Track grant history

[estyxx]

What

ToDo

Attachments

Grant created by grantee

Grant created by admin

Grant updated by grantee

Grant changes in review session:

Confirm pending status (action)

Send email approved (action)

Grantee reply

accepts

or refuse the grant

admin changes

'Changed status' is from django.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
pycon	Ready	Preview	Jan 18, 2026 4:58pm

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 94.43%. Comparing base (c73ef4f) to head (d83b221).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #4529   +/-   ##
=======================================
  Coverage   94.42%   94.43%           
=======================================
  Files         352      352           
  Lines       10157    10162    +5     
  Branches      738      738           
=======================================
+ Hits         9591     9596    +5     
  Misses        468      468           
  Partials       98       98           

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[estyxx]

@claude do the code review

[claude]

Claude finished @estyxx's task in 1m 29s —— View job

---

Code Review Complete

• Analyze PR changes and context
• Review backend/api/grants/mutations.py
• Review backend/grants/admin.py
• Review backend/reviews/admin.py
• Review backend/custom_admin/admin.py
• Review test files
• Provide comprehensive feedback

---

Summary

This PR adds comprehensive audit logging for grant history tracking across the application. The implementation is well-structured and thorough, covering grant mutations, admin actions, and review session operations.

Strengths

1. Comprehensive coverage: Audit logging is added to all relevant touchpoints - GraphQL mutations, admin actions, review sessions, and bulk operations.

2. Consistent audit module: Using custom_admin/audit.py with create_addition_admin_log_entry, create_change_admin_log_entry, and create_deletion_admin_log_entry provides a clean abstraction over Django's LogEntry.

3. Clear change messages: The log messages are descriptive and include relevant context (e.g., status transitions, reimbursement names).

4. Thorough test coverage: Tests verify that log entries are created correctly for each action type, including edge cases.

5. Smart duplicate prevention: The fix in commit 2af1983 to avoid logging pending_status changes when unchanged prevents unnecessary log entries during review session saves.

Suggestions

1. Consider logging reimbursement amount changes

In backend/reviews/admin.py:377-387, when update_or_create is called for reimbursements, the code only logs when a reimbursement is created. If the granted_amount changes for an existing reimbursement, this wouldn't be logged.

# backend/reviews/admin.py:377-387
reimbursement, created = (
    GrantReimbursement.objects.update_or_create(
        grant=grant,
        category_id=reimbursement_category_id,
        defaults={
            "granted_amount": reimbursement_categories[
                reimbursement_category_id
            ].max_amount
        },
    )
)

if created:
    create_addition_admin_log_entry(...)

Consider adding a check for updates when created is False and the amount changed.

2. Minor: Transaction boundaries in mutations

In backend/api/grants/mutations.py:286, the create_addition_admin_log_entry is called inside send_grant which has @transaction.atomic. This is good. However, update_grant at line 309 doesn't have @transaction.atomic, and the log entry is created before instance.save():

# backend/api/grants/mutations.py:306-311
for attr, value in asdict(input).items():
    setattr(instance, attr, value)

create_change_admin_log_entry(request.user, instance, "Grant updated")

instance.save()

If instance.save() fails, the log entry would still be written. Consider either:

• Adding @transaction.atomic to update_grant
• Moving the log entry creation after instance.save() (with a try/except)

Fix this →

3. Consistency in log message prefixes

Some messages use [Review Session] or [Bulk Admin Action] prefixes while others don't. This is actually good for distinguishing the context. Just ensure this convention is documented or consistently applied in future additions.

4. Test cleanup: Print statement in test file

In backend/reviews/tests/test_admin.py:720-721, there's a print statement that appears to be debug code:

for e in LogEntry.objects.all():
    print(e.change_message)

Consider removing this before merging.

Fix this →

Overall Assessment

This is a solid implementation. The audit logging will provide valuable visibility into grant lifecycle changes. The code follows existing patterns in the codebase and is well-tested.

The two minor suggestions above (transaction safety and removing the debug print) are worth addressing, but they don't block the PR.
| Branch: grants/add-grant-history

[estyxx]

@claude

1. I removed because when re-saving the reviews we can't make 'updates' just add and remove reimbursements, so was misleading in the logs.
2. added the transaction
3. improve the messages, make them consistent, remember to update the tests
4. done

did i miss to log any actions for the grants?

[claude]

Claude finished @estyxx's task in 7m 21s —— View job

---

Grant History Review Complete

• Review current state of audit logging implementation
• Check for any missing grant actions that should be logged
• Review message consistency across all logging calls
• Improve message consistency
• Update tests for new message formats
• Commit and push changes (d83b221)

---

Summary

Changes Made (commit d83b221)

Improved audit log message consistency:

• Added periods at the end of all audit log messages
• Simplified [Review Session] Grant status updated: pending_status changed from... to [Review Session] Pending status changed from... for consistency with other messages

Grant Actions Coverage Analysis

All grant-related actions are now properly logged:

Source	Actions Logged
Grantee (mutations.py)	Grant created, Grant updated, Grantee reply
Admin Direct (grants/admin.py)	Status change, Pending status change, Reimbursement removal, All email sends, Voucher creation
Bulk Admin (custom_admin/admin.py)	Confirm pending status, Reset pending status
Review Session (reviews/admin.py)	Pending status change, Reimbursement add/remove

Message Format Convention

Messages now follow a consistent pattern:

• No prefix: Direct user/admin actions (e.g., Grant created.)
• [Bulk Admin Action]: Bulk actions from admin panel
• [Review Session]: Actions from review session recap

No missing grant actions were identified. The audit logging covers the full grant lifecycle.

| | Branch: grants/add-grant-history