Feature: fix audit log 405 status

[SantiagoDePolonia]

Summary by CodeRabbit

• Bug Fixes

  • Improved audit logging to record correct HTTP error status codes for uncommitted error responses.

• Tests

  • Added end-to-end test covering HTTP method validation errors and corresponding audit log entries.

• Chores

  • Removed local Claude settings file and added ignore rule to prevent it from being tracked.

[coderabbitai]

Caution

Review failed

The pull request is closed.

📝 Walkthrough

Walkthrough

Removed a local Claude permissions file and added a .gitignore rule; updated audit-log middleware to determine status codes from uncommitted Echo HTTP errors; added an end-to-end test asserting 405 is logged for wrong HTTP method.

Changes

Cohort / File(s)	Summary
Local Claude config /.claude/settings.local.json, .gitignore	Deleted repository-local Claude permissions file and added /.claude/settings.local.json to .gitignore.
Audit logging internal/auditlog/middleware.go	Changed status-code determination: when response not committed and an error exists, use Echo HTTPError.Code (or default 500) instead of the response status. Added import for error handling.
Tests tests/e2e/auditlog_test.go	Added an E2E test asserting a 405 response and corresponding audit log entry for sending GET to a POST-only endpoint (/v1/chat/completions).

Sequence Diagram(s)

mermaid
sequenceDiagram
participant Client as Client
participant Server as Server (Echo)
participant Middleware as AuditMiddleware
participant Handler as Handler
participant Logger as AuditLogger

Client->>Server: HTTP GET /v1/chat/completions
Server->>Middleware: incoming request
Middleware->>Handler: forward request
Handler-->>Middleware: returns error (method not allowed)
Middleware->>Middleware: if response not committed and err is HTTPError -> status = err.Code else status = 500
Middleware->>Logger: emit audit log with resolved StatusCode, Method, Path
Middleware->>Client: return 405 Method Not Allowed

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Feature: fix audit log 405 status #76 — Mirrors the same middleware status-code adjustment, test addition for 405 logging, and .claude settings removal/.gitignore update.

Poem

🐰 A tiny file hopped from sight,
The logger wakes to clearer light,
When methods err and responses stall,
I nibble codes and catch them all,
Hooray — the audit hears each call! 🥕

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: fixing audit log status code capture for 405 Method Not Allowed errors.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/gom-34-fix-audit-log-405-status

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.gitignore:
- Around line 28-30: The .gitignore entry for the Claude settings is missing a
leading slash; update the entry ".claude/settings.local.json" to
"/.claude/settings.local.json" so it consistently and precisely matches the
repository root-level .claude directory (maintaining the same style as other
root entries like "/.env" and "/opencode.json").