legal-ai/mcp-server/src/legal_mcp/services/audit.py

"""Audit log — תיעוד כל פעולה במערכת.

כל פעולה מתועדת: מי, מתי, מה, על איזה תיק.
"""

from __future__ import annotations

import json
import logging
from datetime import datetime
from uuid import UUID, uuid4

from legal_mcp.services import db

logger = logging.getLogger("audit")


async def log_action(
    action: str,
    case_id: UUID | None = None,
    document_id: UUID | None = None,
    details: dict | None = None,
    user: str = "system",
) -> None:
    """רישום פעולה ב-audit log.

    Args:
        action: סוג הפעולה (upload, classify, extract_claims, set_outcome, write_block, export, etc.)
        case_id: מזהה תיק (אם רלוונטי)
        document_id: מזהה מסמך (אם רלוונטי)
        details: פרטים נוספים
        user: מזהה המשתמש
    """
    pool = await db.get_pool()
    async with pool.acquire() as conn:
        await conn.execute(
            """INSERT INTO audit_log (id, action, case_id, document_id, details, actor, created_at)
               VALUES ($1, $2, $3, $4, $5, $6, $7)""",
            uuid4(), action, case_id, document_id,
            json.dumps(details or {}, ensure_ascii=False, default=str),
            user, datetime.utcnow(),
        )
    logger.info("AUDIT: %s | case=%s | user=%s | %s", action, case_id, user,
                json.dumps(details or {}, ensure_ascii=False)[:200])


async def get_audit_log(
    case_id: UUID | None = None,
    action: str | None = None,
    limit: int = 50,
) -> list[dict]:
    """שליפת audit log."""
    pool = await db.get_pool()
    conditions = []
    params: list = []
    idx = 1

    if case_id:
        conditions.append(f"case_id = ${idx}")
        params.append(case_id)
        idx += 1
    if action:
        conditions.append(f"action = ${idx}")
        params.append(action)
        idx += 1

    where = f"WHERE {' AND '.join(conditions)}" if conditions else ""
    params.append(limit)

    async with pool.acquire() as conn:
        rows = await conn.fetch(
            f"SELECT * FROM audit_log {where} ORDER BY created_at DESC LIMIT ${idx}",
            *params,
        )

    return [dict(r) for r in rows]