mirror of
https://github.com/danny-avila/LibreChat.git
synced 2026-07-10 08:13:46 +00:00
Closes the forensic gap Codex flagged (R2-6/R3-4): deleting a role removed its SystemGrants with no audit entries. `deleteGrantsForPrincipal` now returns the removed grants, and the role-deletion handler emits a `grant.removed` audit entry per removed grant (actor = caller, target = role, metadata.capability, request context), matching the explicit revoke endpoint. Fail-open — the role is already deleted, so a failed audit is logged, not propagated; sequential to keep the per-tenant hash chain ordered. Extracted `buildAuditContext` to admin/context.ts (shared by grants + roles). Tests: role-deletion emits one entry per grant / none when no grants; ds 110, api admin 202 green. |
||
|---|---|---|
| .. | ||
| app | ||
| cache | ||
| config | ||
| db | ||
| models | ||
| server | ||
| strategies | ||
| test | ||
| utils | ||
| jest.config.js | ||
| jsconfig.json | ||
| package.json | ||
| typedefs.js | ||