fix: [PL-64132]: Added option to fetch the Audit Trail for multiple users and actions (#57)

* fix: [PL-64132]: Added Enum for actions

* fix: [PL-64132]: Added ActionsEnum, Updated description

* fix: [PL-64132]: Deleted prompts.txt File

* fix: [PL-64132]: Added option to fetch for multiple users and actions

Author: abhishekSingh1007

client/audit.go

@@ -3,6 +3,7 @@ package client
 import (
 	"context"
 	"fmt"
+	"strings"
 
 	"github.com/harness/harness-mcp/client/dto"
 )
@@ -16,7 +17,7 @@ type AuditService struct {
 }
 
 // ListUserAuditTrail fetches the audit trail.
-func (a *AuditService) ListUserAuditTrail(ctx context.Context, scope dto.Scope, userID string, page int, size int, startTime int64, endTime int64, opts *dto.ListAuditEventsFilter) (*dto.AuditOutput[dto.AuditListItem], error) {
+func (a *AuditService) ListUserAuditTrail(ctx context.Context, scope dto.Scope, userIDList string, actionsList string, page int, size int, startTime int64, endTime int64, opts *dto.ListAuditEventsFilter) (*dto.AuditOutput[dto.AuditListItem], error) {
 	if opts == nil {
 		opts = &dto.ListAuditEventsFilter{}
 	}
@@ -28,12 +29,47 @@ func (a *AuditService) ListUserAuditTrail(ctx context.Context, scope dto.Scope,
 
 	addScope(scope, params)
 
-	// Required fields
 	opts.FilterType = "Audit"
-	opts.Principals = []dto.AuditPrincipal{{
-		Type:       "USER",
-		Identifier: userID,
-	}}
+	if strings.TrimSpace(userIDList) != "" {
+		rawIDs := strings.Split(userIDList, ",")
+		userIDs := make([]string, 0)
+		for _, id := range rawIDs {
+			id = strings.TrimSpace(id)
+			if id != "" {
+				userIDs = append(userIDs, id)
+			}
+		}
+
+		if len(userIDs) > 0 {
+			principals := make([]dto.AuditPrincipal, 0, len(userIDs))
+			for _, uid := range userIDs {
+				principals = append(principals, dto.AuditPrincipal{
+					Type:       "USER",
+					Identifier: uid,
+				})
+			}
+			opts.Principals = principals
+		}
+	}
+
+	if strings.TrimSpace(actionsList) != "" {
+		rawActions := strings.Split(actionsList, ",")
+		actions := make([]string, 0)
+		for _, action := range rawActions {
+			action = strings.ToUpper(strings.TrimSpace(action))
+			if action != "" {
+				if _, ok := dto.AllowedActions[action]; ok {
+					actions = append(actions, action)
+				} else {
+					return nil, fmt.Errorf("Invalid action: %s\n", action)
+				}
+			}
+		}
+
+		if len(actions) > 0 {
+			opts.Actions = actions
+		}
+	}
 
 	opts.Scopes = []dto.AuditResourceScope{{
 		AccountIdentifier: scope.AccountID,

client/dto/audit.go

@@ -1,5 +1,53 @@
 package dto
 
+var AllowedActions = map[string]struct{}{
+	"CREATE":                  {},
+	"UPDATE":                  {},
+	"RESTORE":                 {},
+	"DELETE":                  {},
+	"FORCE_DELETE":            {},
+	"UPSERT":                  {},
+	"INVITE":                  {},
+	"RESEND_INVITE":          {},
+	"REVOKE_INVITE":          {},
+	"ADD_COLLABORATOR":       {},
+	"REMOVE_COLLABORATOR":    {},
+	"CREATE_TOKEN":           {},
+	"REVOKE_TOKEN":           {},
+	"LOGIN":                  {},
+	"LOGIN2FA":               {},
+	"UNSUCCESSFUL_LOGIN":     {},
+	"ADD_MEMBERSHIP":         {},
+	"REMOVE_MEMBERSHIP":      {},
+	"ERROR_BUDGET_RESET":     {},
+	"START":                  {},
+	"END":                    {},
+	"STAGE_START":            {},
+	"STAGE_END":              {},
+	"PAUSE":                  {},
+	"RESUME":                 {},
+	"ABORT":                  {},
+	"TIMEOUT":                {},
+	"SIGNED_EULA":            {},
+	"ROLE_ASSIGNMENT_CREATED": {},
+	"ROLE_ASSIGNMENT_UPDATED": {},
+	"ROLE_ASSIGNMENT_DELETED": {},
+	"MOVE":                   {},
+	"ENABLED":                {},
+	"DISABLED":               {},
+	"DISMISS_ANOMALY":        {},
+	"RERUN":                  {},
+	"BYPASS":                 {},
+	"STABLE_VERSION_CHANGED": {},
+	"SYNC_START":             {},
+	"START_IMPERSONATION":    {},
+	"END_IMPERSONATION":      {},
+	"MOVE_TO_GIT":            {},
+	"FREEZE_BYPASS":          {},
+	"EXPIRED":                {},
+	"FORCE_PUSH":             {},
+}
+
 type AuditPrincipal struct {
 	Type       string `json:"type"`
 	Identifier string `json:"identifier"`

