Skip to content

feat: add prism connector audit logs#5131

Merged
prajwalnl merged 5 commits into
mainfrom
feat/ucs-prism-connector-audit
Jul 10, 2026
Merged

feat: add prism connector audit logs#5131
prajwalnl merged 5 commits into
mainfrom
feat/ucs-prism-connector-audit

Conversation

@VenuMadhav2541

@VenuMadhav2541 VenuMadhav2541 commented Jul 9, 2026

Copy link
Copy Markdown
Contributor

Type of Change

  • Bugfix
  • New feature
  • Enhancement
  • Refactoring
  • Dependency updates
  • Documentation
  • CI/CD

Description

Adds Prism connector event logs to the existing connector audit timeline for payment, refund, dispute, and payout audit screens.

This PR keeps Prism events under the existing connector section and updates the connector event display name logic to use the destination field:

  • UCS connector audit events for authentication flows are shown as Internal Authentication.
  • Prism connector audit events for authentication flows are shown as Authentication.
  • Non-authentication connector flows continue to use the existing API name mapping.

Fixes #5130

Motivation and Context

The backend now exposes Prism connector event audit rows through the analytics API. The dashboard needs to fetch those rows and render them with the existing connector audit events so users can see the complete connector timeline for UCS and Prism based payment flows.

How did you test it?

  • Before:
Screenshot 2026-07-09 at 6 29 24 PM - After: Screenshot 2026-07-09 at 6 31 00 PM

Where to test it?

  • INTEG
  • SANDBOX
  • PROD

Backend Dependency

  • Yes
  • No

Backend PR URL: juspay/hyperswitch#13177

Feature Flag

  • New feature flag added
  • Existing feature flag updated
  • No feature flag changes

Feature flag name(s):

Checklist

  • I ran npm run re:build
  • I reviewed submitted code
  • I added unit tests for my changes where possible

@VenuMadhav2541 VenuMadhav2541 requested a review from a team as a code owner July 9, 2026 12:48
@semanticdiff-com

semanticdiff-com Bot commented Jul 9, 2026

Copy link
Copy Markdown

Review changes with  SemanticDiff

Changed Files
File Status
  playwright-tests/support/commands.ts  0% smaller
  src/APIUtils/APIUtils.res Unsupported file format
  src/APIUtils/APIUtilsTypes.res Unsupported file format
  src/screens/Analytics/Logs/DisputeLogs/DisputeLogs.res Unsupported file format
  src/screens/Analytics/Logs/LogUtils/LogTypes.res Unsupported file format
  src/screens/Analytics/Logs/LogUtils/LogUtils.res Unsupported file format
  src/screens/Analytics/Logs/PaymentLogs/PaymentLogs.res Unsupported file format
  src/screens/Analytics/Logs/RefundLogs/RefundLogs.res Unsupported file format
  src/screens/Payouts/PayoutLogs.res Unsupported file format

@VenuMadhav2541 VenuMadhav2541 self-assigned this Jul 9, 2026
Comment thread src/screens/Analytics/Logs/LogUtils/LogUtils.res Outdated
Comment thread src/screens/Analytics/Logs/LogUtils/LogUtils.res Outdated
Comment thread src/screens/Analytics/Logs/LogUtils/LogUtils.res Outdated
Muditbhatia12
Muditbhatia12 previously approved these changes Jul 9, 2026
@XyneSpaces

Copy link
Copy Markdown
Collaborator

🚨 [blocking] getConnectorResponse in LogUtils.res falls back from masked_response to the raw response field when the masked value is empty.

Previously connector logs only rendered masked_response, which is the sanitized output. Showing the raw response when masking is absent exposes the full connector payload in the dashboard and breaches the masking contract. This affects getResponseObject, setDefaultValue, and the CONNECTOR log type rendering.

Treat an empty masked_response as missing data rather than falling back to the unsanitized response field, or ensure the log source always populates masked_response before this code reaches production.

let getConnectorResponse = dict => {
  dict->getString("masked_response", "")
}

@XyneSpaces

Copy link
Copy Markdown
Collaborator

[should-fix] getConnectorResponse falls back to the raw response field whenever masked_response is empty, which can leak unmasked PCI/PII in connector audit logs.

In src/screens/Analytics/Logs/LogUtils/LogUtils.res:

let getConnectorResponse = dict => {
  let maskedResponse = dict->getString("masked_response", "")
  maskedResponse->isNonEmptyString ? maskedResponse : dict->getString("response", "")
}

If the backend omits masked_response for any connector log whose response contains sensitive data, the audit-log UI will render it unredacted. The previous code only rendered masked_response for CONNECTOR logs, so this fallback relaxes the masking boundary.

Suggestion: only fall back to response when you have a positive signal that it is safe (for example, a is_masked flag or a dedicated non-sensitive display_response field), otherwise keep the previous behavior of returning an empty/default value when masking metadata is missing.

JeevaRamu0104
JeevaRamu0104 previously approved these changes Jul 10, 2026
@prajwalnl prajwalnl enabled auto-merge July 10, 2026 13:03
@prajwalnl prajwalnl added this pull request to the merge queue Jul 10, 2026
@github-actions github-actions Bot added the R-ready-for-review PR is ready for reviewing label Jul 10, 2026
Merged via the queue into main with commit 88c57b6 Jul 10, 2026
18 checks passed
@prajwalnl prajwalnl deleted the feat/ucs-prism-connector-audit branch July 10, 2026 13:50
@github-actions github-actions Bot added the Closed Applied to issues or pull requests that have been successfully resolved or completed label Jul 10, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Closed Applied to issues or pull requests that have been successfully resolved or completed R-ready-for-review PR is ready for reviewing

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Show Prism connector audit logs in connector timeline

6 participants