feat: include audit trail log in the completed doc (#1916)

This change allows users to include the audit trail log in the completed
documents; similar to the signing certificate.


https://github.com/user-attachments/assets/d9ae236a-2584-4ad6-b7bc-27b3eb8c74d3

It also solves the issue with the text cutoff.

packages/lib/jobs/definitions/internal/seal-document.handler.ts

@@ -9,6 +9,7 @@ import { signPdf } from '@documenso/signing';
 import { AppError, AppErrorCode } from '../../../errors/app-error';
 import { sendCompletedEmail } from '../../../server-only/document/send-completed-email';
 import PostHogServerClient from '../../../server-only/feature-flags/get-post-hog-server-client';
+import { getAuditLogsPdf } from '../../../server-only/htmltopdf/get-audit-logs-pdf';
 import { getCertificatePdf } from '../../../server-only/htmltopdf/get-certificate-pdf';
 import { addRejectionStampToPdf } from '../../../server-only/pdf/add-rejection-stamp-to-pdf';
 import { flattenAnnotations } from '../../../server-only/pdf/flatten-annotations';
@@ -145,7 +146,24 @@ export const run = async ({
     ? await getCertificatePdf({
         documentId,
         language: document.documentMeta?.language,
-      }).catch(() => null)
+      }).catch((e) => {
+        console.log('Failed to get certificate PDF');
+        console.error(e);
+
+        return null;
+      })
+    : null;
+
+  const auditLogData = settings.includeAuditLog
+    ? await getAuditLogsPdf({
+        documentId,
+        language: document.documentMeta?.language,
+      }).catch((e) => {
+        console.log('Failed to get audit logs PDF');
+        console.error(e);
+
+        return null;
+      })
     : null;
 
   const newDataId = await io.runTask('decorate-and-sign-pdf', async () => {
@@ -174,6 +192,16 @@ export const run = async ({
       });
     }
 
+    if (auditLogData) {
+      const auditLogDoc = await PDFDocument.load(auditLogData);
+
+      const auditLogPages = await pdfDoc.copyPages(auditLogDoc, auditLogDoc.getPageIndices());
+
+      auditLogPages.forEach((page) => {
+        pdfDoc.addPage(page);
+      });
+    }
+
     for (const field of fields) {
       if (field.inserted) {
         document.useLegacyFieldInsertion

packages/lib/server-only/document/create-document-v2.ts

@@ -212,7 +212,7 @@ export const createDocumentV2 = async ({
       }),
     );
 
-    // Todo: Is it necessary to create a full audit log with all fields and recipients audit logs?
+    // Todo: Is it necessary to create a full audit logs with all fields and recipients audit logs?
 
     await tx.documentAuditLog.create({
       data: createDocumentAuditLogData({

packages/lib/server-only/document/seal-document.ts

@@ -17,6 +17,7 @@ import type { RequestMetadata } from '../../universal/extract-request-metadata';
 import { getFileServerSide } from '../../universal/upload/get-file.server';
 import { putPdfFileServerSide } from '../../universal/upload/put-file.server';
 import { fieldsContainUnsignedRequiredField } from '../../utils/advanced-fields-helpers';
+import { getAuditLogsPdf } from '../htmltopdf/get-audit-logs-pdf';
 import { getCertificatePdf } from '../htmltopdf/get-certificate-pdf';
 import { addRejectionStampToPdf } from '../pdf/add-rejection-stamp-to-pdf';
 import { flattenAnnotations } from '../pdf/flatten-annotations';
@@ -125,6 +126,18 @@ export const sealDocument = async ({
       })
     : null;
 
+  const auditLogData = settings.includeAuditLog
+    ? await getAuditLogsPdf({
+        documentId,
+        language: document.documentMeta?.language,
+      }).catch((e) => {
+        console.log('Failed to get audit logs PDF');
+        console.error(e);
+
+        return null;
+      })
+    : null;
+
   const doc = await PDFDocument.load(pdfData);
 
   // Normalize and flatten layers that could cause issues with the signature
@@ -147,6 +160,16 @@ export const sealDocument = async ({
     });
   }
 
