Audit logging feature files

backend/setup.js

@@ -88,6 +88,24 @@ function initializeDatabase() {
             CREATE INDEX IF NOT EXISTS idx_sessions_expires ON sessions(expires_at);
             CREATE INDEX IF NOT EXISTS idx_users_username ON users(username);
 
+            -- Audit log table for tracking user actions
+            CREATE TABLE IF NOT EXISTS audit_logs (
+                id INTEGER PRIMARY KEY AUTOINCREMENT,
+                user_id INTEGER,
+                username VARCHAR(50) NOT NULL,
+                action VARCHAR(50) NOT NULL,
+                entity_type VARCHAR(50) NOT NULL,
+                entity_id VARCHAR(100),
+                details TEXT,
+                ip_address VARCHAR(45),
+                created_at TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+            );
+
+            CREATE INDEX IF NOT EXISTS idx_audit_user_id ON audit_logs(user_id);
+            CREATE INDEX IF NOT EXISTS idx_audit_action ON audit_logs(action);
+            CREATE INDEX IF NOT EXISTS idx_audit_entity_type ON audit_logs(entity_type);
+            CREATE INDEX IF NOT EXISTS idx_audit_created_at ON audit_logs(created_at);
+
             INSERT OR IGNORE INTO required_documents (vendor, document_type, is_mandatory, description) VALUES
             ('Microsoft', 'advisory', 1, 'Official Microsoft Security Advisory'),
             ('Microsoft', 'screenshot', 0, 'Proof of patch application'),
@@ -244,7 +262,7 @@ function displaySummary() {
     console.log('╚════════════════════════════════════════════════════════╝');
     console.log('\n📊 What was created:');
     console.log('   ✓ SQLite database (cve_database.db)');
-    console.log('   ✓ Tables: cves, documents, required_documents, users, sessions');
+    console.log('   ✓ Tables: cves, documents, required_documents, users, sessions, audit_logs');
     console.log('   ✓ Multi-vendor support with UNIQUE(cve_id, vendor)');
     console.log('   ✓ Vendor column in documents table');
     console.log('   ✓ User authentication with session-based auth');