pkg/harness/audit.go

@@ -55,10 +55,9 @@ func previousWeek() string {
 // ListAuditsOfUser creates a tool for listing the audit trail.
 func ListUserAuditTrailTool(config *config.Config, auditClient *client.AuditService) (tool mcp.Tool, handler server.ToolHandlerFunc) {
 	return mcp.NewTool("list_user_audits",
-			mcp.WithDescription("List the audit trail of the user."),
-			mcp.WithString("user_id",
-				mcp.Required(),
-				mcp.Description("The user id(emailId) used to retrieve the audit trail."),
+			mcp.WithDescription("List the audit trail."),
+			mcp.WithString("user_id_list",
+				mcp.Description("Enter one or more user email IDs (comma-separated) to filter the audit trail; leave blank to include all users."),
 			),
 			mcp.WithString("start_time",
 				mcp.Description("Optional start time in ISO 8601 format (e.g., '2025-07-10T08:00:00Z')"),
@@ -68,11 +67,24 @@ func ListUserAuditTrailTool(config *config.Config, auditClient *client.AuditServ
 				mcp.Description("Optional end time in ISO 8601 format (e.g., '2025-07-10T08:00:00Z')"),
 				mcp.DefaultString(getCurrentTime()),
 			),
+			mcp.WithString("actions",
+				mcp.Description("Optional actions to filter by. For multiple actions, use comma-separated values."),
+				mcp.Enum("CREATE", "UPDATE", "RESTORE", "DELETE", "FORCE_DELETE", "UPSERT", "INVITE", "RESEND_INVITE", "REVOKE_INVITE",
+					"ADD_COLLABORATOR", "REMOVE_COLLABORATOR", "CREATE_TOKEN", "REVOKE_TOKEN", "LOGIN", "LOGIN2FA", "UNSUCCESSFUL_LOGIN",
+					"ADD_MEMBERSHIP", "REMOVE_MEMBERSHIP", "ERROR_BUDGET_RESET", "START", "END", "STAGE_START", "STAGE_END", "PAUSE", "RESUME", "ABORT", "TIMEOUT", "SIGNED_EULA",
+					"ROLE_ASSIGNMENT_CREATED", "ROLE_ASSIGNMENT_UPDATED", "ROLE_ASSIGNMENT_DELETED", "MOVE", "ENABLED", "DISABLED", "DISMISS_ANOMALY", "RERUN", "BYPASS", "STABLE_VERSION_CHANGED",
+					"SYNC_START", "START_IMPERSONATION", "END_IMPERSONATION", "MOVE_TO_GIT", "FREEZE_BYPASS", "EXPIRED", "FORCE_PUSH"),
+			),
 			WithScope(config, false),
 			WithPagination(),
 		),
 		func(ctx context.Context, request mcp.CallToolRequest) (*mcp.CallToolResult, error) {
-			userID, err := requiredParam[string](request, "user_id")
+			userIDList, err := OptionalParam[string](request, "user_id_list")
+			if err != nil {
+				return mcp.NewToolResultError(err.Error()), nil
+			}
+
+			actionsList, err := OptionalParam[string](request, "actions")
 			if err != nil {
 				return mcp.NewToolResultError(err.Error()), nil
 			}
@@ -96,7 +108,7 @@ func ListUserAuditTrailTool(config *config.Config, auditClient *client.AuditServ
 			startTimeMilliseconds := convertDateToMilliseconds(startTime)
 			endTimeMilliseconds := convertDateToMilliseconds(endTime)
 
-			data, err := auditClient.ListUserAuditTrail(ctx, scope, userID, page, size, startTimeMilliseconds, endTimeMilliseconds, nil)
+			data, err := auditClient.ListUserAuditTrail(ctx, scope, userIDList, actionsList, page, size, startTimeMilliseconds, endTimeMilliseconds, nil)
 			if err != nil {
 				return nil, fmt.Errorf("failed to list the audit logs: %w", err)
 			}