smplkit 2.0.14 → 2.0.15

data/lib/smplkit/audit/client.rb

@@ -4,11 +4,15 @@ module Smplkit
   module Audit
     # Audit-product entry point — accessed via +client.audit+.
     #
-    # Today the audit namespace is exclusively +#events+; future
-    # iterations may add SIEM exports as additional sub-clients
-    # (ADR-047 §2.7 lists SIEM streaming as a Pro-tier capability).
+    # Owns event recording and read-side queries: fire-and-forget
+    # +#events.record+, plus the audit-log +list+ / +get+ and the
+    # distinct-value listings that back the Activity tab filter
+    # dropdowns. ADR-047 §2.7.
+    #
+    # SIEM forwarder CRUD lives on {Smplkit::ManagementClient} under
+    # +mgmt.audit.forwarders.*+.
     class AuditClient
-      attr_reader :events, :forwarders, :functions
+      attr_reader :events, :resource_types, :actions
 
       SDK_OWNED_HEADERS = %w[authorization content-type user-agent].freeze
 
@@ -23,11 +27,9 @@ module Smplkit
         extra_headers&.each do |k, v|
           api_client.default_headers[k] = v unless SDK_OWNED_HEADERS.include?(k.downcase)
         end
-        events_api = SmplkitGeneratedClient::Audit::EventsApi.new(api_client)
-        forwarders_api = SmplkitGeneratedClient::Audit::ForwardersApi.new(api_client)
-        @events = Events.new(events_api)
-        @forwarders = Forwarders.new(forwarders_api)
-        @functions = Functions.new(forwarders_api)
+        @events = Events.new(SmplkitGeneratedClient::Audit::EventsApi.new(api_client))
+        @resource_types = ResourceTypes.new(SmplkitGeneratedClient::Audit::ResourceTypesApi.new(api_client))
+        @actions = Actions.new(SmplkitGeneratedClient::Audit::ActionsApi.new(api_client))
       end
 
       def _close

data/lib/smplkit/audit/events.rb

@@ -4,9 +4,9 @@ module Smplkit
   module Audit
     # Audit events surface — accessed via +client.audit.events+.
     #
-    # +#create+ is fire-and-forget per ADR-047 §2.6 — the call enqueues
+    # +#record+ is fire-and-forget per ADR-047 §2.6 — the call enqueues
     # the event onto an in-memory bounded buffer and returns
-    # immediately. +#list+ and +#get+ are synchronous.
+    # immediately. +#list+ and +#get+ are synchronous reads.
     class Events
       def initialize(api)
         @api = api
@@ -53,16 +53,16 @@ module Smplkit
           type: "event",
           attributes: attrs
         )
-        body = SmplkitGeneratedClient::Audit::EventResponse.new(data: resource)
+        body = SmplkitGeneratedClient::Audit::EventRequest.new(data: resource)
         @buffer.enqueue(body, idempotency_key)
       end
 
       # Single-event retrieval.
       #
-      # Raises +SmplkitGeneratedClient::Audit::ApiError+ on non-2xx
-      # responses (404 if the event is not in the caller's account).
+      # Raises {Smplkit::NotFoundError} when no event with that id
+      # exists in the caller's account.
       def get(event_id)
-        resp = @api.get_event(event_id)
+        resp = Smplkit::Audit.call_api { @api.get_event(event_id) }
         AuditEvent.from_resource(resp.data)
       end
 
@@ -88,19 +88,9 @@ module Smplkit
         opts[:page_size] = page_size if page_size
         opts[:page_after] = page_after if page_after
 
