fix(audit-log): lazily resolve actor name/email when missing

waleedlatif1 · waleedlatif1 · commit 22bb74723d78 · 2026-02-19T16:08:51.000-08:00
diff --git a/apps/sim/lib/audit/log.ts b/apps/sim/lib/audit/log.ts
@@ -1,5 +1,7 @@
 import { auditLog, db } from '@sim/db'
+import { user } from '@sim/db/schema'
 import { createLogger } from '@sim/logger'
+import { eq } from 'drizzle-orm'
 import { nanoid } from 'nanoid'
 
 const logger = createLogger('AuditLog')
@@ -185,6 +187,7 @@ interface AuditLogParams {
 
 /**
  * Records an audit log entry. Fire-and-forget — never throws or blocks the caller.
+ * If actorName/actorEmail are not provided, resolves them from the user table.
  */
 export function recordAudit(params: AuditLogParams): void {
   try {
@@ -194,31 +197,50 @@ export function recordAudit(params: AuditLogParams): void {
       undefined
     const userAgent = params.request?.headers.get('user-agent') ?? undefined
 
-    db.insert(auditLog)
-      .values({
-        id: nanoid(),
-        workspaceId: params.workspaceId || null,
-        actorId: params.actorId,
-        action: params.action,
-        resourceType: params.resourceType,
-        resourceId: params.resourceId,
-        actorName: params.actorName ?? undefined,
-        actorEmail: params.actorEmail ?? undefined,
-        resourceName: params.resourceName,
-        description: params.description,
-        metadata: params.metadata ?? {},
-        ipAddress,
-        userAgent,
-      })
-      .then(() => {
-        logger.debug('Audit log recorded', {
+    const needsLookup = params.actorId && !params.actorName && !params.actorEmail
+
+    const insertAudit = (actorName?: string | null, actorEmail?: string | null) => {
+      db.insert(auditLog)
+        .values({
+          id: nanoid(),
+          workspaceId: params.workspaceId || null,
+          actorId: params.actorId,
           action: params.action,
           resourceType: params.resourceType,
+          resourceId: params.resourceId,
+          actorName: actorName ?? params.actorName ?? undefined,
+          actorEmail: actorEmail ?? params.actorEmail ?? undefined,
+          resourceName: params.resourceName,
+          description: params.description,
+          metadata: params.metadata ?? {},
+          ipAddress,
+          userAgent,
+        })
+        .then(() => {
+          logger.debug('Audit log recorded', {
+            action: params.action,
+            resourceType: params.resourceType,
+          })
+        })
+        .catch((error) => {
+          logger.error('Failed to record audit log', { error, action: params.action })
+        })
+    }
+
+    if (needsLookup) {
+      db.select({ name: user.name, email: user.email })
+        .from(user)
+        .where(eq(user.id, params.actorId))
+        .limit(1)
+        .then(([row]) => {
+          insertAudit(row?.name, row?.email)
+        })
+        .catch(() => {
+          insertAudit()
         })
-      })
-      .catch((error) => {
-        logger.error('Failed to record audit log', { error, action: params.action })
-      })
+    } else {
+      insertAudit()
+    }
   } catch (error) {
     logger.error('Failed to initiate audit log', { error, action: params.action })
   }