+  if (auditLogData) {
+    const auditLog = await PDFDocument.load(auditLogData);
+
+    const auditLogPages = await doc.copyPages(auditLog, auditLog.getPageIndices());
+
+    auditLogPages.forEach((page) => {
+      doc.addPage(page);
+    });
+  }
+
   for (const field of fields) {
     document.useLegacyFieldInsertion
       ? await legacy_insertFieldInPDF(doc, field)

packages/lib/server-only/htmltopdf/get-audit-logs-pdf.ts

@@ -0,0 +1,83 @@
+import { DateTime } from 'luxon';
+import type { Browser } from 'playwright';
+
+import { NEXT_PUBLIC_WEBAPP_URL } from '../../constants/app';
+import { type SupportedLanguageCodes, isValidLanguageCode } from '../../constants/i18n';
+import { env } from '../../utils/env';
+import { encryptSecondaryData } from '../crypto/encrypt';
+
+export type GetAuditLogsPdfOptions = {
+  documentId: number;
+  // eslint-disable-next-line @typescript-eslint/ban-types
+  language?: SupportedLanguageCodes | (string & {});
+};
+
+export const getAuditLogsPdf = async ({ documentId, language }: GetAuditLogsPdfOptions) => {
+  const { chromium } = await import('playwright');
+
+  const encryptedId = encryptSecondaryData({
+    data: documentId.toString(),
+    expiresAt: DateTime.now().plus({ minutes: 5 }).toJSDate().valueOf(),
+  });
+
+  let browser: Browser;
+
+  const browserlessUrl = env('NEXT_PRIVATE_BROWSERLESS_URL');
+
+  if (browserlessUrl) {
+    // !: Use CDP rather than the default `connect` method to avoid coupling to the playwright version.
+    // !: Previously we would have to keep the playwright version in sync with the browserless version to avoid errors.
+    browser = await chromium.connectOverCDP(browserlessUrl);
+  } else {
+    browser = await chromium.launch();
+  }
+
+  if (!browser) {
+    throw new Error(
+      'Failed to establish a browser, please ensure you have either a Browserless.io url or chromium browser installed',
+    );
+  }
+
+  const browserContext = await browser.newContext();
+
+  const page = await browserContext.newPage();
+
+  const lang = isValidLanguageCode(language) ? language : 'en';
+
+  await page.context().addCookies([
+    {
+      name: 'language',
+      value: lang,
+      url: NEXT_PUBLIC_WEBAPP_URL(),
+    },
+  ]);
+
+  await page.goto(`${NEXT_PUBLIC_WEBAPP_URL()}/__htmltopdf/audit-log?d=${encryptedId}`, {
+    waitUntil: 'networkidle',
+    timeout: 10_000,
+  });
+
+  // !: This is a workaround to ensure the page is loaded correctly.
+  // !: It's not clear why but suddenly browserless cdp connections would
+  // !: cause the page to render blank until a reload is performed.
+  await page.reload({
+    waitUntil: 'networkidle',
+    timeout: 10_000,
+  });
+
+  await page.waitForSelector('h1', {
+    state: 'visible',
+    timeout: 10_000,
+  });
+
+  const result = await page.pdf({
+    format: 'A4',
+    printBackground: true,
+  });
+
+  await browserContext.close();
+
+  void browser.close();
+
+  return result;
+};

packages/lib/server-only/htmltopdf/get-certificate-pdf.ts

@@ -72,6 +72,7 @@ export const getCertificatePdf = async ({ documentId, language }: GetCertificate
 
   const result = await page.pdf({
     format: 'A4',
+    printBackground: true,
   });
 
   await browserContext.close();

packages/lib/utils/organisations.ts

@@ -120,6 +120,7 @@ export const generateDefaultOrganisationSettings = (): Omit<
 
     includeSenderDetails: true,
     includeSigningCertificate: true,
+    includeAuditLog: false,
 
     typedSignatureEnabled: true,
     uploadSignatureEnabled: true,

packages/lib/utils/teams.ts

@@ -170,6 +170,7 @@ export const generateDefaultTeamSettings = (): Omit<TeamGlobalSettings, 'id' | '
 
     includeSenderDetails: null,
     includeSigningCertificate: null,
+    includeAuditLog: null,
 
     typedSignatureEnabled: null,
     uploadSignatureEnabled: null,

packages/prisma/migrations/20250721085125_include_audit_trail_log/migration.sql

@@ -0,0 +1,5 @@
+-- AlterTable
+ALTER TABLE "OrganisationGlobalSettings" ADD COLUMN     "includeAuditLog" BOOLEAN NOT NULL DEFAULT false;
+
+-- AlterTable
+ALTER TABLE "TeamGlobalSettings" ADD COLUMN     "includeAuditLog" BOOLEAN;

packages/prisma/schema.prisma

@@ -734,13 +734,13 @@ model OrganisationGlobalSettings {
   id           String        @id
   organisation Organisation?
 