-        resp = @api.list_events(opts)
+        resp = Smplkit::Audit.call_api { @api.list_events(opts) }
         events = (resp.data || []).map { |r| AuditEvent.from_resource(r) }
-        next_cursor = nil
-        if resp.links&._next.is_a?(String)
-          next_link = resp.links._next
-          if (idx = next_link.index("page[after]="))
-            next_cursor = next_link[(idx + "page[after]=".length)..]
-            if (amp = next_cursor.index("&"))
-              next_cursor = next_cursor[0...amp]
-            end
-          end
-        end
-        ListEventsPage.new(events, next_cursor)
+        ListEventsPage.new(events, Smplkit::Audit.next_cursor(resp.links&._next))
       end
 
       # Block until the in-memory buffer is drained or the timeout elapses.
@@ -114,33 +104,6 @@ module Smplkit
       end
     end
 
-    # Public-facing audit event resource. ADR-047 §2.3.1.
-    AuditEvent = Struct.new(
-      :id, :action, :resource_type, :resource_id,
-      :occurred_at, :created_at,
-      :actor_type, :actor_id, :actor_label,
-      :data, :idempotency_key, :do_not_forward,
-      keyword_init: true
-    ) do
-      def self.from_resource(resource)
-        attrs = resource.attributes
-        new(
-          id: resource.id,
-          action: attrs.action,
-          resource_type: attrs.resource_type,
-          resource_id: attrs.resource_id,
-          occurred_at: attrs.occurred_at,
-          created_at: attrs.created_at,
-          actor_type: attrs.actor_type,
-          actor_id: attrs.actor_id,
-          actor_label: attrs.actor_label,
-          data: Smplkit::Helpers.deep_stringify_keys(attrs.data || {}),
-          idempotency_key: attrs.idempotency_key,
-          do_not_forward: attrs.do_not_forward || false
-        )
-      end
-    end
-
     # One page of events plus a cursor for the next page (nil on the last page).
     ListEventsPage = Struct.new(:events, :next_cursor)
   end

data/lib/smplkit/audit/models.rb

@@ -0,0 +1,197 @@
+# frozen_string_literal: true
+
+module Smplkit
+  module Audit
+    # Parse the +page[after]+ cursor out of a JSON:API +links.next+
+    # URL. Returns nil for non-string input or when the link carries
+    # no cursor parameter; trims trailing query params at the next
+    # ampersand so they don't leak into the token.
+    # Wrap a generated-audit-API call and translate +ApiError+ into the
+    # +Smplkit::Error+ hierarchy. Connection-level failures (no
+    # response code) become {Smplkit::ConnectionError}; status-coded
+    # failures route through {Smplkit::Errors.raise_for_status}, which
+    # emits +PaymentRequiredError+ / +NotFoundError+ / +ConflictError+
+    # / +ValidationError+ / +Error+ depending on the JSON:API body.
+    def self.call_api
+      yield
+    rescue SmplkitGeneratedClient::Audit::ApiError => e
+      raise Smplkit::ConnectionError, e.message.to_s if e.code.nil? || e.code.zero?
+
+      Smplkit::Errors.raise_for_status(e.code, e.response_body.to_s)
+      # raise_for_status only returns on 2xx; if we get here the
+      # generated layer raised on a 2xx (shouldn't happen) — re-raise
+      # the original so the caller can inspect.
+      raise
+    end
+
+    def self.next_cursor(link)
+      return nil unless link.is_a?(String)
+
+      idx = link.index("page[after]=")
+      return nil if idx.nil?
+
+      token = link[(idx + "page[after]=".length)..]
+      amp = token.index("&")
+      amp ? token[0...amp] : token
+    end
+
+    # Public-facing enum for SIEM streaming destination types.
+    #
+    # Mirrors the +ForwarderType+ enum the audit OpenAPI spec emits
+    # (ADR-047 §2.12). Customers pass these constants — or any string
+    # in {VALUES} — to the management +forwarders+ surface. The wrapper
+    # validates membership before round-tripping to the wire.
+    module ForwarderType
+      HTTP = "HTTP"
+      DATADOG = "DATADOG"
+      SPLUNK_HEC = "SPLUNK_HEC"
+      SUMO_LOGIC = "SUMO_LOGIC"
+      NEW_RELIC = "NEW_RELIC"
+      HONEYCOMB = "HONEYCOMB"
+      ELASTIC = "ELASTIC"
+
+      VALUES = [HTTP, DATADOG, SPLUNK_HEC, SUMO_LOGIC, NEW_RELIC, HONEYCOMB, ELASTIC].freeze
+
+      def self.coerce(value)
+        return nil if value.nil?
+
+        s = value.to_s
+        return s if VALUES.include?(s)
+
+        raise ArgumentError,
+              "Unknown ForwarderType #{value.inspect}; expected one of #{VALUES.inspect}"
+      end
+    end
+
+    # Public-facing audit event resource. ADR-047 §2.3.1.
+    AuditEvent = Struct.new(
+      :id, :action, :resource_type, :resource_id,
+      :occurred_at, :created_at,
+      :actor_type, :actor_id, :actor_label,
+      :data, :idempotency_key, :do_not_forward,
+      keyword_init: true
+    ) do
+      def self.from_resource(resource)
+        attrs = resource.attributes
+        new(
+          id: resource.id,
+          action: attrs.action,
+          resource_type: attrs.resource_type,
+          resource_id: attrs.resource_id,
+          occurred_at: attrs.occurred_at,
+          created_at: attrs.created_at,
+          actor_type: attrs.actor_type,
+          actor_id: attrs.actor_id,
+          actor_label: attrs.actor_label,
+          data: Smplkit::Helpers.deep_stringify_keys(attrs.data || {}),
+          idempotency_key: attrs.idempotency_key,
+          do_not_forward: attrs.do_not_forward || false
+        )
+      end
+    end
+
+    # A distinct +resource_type+ slug seen for the account.
+    #
+    # The +id+ and +resource_type+ are the same value — JSON:API surfaces
+    # the customer-facing key as the resource id (ADR-014). The duplication
+    # keeps SDK consumers from having to dig into the id field when
+    # filtering UI controls; pick whichever name reads better in context.
+    ResourceType = Struct.new(:id, :resource_type, :created_at, keyword_init: true) do
+      def self.from_resource(resource)
+        attrs = resource.attributes
+        new(
+          id: resource.id,
+          resource_type: attrs.resource_type || resource.id,
+          created_at: attrs.created_at
+        )
+      end
+    end
+
+    # A distinct +action+ slug seen for the account.
+    #
+    # Same shape as {ResourceType} — +id+ and +action+ are the same value.
+    # +created_at+ is the earliest sighting; when the parent list call
+    # filtered by +resource_type+, this is the first sighting of that
+    # specific (action, resource_type) triple, not the action overall.
+    Action = Struct.new(:id, :action, :created_at, keyword_init: true) do
+      def self.from_resource(resource)
+        attrs = resource.attributes
+        new(
+          id: resource.id,
+          action: attrs.action || resource.id,
+          created_at: attrs.created_at
+        )
+      end
+    end
+
+    HttpHeader = Struct.new(:name, :value, keyword_init: true)
+
+    # rubocop:disable Lint/StructNewOverride -- ``:method`` matches the
+    # API attribute and shadowing Struct#method is the expected ergonomics.
+    ForwarderHttp = Struct.new(:method, :url, :headers, :body, :success_status, keyword_init: true) do
+      def initialize(method: "POST", url: "", headers: nil, body: nil, success_status: "2xx")
+        super(method: method, url: url, headers: headers || [], body: body, success_status: success_status)
+      end
+
+      def self.to_wire(src)
+        h = src.is_a?(Hash) ? new(**src) : src
+        SmplkitGeneratedClient::Audit::ForwarderHttp.new(
+          method: h.method,
+          url: h.url,
+          headers: (h.headers || []).map do |hdr|
+            name, value = if hdr.is_a?(Hash)
+                            [hdr[:name] || hdr["name"],
+                             hdr[:value] || hdr["value"]]
+                          else
+                            [hdr.name, hdr.value]
+                          end
+            SmplkitGeneratedClient::Audit::HttpHeader.new(name: name, value: value)
+          end,
+          body: h.body,
+          success_status: h.success_status
+        )
+      end
+
+      def self.from_wire(src)
+        return new if src.nil?
+
+        new(
+          method: src.method || "POST",
+          url: src.url || "",
+          headers: (src.headers || []).map { |h| HttpHeader.new(name: h.name, value: h.value) },
+          body: src.body,
+          success_status: src.success_status || "2xx"
+        )
+      end
+    end
+    # rubocop:enable Lint/StructNewOverride
+
+    # rubocop:disable Lint/StructNewOverride -- ``:filter`` matches the
+    # API attribute and shadowing Struct#filter is the expected ergonomics.
+    Forwarder = Struct.new(
+      :id, :name, :slug, :forwarder_type, :enabled,
+      :filter, :transform, :http,
+      :created_at, :updated_at, :deleted_at, :version,
+      keyword_init: true
+    ) do
+      def self.from_resource(resource)
+        a = resource.attributes
+        new(
+          id: resource.id,
+          name: a.name,
+          slug: a.slug,
+          forwarder_type: a.forwarder_type,
+          enabled: a.enabled.nil? || a.enabled,
+          filter: a.filter.nil? ? nil : Smplkit::Helpers.deep_stringify_keys(a.filter),
+          transform: a.transform,
+          http: ForwarderHttp.from_wire(a.http),
+          created_at: a.created_at,
+          updated_at: a.updated_at,
+          deleted_at: a.deleted_at,
+          version: a.version
+        )
+      end
+    end
+    # rubocop:enable Lint/StructNewOverride
+  end
+end

data/lib/smplkit/audit/resource_types.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+module Smplkit
+  module Audit
+    # +client.audit.resource_types.list+ — distinct +resource_type+ slugs
+    # seen for the account.
+    #
+    # Backed by a maintain-by-write side table (ADR-047 §2.5), so the
+    # response time is independent of how many years of events the
+    # account has accumulated. Sorted alphabetically; cursor pagination
+    # via +page_after+.
+    class ResourceTypes
+      def initialize(api)
+        @api = api
+      end
+
+      def list(page_size: nil, page_after: nil)
+        opts = {}
+        opts[:page_size] = page_size if page_size
+        opts[:page_after] = page_after if page_after
+
+        resp = Smplkit::Audit.call_api { @api.list_resource_types(opts) }
+        rows = (resp.data || []).map { |r| ResourceType.from_resource(r) }
+        ResourceTypeListPage.new(rows, Smplkit::Audit.next_cursor(resp.links&._next))
+      end
+    end
+
+    ResourceTypeListPage = Struct.new(:resource_types, :next_cursor)
+  end
+end

data/lib/smplkit/errors.rb

@@ -70,6 +70,10 @@ module Smplkit
   class ConflictError < Error; end
   class ValidationError < Error; end
 
+  # Raised when the server rejects a request because the account's
+  # subscription plan does not include the required entitlement.
+  class PaymentRequiredError < Error; end
+
   module Errors
     module_function
 
@@ -102,6 +106,7 @@ module Smplkit
 
       exc_cls =
         case status_code
+        when 402 then PaymentRequiredError
         when 404 then NotFoundError
         when 409 then ConflictError
         when 400, 422 then ValidationError

data/lib/smplkit/management/audit.rb

@@ -0,0 +1,111 @@
+# frozen_string_literal: true
+
+module Smplkit
+  module Management
+    # Audit management surface — accessed via +mgmt.audit.forwarders+.
+    #
+    # Counterpart to the runtime {Smplkit::Audit::AuditClient}. The
+    # runtime client owns event recording and read-side queries; this
+    # surface owns SIEM forwarder CRUD. ADR-047 §2.7.
+    class AuditNamespace
+      attr_reader :forwarders
+
+      def initialize(api_client)
+        @forwarders = ForwardersNamespace.new(
+          SmplkitGeneratedClient::Audit::ForwardersApi.new(api_client)
+        )
+      end
+    end
+
+    # +mgmt.audit.forwarders.*+ — manage the customer's configured SIEM
+    # forwarders.
+    class ForwardersNamespace
+      def initialize(api)
+        @api = api
+      end
+
+      # Create a forwarder.
+      #
+      # @param name [String] Display name. The slug is derived
+      #   server-side.
+      # @param forwarder_type [String, Smplkit::Audit::ForwarderType]
+      #   One of the published {Smplkit::Audit::ForwarderType} constants
+      #   (or the equivalent string).
+      # @param http [Smplkit::Audit::ForwarderHttp, Hash] Destination
+      #   configuration. Headers carry credentials and are encrypted at
+      #   rest server-side; reads return them redacted.
+      # @param enabled [Boolean] Whether the forwarder is active.
+      # @param filter [Hash, nil] Optional JSON Logic filter; events
+      #   that don't match are recorded as +filtered_out+ deliveries.
+      # @param transform [String, nil] Optional JSONata template
+      #   applied to the event payload before POST. Nil/empty sends the
+      #   event as-is.
+      def create(name:, forwarder_type:, http:, enabled: true,
+                 filter: nil, transform: nil)
+        body = build_body(nil, name: name, forwarder_type: forwarder_type,
+                               http: http, enabled: enabled,
+                               filter: filter, transform: transform)
+        resp = Smplkit::Audit.call_api { @api.create_forwarder(body) }
+        Smplkit::Audit::Forwarder.from_resource(resp.data)
+      end
+
+      def list(forwarder_type: nil, enabled: nil, page_size: nil, page_after: nil)
+        opts = {}
+        opts[:filter_forwarder_type] = Smplkit::Audit::ForwarderType.coerce(forwarder_type) if forwarder_type
+        opts[:filter_enabled] = enabled unless enabled.nil?
+        opts[:page_size] = page_size if page_size
+        opts[:page_after] = page_after if page_after
+
+        resp = Smplkit::Audit.call_api { @api.list_forwarders(opts) }
+        forwarders = (resp.data || []).map { |r| Smplkit::Audit::Forwarder.from_resource(r) }
+        ForwarderListPage.new(forwarders, Smplkit::Audit.next_cursor(resp.links&._next))
+      end
+
+      def get(forwarder_id)
+        resp = Smplkit::Audit.call_api { @api.get_forwarder(forwarder_id) }
+        Smplkit::Audit::Forwarder.from_resource(resp.data)
+      end
+
+      # Full-replace update. PUT semantics — every field is overwritten.
+      #
+      # Header values must be re-supplied as plaintext; the GET path
+      # redacts them, so a PUT body containing +"<redacted>"+ would
+      # persist that literal. Track real header values client-side and
+      # round-trip them on update.
+      def update(forwarder_id, name:, forwarder_type:, http:, enabled: true,
+                 filter: nil, transform: nil)
+        body = build_body(forwarder_id, name: name, forwarder_type: forwarder_type,
+                                        http: http, enabled: enabled,
+                                        filter: filter, transform: transform)
+        resp = Smplkit::Audit.call_api { @api.update_forwarder(forwarder_id, body) }
+        Smplkit::Audit::Forwarder.from_resource(resp.data)
+      end
+
+      def delete(forwarder_id)
+        Smplkit::Audit.call_api { @api.delete_forwarder(forwarder_id) }
+        nil
+      end
+
+      private
+
+      def build_body(id, name:, forwarder_type:, http:, enabled:, filter:, transform:)
+        attrs = SmplkitGeneratedClient::Audit::Forwarder.new(
+          name: name,
+          forwarder_type: Smplkit::Audit::ForwarderType.coerce(forwarder_type),
+          enabled: enabled,
+          http: Smplkit::Audit::ForwarderHttp.to_wire(http),
+          filter: filter,
+          transform: transform
+        )
+        resource = SmplkitGeneratedClient::Audit::ForwarderResource.new(
+          id: id ? id.to_s : "",
+          type: "forwarder",
+          attributes: attrs
+        )
+        SmplkitGeneratedClient::Audit::ForwarderRequest.new(data: resource)
+      end
+    end
+
+    ForwarderListPage = Struct.new(:forwarders, :next_cursor)
+  end
+end

data/lib/smplkit/management/client.rb

@@ -28,7 +28,7 @@ module Smplkit
   # +<resource>_from_resource+ helpers.
   class ManagementClient
     attr_reader :contexts, :context_types, :environments, :account_settings,
-                :config, :flags, :loggers, :log_groups
+                :config, :flags, :loggers, :log_groups, :audit
 
     def self.from_resolved(resolved, extra_headers: nil)
       new(_resolved: resolved, extra_headers: extra_headers)
@@ -50,6 +50,7 @@ module Smplkit
       @config_api_client = build_api_client(SmplkitGeneratedClient::Config, "config", cfg)
       @flags_api_client = build_api_client(SmplkitGeneratedClient::Flags, "flags", cfg)
       @logging_api_client = build_api_client(SmplkitGeneratedClient::Logging, "logging", cfg)
+      @audit_api_client = build_api_client(SmplkitGeneratedClient::Audit, "audit", cfg)
 
       @contexts = ContextsNamespace.new(@app_api_client)
       @context_types = ContextTypesNamespace.new(@app_api_client)
@@ -59,6 +60,7 @@ module Smplkit
       @flags = FlagsNamespace.new(@flags_api_client)
       @loggers = LoggersNamespace.new(@logging_api_client)
       @log_groups = LogGroupsNamespace.new(@logging_api_client)
+      @audit = Management::AuditNamespace.new(@audit_api_client)
     end
 
     def close
@@ -71,6 +73,7 @@ module Smplkit
     def _config_http = @config_api_client
     def _flags_http = @flags_api_client
     def _logging_http = @logging_api_client
+    def _audit_http = @audit_api_client
 
     SDK_OWNED_HEADERS = %w[authorization content-type user-agent].freeze
 

data/lib/smplkit.rb

@@ -58,15 +58,17 @@ require_relative "smplkit/logging/helpers"
 require_relative "smplkit/logging/adapters/base"
 require_relative "smplkit/logging/adapters/stdlib_logger_adapter"
 require_relative "smplkit/logging/client"
+require_relative "smplkit/audit/models"
+require_relative "smplkit/audit/buffer"
+require_relative "smplkit/audit/events"
+require_relative "smplkit/audit/resource_types"
+require_relative "smplkit/audit/actions"
+require_relative "smplkit/audit/client"
 require_relative "smplkit/management/types"
 require_relative "smplkit/management/models"
 require_relative "smplkit/management/buffer"
+require_relative "smplkit/management/audit"
 require_relative "smplkit/management/client"
-require_relative "smplkit/audit/buffer"
-require_relative "smplkit/audit/events"
-require_relative "smplkit/audit/forwarders"
-require_relative "smplkit/audit/functions"
-require_relative "smplkit/audit/client"
 require_relative "smplkit/client"
 
 require_relative "smplkit/railtie" if defined?(Rails::Railtie)

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: smplkit
 version: !ruby/object:Gem::Version
-  version: 2.0.14
+  version: 2.0.15
 platform: ruby
 authors:
 - Smpl Solutions LLC
@@ -410,6 +410,7 @@ files:
 - lib/smplkit/_generated/audit/lib/smplkit_audit_client/models/event_list_links.rb
 - lib/smplkit/_generated/audit/lib/smplkit_audit_client/models/event_list_meta.rb
 - lib/smplkit/_generated/audit/lib/smplkit_audit_client/models/event_list_response.rb
+- lib/smplkit/_generated/audit/lib/smplkit_audit_client/models/event_request.rb
 - lib/smplkit/_generated/audit/lib/smplkit_audit_client/models/event_resource.rb
 - lib/smplkit/_generated/audit/lib/smplkit_audit_client/models/event_response.rb
 - lib/smplkit/_generated/audit/lib/smplkit_audit_client/models/forwarder.rb
@@ -421,6 +422,7 @@ files:
 - lib/smplkit/_generated/audit/lib/smplkit_audit_client/models/forwarder_list_links.rb
 - lib/smplkit/_generated/audit/lib/smplkit_audit_client/models/forwarder_list_meta.rb
 - lib/smplkit/_generated/audit/lib/smplkit_audit_client/models/forwarder_list_response.rb
+- lib/smplkit/_generated/audit/lib/smplkit_audit_client/models/forwarder_request.rb
 - lib/smplkit/_generated/audit/lib/smplkit_audit_client/models/forwarder_resource.rb
 - lib/smplkit/_generated/audit/lib/smplkit_audit_client/models/forwarder_response.rb
 - lib/smplkit/_generated/audit/lib/smplkit_audit_client/models/forwarder_type.rb
@@ -453,6 +455,7 @@ files:
 - lib/smplkit/_generated/audit/spec/models/event_list_links_spec.rb
 - lib/smplkit/_generated/audit/spec/models/event_list_meta_spec.rb
 - lib/smplkit/_generated/audit/spec/models/event_list_response_spec.rb
+- lib/smplkit/_generated/audit/spec/models/event_request_spec.rb
 - lib/smplkit/_generated/audit/spec/models/event_resource_spec.rb
 - lib/smplkit/_generated/audit/spec/models/event_response_spec.rb
 - lib/smplkit/_generated/audit/spec/models/event_spec.rb
@@ -464,6 +467,7 @@ files:
 - lib/smplkit/_generated/audit/spec/models/forwarder_list_links_spec.rb
 - lib/smplkit/_generated/audit/spec/models/forwarder_list_meta_spec.rb
 - lib/smplkit/_generated/audit/spec/models/forwarder_list_response_spec.rb
+- lib/smplkit/_generated/audit/spec/models/forwarder_request_spec.rb
 - lib/smplkit/_generated/audit/spec/models/forwarder_resource_spec.rb
 - lib/smplkit/_generated/audit/spec/models/forwarder_response_spec.rb
 - lib/smplkit/_generated/audit/spec/models/forwarder_spec.rb
@@ -638,11 +642,12 @@ files:
 - lib/smplkit/_generated/logging/spec/models/usage_list_response_spec.rb
 - lib/smplkit/_generated/logging/spec/models/usage_resource_spec.rb
 - lib/smplkit/_generated/logging/spec/spec_helper.rb
+- lib/smplkit/audit/actions.rb
 - lib/smplkit/audit/buffer.rb
 - lib/smplkit/audit/client.rb
 - lib/smplkit/audit/events.rb
-- lib/smplkit/audit/forwarders.rb
-- lib/smplkit/audit/functions.rb
+- lib/smplkit/audit/models.rb
+- lib/smplkit/audit/resource_types.rb
 - lib/smplkit/client.rb
 - lib/smplkit/config/client.rb
 - lib/smplkit/config/helpers.rb
@@ -667,6 +672,7 @@ files:
 - lib/smplkit/logging/models.rb
 - lib/smplkit/logging/normalize.rb
 - lib/smplkit/logging/sources.rb
+- lib/smplkit/management/audit.rb
 - lib/smplkit/management/buffer.rb
 - lib/smplkit/management/client.rb
 - lib/smplkit/management/models.rb