GloriousFlywheel Dashboard Control Audit Events 2026-04-16
Snapshot date: 2026-04-16
Purpose
Capture the first executed mutation-audit surface for #172.
This follows the auth-audit work by making the current GitLab-backed compatibility mutations visible after they succeed.
Companion notes:
- gloriousflywheel-dashboard-mutation-compatibility-2026-04-16.md
- gloriousflywheel-dashboard-mutation-authority-hold-2026-04-16.md
- gloriousflywheel-dashboard-operator-permission-policy-2026-04-16.md
- gloriousflywheel-dashboard-read-data-policy-2026-04-16.md
Current Executed Event Set
The dashboard now records control audit events in PostgreSQL for successful:
- runner pause mutations
- runner resume mutations
- submitted GitOps config changes
Each event currently records:
- actor username
- actor email
- actor role
- actor auth method
- action name
- control surface
- target name when available
- environment when available
- backend (
gitlabormock) - result reference when available
- event timestamp
Current Admin Surface
Admins can now inspect recent control event history through the Settings surface.
That feed is intentionally narrow:
- it is admin-only
- it currently covers successful GitLab-backed compatibility mutations
- it is for review and governance, not replay or policy editing
Why This Matters
This is the next defensible step after auth audit events:
- the repo still uses GitLab-backed compatibility mutations today
- privileged runner and config changes should stop being silent side effects
- the workflow improves governance without pretending the repo already has a replacement mutation authority
Current Implementation Boundary
- events are written best-effort after successful mutation completion
- failed mutation attempts are not yet stored
- the feed does not yet cover request-by-request proxy activity
- the feed does not yet cover future non-GitLab mutation authorities
Exit Condition
- current runner pause/resume and config-submit compatibility flows are no longer silent
- admins have a durable in-app control event history surface
- the next mutation-governance slice can focus on failed-attempt coverage, richer metadata, or a replacement mutation authority