feat: implement nonrepudiation and cryptographic signing

[ginaxu1]

Summary

Add non-repudiation and cryptographic signing capabilities. The goal is to allow client services (such as NSW) to provide an irrefutable "Proof of Origin" for critical audit events. This is achieved by extending the pkg/audit client library to handle digital signatures via a secure callback mechanism and updating the backend service to persist this metadata alongside standard audit logs

Changes

Core Audit Models & Persistence

• Extended Schema: updateAuditLog and AuditLogRequest to include signature, signatureAlgorithm, and publicKeyId fields
• Binary Payload Support: refactor the Message field to []byte to ensure cryptographic hashes remain stable and can store larger binary payloads
• Database Updates: modify the GORM repository to support these new columns (mapped as BLOB or BYTEA) in both SQLite and PostgreSQL backends
• API DTOs: update request/response DTOs to ensure signature metadata is preserved throughout the data pipeline from ingestion to retrieval

Client Library (pkg/audit)

• Interface Expansion : Auditor interface now includes SignEvent, LogSignedEvent, VerifyIntegrity, and Close methods
• Secure Signing Architecture: implement SignPayloadFunc to decouple the library from private key management, allowing callers to provide their own signing logic (e.g., via KMS or HSM)
• Asynchronous Worker Pool: refactor the Client to use a background worker queue with a configurable number of workers and automated retries (up to 3 attempts) for signing operations
• Security Logic (security.go) :
  • Canonicalization: implement CanonicalizeRequest to ensure consistent JSON serialization for stable hashing.
  • Verification: add VerifyPayload and VerifyIntegrity for public-key based signature validation
• Algorithm Hardening: addv alidation to ensure only supported algorithms (RS256, EdDSA) are utilized during client initialization
• Graceful Shutdown: add a Close method to ensures the internal worker queue is flushed and all pending logs are transmitted before the process exits

Documentation & Service Layer

• API Specification: update docs/API.md to define the new optional security fields for the POST /api/audit-logs endpoint
• Integrity Validation: implement logic to allow consuming applications to verify log integrity by comparing stored signatures against newly generated hashes of the record using the actor's public key

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the integrity and trustworthiness of audit logs by introducing cryptographic signing capabilities. It allows audit events to be digitally signed using various algorithms (RSA, Ed25519) and verified, thereby providing non-repudiation. The changes include updates to data models, API interfaces, and the addition of core cryptographic utility functions, ensuring that audit trails can be reliably attributed and their authenticity confirmed.

Highlights

• Non-Repudiation and Cryptographic Signing: Introduced new fields (signature, signatureAlgorithm, publicKeyId) to the audit log model and API requests to support cryptographic signing of audit events, ensuring non-repudiation.
• Audit Client Enhancements: Extended the Auditor interface and Client implementation with methods to sign audit events (SignEvent) and log already signed events (LogSignedEvent, SignAndLogEvent).
• Cryptographic Utilities: Added a new security.go file containing functions for canonicalizing audit requests, signing payloads using RSA or Ed25519, and verifying signatures.
• Configuration Refinement: Refactored the enum loading logic to merge configured enums with default values, ensuring all core enums are present while allowing custom additions.
• API Documentation Update: Updated the API documentation to reflect the new optional fields for digital signatures in audit log requests.

Changelog

• docs/API.md
  • Added signature, signatureAlgorithm, and publicKeyId fields to the audit log request table.
  • Updated the example request to include the new signature-related fields.
• internal/api/v1/models/audit_log.go
  • Added Signature, SignatureAlgorithm, and PublicKeyID fields to the AuditLog struct for security and non-repudiation.
• internal/api/v1/models/request_dtos.go
  • Added Signature, SignatureAlgorithm, and PublicKeyID fields to the CreateAuditLogRequest struct.
• internal/api/v1/services/audit_service.go
  • Mapped the new Signature, SignatureAlgorithm, and PublicKeyID fields from the request DTO to the AuditLog model during creation.
• internal/config/config.go
  • Refactored enum loading logic to merge user-defined enums with default enums using a new mergeUniqueStrings helper function.
  • Added a new helper function mergeUniqueStrings to combine two string slices and remove duplicates.
• pkg/audit/client.go
  • Imported crypto and fmt packages.
  • Added LogSignedEvent method as an alias for LogEvent for semantic clarity.
  • Implemented SignEvent method to generate cryptographic signatures for audit requests.
  • Implemented SignAndLogEvent method to sign an event and then log it asynchronously.
• pkg/audit/interface.go
  • Imported the crypto package.
  • Updated the Auditor interface to include SignEvent and LogSignedEvent methods.
• pkg/audit/models.go
  • Added Signature, SignatureAlgorithm, and PublicKeyID fields to the AuditLogRequest struct.
• pkg/audit/security.go
  • Added new file security.go containing functions for CanonicalizeRequest, SignPayload, and VerifyPayload.
• pkg/audit/security_test.go
  • Added new file security_test.go with unit tests for CanonicalizeRequest, SignPayload, and VerifyPayload functions for both RSA and Ed25519.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces cryptographic signing for audit logs to provide non-repudiation. The changes are comprehensive, touching the API documentation, data models, services, and the client library. A new pkg/audit/security.go file is added with well-implemented logic for canonicalization, signing, and verification for RSA and Ed25519 keys, supported by good tests. The configuration loading for enums has also been refactored to be more robust.

My review includes a couple of suggestions: one to fix a minor bug in the new mergeUniqueStrings function in internal/config/config.go, and another to improve error handling in the new test file pkg/audit/security_test.go.

[ginaxu1]

/gemini review

[gemini-code-assist]

Code Review

This pull request introduces significant enhancements by adding non-repudiation and cryptographic signing capabilities to the audit logging system. The changes include updating core audit models and DTOs to incorporate signature metadata, extending the client library with signing and verification methods, and implementing an asynchronous worker queue for event processing. New security.go and security_test.go files provide robust cryptographic functions and comprehensive tests for canonicalization, signing, and verification. The documentation (docs/API.md) has been updated to reflect these new features. Overall, the changes are well-implemented and tested, greatly improving the integrity and trustworthiness of audit events.

[gemini-code-assist]

Code Review

This pull request introduces significant new functionality for non-repudiation and cryptographic signing of audit events. The changes are extensive, including a major refactoring of the pkg/audit client to use a robust worker-queue model, the addition of new security-related fields to the data models and API, and updates to documentation. The implementation of the cryptographic functions in pkg/audit/security.go is solid and well-tested.

Overall, the changes are well-structured. I've identified a few issues: a critical one regarding a potentially breaking database schema change, a high-severity validation bug in the API handler, and a few medium-severity issues related to API documentation consistency, client library usability, and a minor performance improvement. Addressing these points will further strengthen this important new feature.