Skip to content

All SDKs: add an audit-bundle fetch method (round-trip with the existing verifiers) #116

Description

@surpradhan

Summary

The server exposes signed audit bundles over HTTP:

  • GET /sessions/:id/audit-bundle (src/server.js:542)
  • GET /workflows/:traceId/audit-bundle (src/server.js:580)

Both return 503 when AUDIT_SIGNING_SECRET is unset.

All three SDKs already have the verify half of the workflow (verifyAuditBundle / verify_audit_bundle / VerifyAuditBundle — present in sdks/python/aep/_audit.py, sdks/go/aep/audit.go, sdks/node/src/index.ts), but none of the SDK clients have a fetch method to pull a bundle. So there's no clean fetch-then-verify round-trip from the SDKs today.

Scope

Add client methods to fetch both bundle types, in every SDK, including the async clients:

  • Pythonget_session_audit_bundle / get_workflow_audit_bundle on AEPClient (sdks/python/aep/client.py) and AsyncAEPClient (sdks/python/aep/async_client.py).
  • GoGetSessionAuditBundle / GetWorkflowAuditBundle on Client (sdks/go/aep/client.go) and AsyncClient (sdks/go/aep/async_client.go).
  • NodegetSessionAuditBundle / getWorkflowAuditBundle on the client (sdks/node/src/client.ts).

Each method should surface the 503 (signing not configured) and 404 (scope not found) cases as clear errors, consistent with the SDK's existing error handling.

Acceptance criteria

  • Fetch methods for both session and workflow bundles in Python (sync + async), Go (sync + async), and Node.
  • A fetch → verify* round-trip works end-to-end (ideally shown in a test or example).
  • 503/404 handled with informative errors.
  • Each SDK's test suite passes.

Pointers

  • src/server.js:542 / :580 — the two endpoints (note the 503 gate)
  • sdks/python/aep/_audit.py, sdks/go/aep/audit.go, sdks/node/src/index.ts — the existing verify primitives this pairs with

Tagged help wanted — touches all three SDKs incl. async surfaces.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requesthelp wantedExtra attention is neededsdkPython / Go / Node SDK work

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions