[Backend] JWT-protected admin dispute resolve/reject endpoints are not audit-logged

[grantfox-oss]

Telegram (ask questions / claim the issue here first): https://t.me/+DOylgFv1jyJlNzM0

Why this matters

The API-key admin mutations (check-defaults, reindex, webhooks) attach auditLog, but the JWT-protected dispute endpoints POST /disputes/:disputeId/resolve and /disputes/:disputeId/reject in src/routes/adminRoutes.ts have no auditLog even though they change loan default status.

Acceptance criteria

• Attach the auditLog middleware to the dispute resolve and reject routes
• Ensure the acting admin identity (JWT publicKey) is recorded
• Confirm sensitive fields stay redacted by the existing sanitizer
• Add a test asserting an audit_logs row is written for a resolve action

Files to touch

• src/routes/adminRoutes.ts
• src/middleware/auditLog.ts
• src/controllers/adminDisputeController.ts

Out of scope

• Audit log retention policy
• Audit log query UI

[Amarjeet325]

Hi, maintainers 👋.
I’d like to work on this issue.
I’m a full-stack developer and smart contract expert; I have previously contributed to multiple open-source projects.

Could you please assign this issue to me?

[samjay8]

Hello, maintainer, I have gone through this issue and I will like to help work on it, please can I handle it?
ETA: 6 hours.

[Yerimahjr]

Hi maintainers, I'd like to work on this issue as well. I'm a full-stack developer with experience in Rust, TypeScript, and smart contract development, and I recently completed PR #25 on remitlend-frontend (merged — RFC 4180 CSV export). For this issue I'll attach the auditLog middleware to both the dispute resolve and reject routes in adminRoutes.ts, ensure the JWT publicKey of the acting admin is captured, verify the existing sanitizer redacts sensitive fields, and add a test asserting an audit_logs row is written on a resolve action.

[AbuJulaybeeb]

Hi Maintainer, I have reviewed the description of the issue and would like to hop on this issue and deliver ETA

[grantfox-oss]

🦊 GrantFox — @AbuJulaybeeb has been assigned to this issue as part of the Official Campaign campaign!

Next steps:

1. Open a Pull Request referencing this issue (e.g., Closes #13)
2. Your PR will be reviewed by the LabsCrypt maintainers

Good luck! Track your progress on GrantFox.