Live Activity Feed
Cross-project timeline of every privileged action. Polls every 5 seconds.
The dashboard ships a Live Activity Feed at /activity (sidebar entry next to Home). It is a cross-project timeline of audit-log rows, scoped to the user's accessible projects, polling every five seconds. Admins see every row; non-admins see only rows whose project they hold a membership in. Filters by project and action prefix narrow the firehose down to exactly what the operator wants to watch. The Activity Feed reuses the brain's existing HMAC-chained audit log as its source of truth, so the data is the same data the per-project audit page exposes, just unified across every project the caller can see.
Ships with
- Server-side scope: non-admin with no memberships gets an empty feed; brain-wide rows are admin-only
- Filters apply at the query level (project_slug, action_prefix) so the wire payload stays small
- 5-second polling via TanStack Query; cursor-based pagination (since_id / next_before_id) so each poll fetches only new rows
- Infinite scroll backwards via Load older button (walks next_before_id)
- Status icons (success / deny / failure) and project badges so the timeline is scannable at a glance
Highlights
- 14-case backend test suite pins scope enforcement (admin / non-admin / unmember filter), filters, pagination edge cases, and the unauthenticated-rejection path
- Backed by GET /api/v1/activity which is a single indexed query against audit_log; one extra GET per visible tab
- Wire payload matches the per-project audit endpoint plus a resolved project_slug, so downstream parsers can reuse existing tooling
Related