ezer-mishpati/legal-ai
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FU-7: audit-trail + provenance (GAP-17/18/19/20) #13

Merged
chaim merged 10 commits from fix/fu7-audit-provenance into main 2026-05-30 21:43:34 +00:00
Conversation 0 Commits 10 Files Changed 11 +903 -20
chaim commented 2026-05-30 21:43:33 +00:00
Owner
Copy Link

Summary

ממיר את audit_log מ"כמעט-ריק" ל-audit-trail מקצה-לקצה + provenance בלוק→מקורות, אכיפת ציטוט→קורפוס, וגילוי drift DOCX↔blocks. מאמת מול 3+ מקורות (append-only lineage event; GitOps drift detect-don't-remediate). בלי טבלה חדשה (audit_log שב-X5 §4), בלי מיגרציית-נתונים.

  • GAP-18log_action_safe (non-fatal) ב-document_upload / extract_claims / export_docx / write_block.
  • GAP-19 — provenance בלוק→מקורות (document_ids/claim_ids/case_law_ids) כאירוע write_block ב-audit_log.details.
  • GAP-20 — ולידציה מבנית של case_law_id פתיר → ממצא-QA warning (לא חוסם export; שערי FU-6 נשמרים).
  • GAP-17 — דגל cases.blocks_stale (V22, additive) מסומן ב-revise/apply, מאופס ב-export/save, נחשף ב-health-check (cases_with_stale_blocks). מקור-אמת=בלוקים; אין reparse DOCX→blocks שביר.

מספק INV-AUD1/2/3, INV-EX1, INV-G9.

Test Plan

  • בדיקות offline חדשות (log_action_safe non-fatal, citation resolver, blocks_stale)
  • כל החבילה ירוקה — 94 passed; שערי-QA של FU-6 עדיין 5/5
  • smoke מול DB אמיתי: V22 column + resolver + audit row
  • סקירת-קוד סופית (spec+quality): 0 Critical/Important; תוקן second-caller של _build_precedents_context + None-doc-types provenance

🤖 Generated with Claude Code

## Summary ממיר את audit_log מ"כמעט-ריק" ל-audit-trail מקצה-לקצה + provenance בלוק→מקורות, אכיפת ציטוט→קורפוס, וגילוי drift DOCX↔blocks. מאמת מול 3+ מקורות (append-only lineage event; GitOps drift detect-don't-remediate). **בלי טבלה חדשה** (audit_log שב-X5 §4), **בלי מיגרציית-נתונים**. - **GAP-18** — `log_action_safe` (non-fatal) ב-document_upload / extract_claims / export_docx / write_block. - **GAP-19** — provenance בלוק→מקורות (`document_ids`/`claim_ids`/`case_law_ids`) כאירוע `write_block` ב-`audit_log.details`. - **GAP-20** — ולידציה מבנית של `case_law_id` פתיר → ממצא-QA **warning** (לא חוסם export; שערי FU-6 נשמרים). - **GAP-17** — דגל `cases.blocks_stale` (V22, additive) מסומן ב-revise/apply, מאופס ב-export/save, נחשף ב-health-check (`cases_with_stale_blocks`). מקור-אמת=בלוקים; אין reparse DOCX→blocks שביר. מספק INV-AUD1/2/3, INV-EX1, INV-G9. ## Test Plan - [x] בדיקות offline חדשות (log_action_safe non-fatal, citation resolver, blocks_stale) - [x] כל החבילה ירוקה — 94 passed; שערי-QA של FU-6 עדיין 5/5 - [x] smoke מול DB אמיתי: V22 column + resolver + audit row - [x] סקירת-קוד סופית (spec+quality): 0 Critical/Important; תוקן second-caller של _build_precedents_context + None-doc-types provenance 🤖 Generated with [Claude Code](https://claude.com/claude-code)
chaim added 10 commits 2026-05-30 21:43:33 +00:00
docs(spec): FU-7 audit-trail + provenance design (GAP-17/18/19/20) 99cd6bc4dd 
Reuse audit_log.log_action with details JSONB (X5 §4, no new table) for
end-to-end audit + block→source provenance. GAP-17 drift = blocks_stale flag
+ health-check (not fragile DOCX→blocks reparse). GAP-20 = structural
case_law_id resolution (not Hebrew citation NLP). Verified vs 3+ sources
(append-only lineage event; GitOps drift detect-don't-auto-remediate).
Pure-code, no migration.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
docs(plan): FU-7 audit-trail + provenance implementation plan (7 tasks, TDD) 2994a884e9 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
test(audit): failing tests for audit-trail + provenance (FU-7) bffd2ec701
feat(audit): log_action_safe + V22 blocks_stale + citation resolver (FU-7) a121f79d6a 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
feat(audit): log document_upload/extract_claims/export_docx (GAP-18, FU-7) 1f483383b9 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
feat(audit): block→source provenance via write_block audit event (GAP-19, FU-7) 769f5020eb 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
feat(qa): citation→corpus resolution as non-blocking warning (GAP-20, FU-7) 7e2f4b2872 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
feat(audit): blocks_stale drift flag + health-check visibility (GAP-17, FU-7) 677f29ddec 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
tasks(legal-ai): mark FU-7 (#65) done; FU-2a (#60) done d28f7b8398 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
fix(audit): _collect_block_sources mirrors None-doc-types (provenance accuracy, FU-7 review) 9bfb912bdf 
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
chaim merged commit 63dc08c963 into main 2026-05-30 21:43:34 +00:00
chaim deleted branch fix/fu7-audit-provenance 2026-05-30 21:43:34 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
chaim
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: ezer-mishpati/legal-ai#13
Delete Branch "fix/fu7-audit-provenance"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?