-  documentVisibility DocumentVisibility @default(EVERYONE)
-  documentLanguage   String             @default("en")
-  documentTimezone   String? // Nullable to allow using local timezones if not set.
-  documentDateFormat String             @default("yyyy-MM-dd hh:mm a")
-
-  includeSenderDetails      Boolean @default(true)
-  includeSigningCertificate Boolean @default(true)
+  documentVisibility        DocumentVisibility @default(EVERYONE)
+  documentLanguage          String             @default("en")
+  includeSenderDetails      Boolean            @default(true)
+  includeSigningCertificate Boolean            @default(true)
+  includeAuditLog           Boolean            @default(false)
+  documentTimezone          String? // Nullable to allow using local timezones if not set.
+  documentDateFormat        String             @default("yyyy-MM-dd hh:mm a")
 
   typedSignatureEnabled  Boolean @default(true)
   uploadSignatureEnabled Boolean @default(true)
@@ -771,6 +771,7 @@ model TeamGlobalSettings {
 
   includeSenderDetails      Boolean?
   includeSigningCertificate Boolean?
+  includeAuditLog           Boolean?
 
   typedSignatureEnabled  Boolean?
   uploadSignatureEnabled Boolean?

packages/trpc/server/organisation-router/update-organisation-settings.ts

@@ -30,6 +30,7 @@ export const updateOrganisationSettingsRoute = authenticatedProcedure
       documentDateFormat,
       includeSenderDetails,
       includeSigningCertificate,
+      includeAuditLog,
       typedSignatureEnabled,
       uploadSignatureEnabled,
       drawSignatureEnabled,
@@ -117,6 +118,7 @@ export const updateOrganisationSettingsRoute = authenticatedProcedure
             documentDateFormat,
             includeSenderDetails,
             includeSigningCertificate,
+            includeAuditLog,
             typedSignatureEnabled,
             uploadSignatureEnabled,
             drawSignatureEnabled,

packages/trpc/server/organisation-router/update-organisation-settings.types.ts

@@ -19,6 +19,7 @@ export const ZUpdateOrganisationSettingsRequestSchema = z.object({
     documentDateFormat: ZDocumentMetaDateFormatSchema.optional(),
     includeSenderDetails: z.boolean().optional(),
     includeSigningCertificate: z.boolean().optional(),
+    includeAuditLog: z.boolean().optional(),
     typedSignatureEnabled: z.boolean().optional(),
     uploadSignatureEnabled: z.boolean().optional(),
     drawSignatureEnabled: z.boolean().optional(),

packages/trpc/server/team-router/update-team-settings.ts

@@ -32,6 +32,7 @@ export const updateTeamSettingsRoute = authenticatedProcedure
       documentDateFormat,
       includeSenderDetails,
       includeSigningCertificate,
+      includeAuditLog,
       typedSignatureEnabled,
       uploadSignatureEnabled,
       drawSignatureEnabled,
@@ -110,6 +111,7 @@ export const updateTeamSettingsRoute = authenticatedProcedure
             documentDateFormat,
             includeSenderDetails,
             includeSigningCertificate,
+            includeAuditLog,
             typedSignatureEnabled,
             uploadSignatureEnabled,
             drawSignatureEnabled,

packages/trpc/server/team-router/update-team-settings.types.ts

@@ -23,6 +23,7 @@ export const ZUpdateTeamSettingsRequestSchema = z.object({
     documentDateFormat: ZDocumentMetaDateFormatSchema.nullish(),
     includeSenderDetails: z.boolean().nullish(),
     includeSigningCertificate: z.boolean().nullish(),
+    includeAuditLog: z.boolean().nullish(),
     typedSignatureEnabled: z.boolean().nullish(),
     uploadSignatureEnabled: z.boolean().nullish(),
     drawSignatureEnabled: z.boolean().nullish(),