feat(api-request-log): re-enable logging, increase retention to 30 days, add admin download panel#1745
Conversation
…ys, add admin download panel - Uncomment handleRequestLogging call in openrouter proxy route - Increase cleanup cron retention from 7 to 30 days - Add admin page with user ID and date range filters - Stream zip file with formatted request/response JSON files - Add archiver dependency for server-side zip streaming
![kilo-code-bot[bot]](https://avatars.githubusercontent.com/in/2193792?s=60&v=4){kind=small}
|
|
||
| const conditions = [ | ||
| eq(api_request_log.kilo_user_id, userId), | ||
| gte(api_request_log.created_at, new Date(startDate).toISOString()), |
There was a problem hiding this comment.
WARNING: Invalid dates trigger a 500 here
new Date(...).toISOString() throws a RangeError for malformed query strings (for example startDate=foo or endDate=2026-02-31). Because this route is still reachable via a normal GET request, a bad parameter currently becomes a 500 instead of a 400. Validate both dates before building the Drizzle predicates.
| return; | ||
| } | ||
|
|
||
| const blob = await response.blob(); |
There was a problem hiding this comment.
SUGGESTION: The client buffers the full ZIP before starting the download
response.blob() defeats the server-side zip streaming and keeps the entire export in browser memory before the save prompt appears. For larger 30-day exports, this can make the admin page much heavier than necessary. Navigating directly to the download URL (for example with a normal link or form submission) preserves streaming end-to-end.
Code Review SummaryStatus: 1 Issue Found | Recommendation: Address before merge Overview
Fix these issues in Kilo Cloud Issue Details (click to expand)WARNING
Other Observations (not in diff)N/A Files Reviewed (2 files)
Reviewed by gpt-5.4-20260305 · 154,960 tokens |
…irect URL download - Validate date params before building queries to return 400 instead of 500 - Use window.location.href for download to preserve end-to-end streaming - Add void to archive.finalize() to satisfy lint - Run oxfmt formatting
| }); | ||
|
|
||
| // Navigate directly to preserve server-side streaming | ||
| window.location.href = `/admin/api/api-request-log/download?${params}`; |
There was a problem hiding this comment.
WARNING: Direct navigation drops server-side error handling
Navigating the current tab preserves streaming, but any non-2xx response from this endpoint (No records found, invalid date after manual input, expired admin session) now replaces the admin page with raw JSON instead of using the existing inline error UI. This is a regression from the previous flow, so the download path still needs a way to surface server-side failures without leaving the page.
1 participant
Summary
/admin/api-request-logfor downloading request/response data as a streamed zip file<timestamp>_<id>_request|response.json|txtwith human-readable JSON formattingarchiverdependency for server-side zip streamingVerification
tsgo --noEmit— no new type errors (5 pre-existing errors inpackages/dbunrelated to this change)handleRequestLoggingimport was re-added to the openrouter routeVisual Changes
N/A
Reviewer Notes
handleRequestLoggingfunction still gates logging behind an allowlist (kilo.ai/kilocode.ai emails + specific user/org hashes). This PR only uncomments the call site — it does not change who gets logged.2026-03-30_12-00-00-000_123_request.json— timestamps have colons/dots replaced with hyphens for filesystem compatibility.