Bug: AuditInterceptor feedback loop when audit entities implement IAuditable or interceptor captures all changes

[fernando-santillana]

Description

BindDbContext<TContext> registers all ISaveChangesInterceptor instances (including AuditInterceptor) on every DbContext via:

options.AddInterceptors(sp.GetServices<ISaveChangesInterceptor>());

This means AuditInterceptor also fires when AuditPublishedEventHandler calls IdentityDbContext.SaveChangesAsync() to persist AuditTrail records. Currently this
doesn't cause a visible problem because AuditInterceptor filters on IAuditable:

foreach (var entry in eventData.Context.ChangeTracker.Entries<IAuditable>()
    .Where(x => x.State is EntityState.Added or EntityState.Deleted or EntityState.Modified)
    .ToList())

And AuditTrail does not implement IAuditable, so the interceptor finds no matching entries and exits early.

The Problem

This is a latent feedback loop. If anyone:

1. Makes AuditTrail implement IAuditable (to track when audit records are created/modified), or
2. Broadens the interceptor to capture all entity changes (e.g., ChangeTracker.Entries() without the <IAuditable> filter)

...the interceptor will detect the AuditTrail inserts, publish new AuditPublishedEvents, which triggers AuditPublishedEventHandler, which calls SaveChangesAsync()
again, creating an infinite loop.

Reproduction

When broadening the interceptor to capture all entity changes (replacing Entries<IAuditable>() with Entries()), the seeding process can generate audit records that recursively trigger   additional audit records, resulting in exponential growth:

[10:37:35 INF] Wrote 84 audit records for tenant root.
[10:37:36 INF] Wrote 84 audit records for tenant root.
[10:37:37 INF] Wrote 84 audit records for tenant root.
...repeating indefinitely...

Location

- src/api/framework/Infrastructure/Persistence/Extensions.cs — BindDbContext<TContext> (line with AddInterceptors)
- src/api/framework/Infrastructure/Persistence/Interceptors/AuditInterceptor.cs — no guard against audit context
- src/api/framework/Infrastructure/Identity/Audit/AuditPublishedEventHandler.cs — saves to IdentityDbContext which has the interceptor

Proposed Fix

Add an early return in AuditInterceptor when the context is the one storing audit trails:

public override async ValueTask<InterceptionResult<int>> SavingChangesAsync(
    DbContextEventData eventData, InterceptionResult<int> result,
    CancellationToken cancellationToken = default)
{
    if (eventData.Context is IdentityDbContext ctx && ctx.ChangeTracker.Entries<AuditTrail>().Any())
        return await base.SavingChangesAsync(eventData, result, cancellationToken);

    UpdateEntities(eventData.Context);
    await PublishAuditTrailsAsync(eventData);
    return await base.SavingChangesAsync(eventData, result, cancellationToken);
}

Alternatively, a simpler approach: exclude AuditTrail from the Entries<IAuditable>() filter explicitly, or document that AuditTrail must never implement IAuditable.

Impact Analysis

- Current impact: None visible (accidentally mitigated by IAuditable filter)
- Latent risk: Infinite loop, database bloat, and degraded startup performance if the interceptor is broadened or AuditTrail gains IAuditable
- Related: This is architecturally similar to the missing base.OnModelCreating() issue (#1226) — a working-by-coincidence pattern that breaks under reasonable
modifications

[nicovale1231-maker]

Thanks for the detailed analysis and for highlighting this edge case—this is a great catch.

…

On Fri, Mar 27, 2026, 9:32 AM Fernando Santillana ***@***.***> wrote: *fernando-santillana* created an issue (fullstackhero/dotnet-starter-kit#1230) <#1230> Description BindDbContext<TContext> registers *all* ISaveChangesInterceptor instances (including AuditInterceptor) on *every* DbContext via: options.AddInterceptors(sp.GetServices<ISaveChangesInterceptor>()); This means AuditInterceptor also fires when AuditPublishedEventHandler calls IdentityDbContext.SaveChangesAsync() to persist AuditTrail records. Currently this doesn't cause a visible problem because AuditInterceptor filters on IAuditable: foreach (var entry in eventData.Context.ChangeTracker.Entries<IAuditable>() .Where(x => x.State is EntityState.Added or EntityState.Deleted or EntityState.Modified) .ToList()) And AuditTrail does not implement IAuditable, so the interceptor finds no matching entries and exits early. The Problem This is a latent feedback loop. If anyone: 1. Makes AuditTrail implement IAuditable (to track when audit records are created/modified), or2. Broadens the interceptor to capture all entity changes (e.g., ChangeTracker.Entries() without the <IAuditable> filter) ...the interceptor will detect the AuditTrail inserts, publish new AuditPublishedEvents, which triggers AuditPublishedEventHandler, which calls SaveChangesAsync()again, creating an infinite loop. Reproduction When broadening the interceptor to capture all entity changes (replacing Entries<IAuditable>() with Entries()), the seeding process can generate audit records that recursively trigger additional audit records, resulting in exponential growth: [10:37:35 INF] Wrote 84 audit records for tenant root.[10:37:36 INF] Wrote 84 audit records for tenant root.[10:37:37 INF] Wrote 84 audit records for tenant root. ...repeating indefinitely... Location - src/api/framework/Infrastructure/Persistence/Extensions.cs — BindDbContext<TContext> (line with AddInterceptors)- src/api/framework/Infrastructure/Persistence/Interceptors/AuditInterceptor.cs — no guard against audit context- src/api/framework/Infrastructure/Identity/Audit/AuditPublishedEventHandler.cs — saves to IdentityDbContext which has the interceptor Proposed Fix Add an early return in AuditInterceptor when the context is the one storing audit trails: public override async ValueTask<InterceptionResult<int>> SavingChangesAsync( DbContextEventData eventData, InterceptionResult<int> result, CancellationToken cancellationToken = default){ if (eventData.Context is IdentityDbContext ctx && ctx.ChangeTracker.Entries<AuditTrail>().Any()) return await base.SavingChangesAsync(eventData, result, cancellationToken); UpdateEntities(eventData.Context); await PublishAuditTrailsAsync(eventData); return await base.SavingChangesAsync(eventData, result, cancellationToken);} Alternatively, a simpler approach: exclude AuditTrail from the Entries<IAuditable>() filter explicitly, or document that AuditTrail must never implement IAuditable. Impact Analysis - Current impact: None visible (accidentally mitigated by IAuditable filter)- Latent risk: Infinite loop, database bloat, and degraded startup performance if the interceptor is broadened or AuditTrail gains IAuditable- Related: This is architecturally similar to the missing base.OnModelCreating() issue (#1226) — a working-by-coincidence pattern that breaks under reasonable modifications — Reply to this email directly, view it on GitHub <#1230?email_source=notifications&email_token=B7VRUAVILJKGY4NKBV3R3JT4S2GG3A5CNFSL4Z3JMQ5C6L3HNF2C22DVMIXUS43TOVSS6NBRGUZTEMZUGEZTLJTSMVQXG33OVJZXKYTTMNZGSYTFMSSWK5TFNZ2KYZTPN52GK4S7MNWGSY3L>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/B7VRUASTQPLCKLX5O6MTRGL4S2GG3AVCNFSM6AAAAACXCB7ADGVHI2DSMVQWIX3LMV43ASLTON2WKOZUGE2TGMRTGQYTGNI> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>