<!--IssueSummary start--> <details> <summary> Everyone can contribute. [Help move this issue forward](https://handbook.gitlab.com/handbook/marketing/developer-relations/contributor-success/community-contributors-workflows/#contributor-links) while earning points, leveling up and collecting rewards. </summary> - [Work on this issue](https://contributors.gitlab.com/manage-issue?action=work&projectId=278964&issueIid=562516) - [Close this issue](https://contributors.gitlab.com/manage-issue?action=close&projectId=278964&issueIid=562516) </details> <!--IssueSummary end--> ## Context The `log_git_streaming_audit_events` feature flag rollout caused authentication failures when Workhorse makes requests to the new `/shellhorse/git_audit_event` endpoint. The current implementation has overly restrictive authentication that doesn't account for all HTTP-based Git operation scenarios. ### Background * Feature flag `log_git_streaming_audit_events` was globally enabled but reverted due to flooding logs with 404 errors * The new workflow moved from checking access and sending audit events in the same `/allowed` request to using a dedicated endpoint * Current authorization may be missing permissions for deploy tokens and other HTTP authentication methods ### Expected behavior GitLab Rails should successfully authenticate the Git audit events for all valid HTTP-based Git operations, including deploy tokens. ### Current Behavior Workhorse requests result in high volumes of 404 "Not Found" and 401 "Forbidden" errors, causing log flooding and Sentry alerts. Both issues are blocking the rollout of Git streaming audit events and need to be resolved before the feature can be safely enabled in production. ### Related Epic: https://gitlab.com/groups/gitlab-org/-/work_items/20506