), nil
 }
diff --git a/internal/auditlog/reader_sqlite.go b/internal/auditlog/reader_sqlite.go
@@ -184,7 +184,7 @@ func (r *SQLiteReader) GetConversation(ctx context.Context, logID string, limit
 		if _, ok := seen[parent.ID]; ok {
 			break
 		}
-		thread = append([]*LogEntry{parent}, thread...)
+		thread = append(thread, parent)
 		seen[parent.ID] = struct{}{}
 		current = parent
 	}

Original file line number	Diff line number	Diff line change
@@ -136,7 +136,7 @@ const docTemplate = `{
`136`	`136`	`"in": "query"`
`137`	`137`	`},`
`138`	`138`	`{`
`139`		`- "type": "string",`
	`139`	`+ "type": "boolean",`
`140`	`140`	`"description": "Filter by stream mode (true/false)",`
`141`	`141`	`"name": "stream",`
`142`	`142`	`"in": "query"`
Original file line number	Diff line number	Diff line change
`@@ -132,7 +132,7 @@`
`132`	`132`	`"in": "query"`
`133`	`133`	`},`
`134`	`134`	`{`
`135`		`- "type": "string",`
	`135`	`+ "type": "boolean",`
`136`	`136`	`"description": "Filter by stream mode (true/false)",`
`137`	`137`	`"name": "stream",`
`138`	`138`	`"in": "query"`
Original file line number	Diff line number	Diff line change
`@@ -184,7 +184,7 @@ func (r *SQLiteReader) GetConversation(ctx context.Context, logID string, limit`
`184`	`184`	`if _, ok := seen[parent.ID]; ok {`
`185`	`185`	`break`
`186`	`186`	`}`
`187`		`- thread = append([]*LogEntry{parent}, thread...)`
	`187`	`+ thread = append(thread, parent)`
`188`	`188`	`seen[parent.ID] = struct{}{}`
`189`	`189`	`current = parent`
`190`	`190`	`}`