Add audit log retention and pruning mechanism #33
Description
Summary
Implement a retention policy and automated pruning for audit logs to prevent unbounded table growth.
Background
The RBAC audit logging system currently stores all audit events indefinitely. As the system scales, the audit_logs table will grow unbounded, leading to:
- Increased storage costs
- Slower query performance
- Potential D1 database size limits
Requirements
- Design configurable retention policy (e.g.,
AUDIT_LOG_RETENTION_DAYSenv var) - Implement scheduled cleanup using Cloudflare Cron Triggers
- Add pruning logic that deletes records older than retention period
- Ensure pruning doesn't block normal operations (batch deletes)
- Add monitoring/alerting for pruning failures
- Document retention configuration options
Technical Considerations
- Use Cloudflare Cron Triggers for scheduled execution
- Batch deletes to avoid long-running transactions
- Consider archiving to R2 before deletion for compliance
- Add index on
created_atcolumn if not present for efficient date-based queries
Acceptance Criteria
- Audit logs older than configured retention period are automatically deleted
- Pruning runs on configurable schedule (default: daily)
- No impact on normal audit logging operations during pruning
- Configuration documented in README
Related
Part of RBAC implementation (issue #16)