@bunbase-ae/js 2.16.1-next.366.a8d9838 → 2.16.1-next.367.86ccc66

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bunbase-ae/js",
-  "version": "2.16.1-next.366.a8d9838",
+  "version": "2.16.1-next.367.86ccc66",
   "type": "module",
   "description": "TypeScript/JavaScript SDK for BunBase",
   "license": "UNLICENSED",

package/src/admin.ts

@@ -359,6 +359,77 @@ export interface SettingsAuditEntry {
   changed_at: number;
 }
 
+// One row from the general admin audit log (`GET /api/v1/admin/audit`).
+// Mirrors the server-side `AuditLogRow` shape (see apps/server/src/auditDb.ts).
+// `before` / `after` / `diff` are JSON strings as stored — callers parse if needed.
+export interface AuditLogEntry {
+  id: number;
+  ts: number;
+  collection: string;
+  record_id: string;
+  operation: string;
+  user_id: string | null;
+  tenant_id: string | null;
+  ip: string | null;
+  user_agent: string | null;
+  request_id: string | null;
+  before: string | null;
+  after: string | null;
+  diff: string | null;
+}
+
+export interface AuditListParams {
+  /** Filter by audit collection (real collection name, or one of `AUDIT_COLLECTIONS.*`). */
+  collection?: string;
+  /** Filter by record id. */
+  record_id?: string;
+  /** Filter by acting user id. The literal `"admin_secret"` matches admin-secret writes. */
+  user_id?: string;
+  /** Filter by operation name (e.g. `"create"`, `"update"`, `"delete"`). */
+  operation?: string;
+  /** Inclusive lower bound (epoch ms). */
+  from?: number;
+  /** Inclusive upper bound (epoch ms). */
+  to?: number;
+  /** Resume from `next_cursor` returned by a prior call. */
+  cursor?: number;
+  /** Page size (server caps at 500, defaults to 50). */
+  limit?: number;
+}
+
+export interface AuditListResult {
+  items: AuditLogEntry[];
+  /** Cursor for the next page. `null` when the page wasn't full (end of stream). */
+  next_cursor: number | null;
+  limit: number;
+  /**
+   * Total rows matching the `collection` filter, irrespective of pagination.
+   * The server only filters this count by `collection` (and tenant), so when
+   * other filters are active the count is an overestimate.
+   */
+  total: number;
+}
+
+// Synthetic audit-only collection names used by the server-side audit log
+// (see apps/server/src/auditDb.ts). Useful for building a "filter by
+// collection" UI like the Studio Audit tab. Real collection names cannot
+// start with `_`, so these never collide with tenant data.
+export const AUDIT_COLLECTIONS = {
+  SETTINGS: "_settings",
+  BACKUPS: "_backups",
+  USERS: "_users",
+  API_KEYS: "_api_keys",
+  IMPERSONATE: "_impersonate",
+  HOOKS: "_hooks",
+  LOGS: "_logs",
+  TENANT_MEMBERS: "_tenant_members",
+  AUDIT_CONFIG: "_audit_config",
+  BUCKETS: "_buckets",
+  FILES: "_files",
+} as const;
+
+export type AuditCollection = (typeof AUDIT_COLLECTIONS)[keyof typeof AUDIT_COLLECTIONS];
+
 export interface BackupFile {
   filename: string;
   size: number;
@@ -935,6 +1006,34 @@ class AdminStorageClient {
   }
 }
 
+// General admin audit log client — wraps `GET /api/v1/admin/audit`.
+//
+// The Settings → Audit tab's existing `client.admin.settings.getAudit(...)` is
+// hard-scoped to `collection = "_settings"`. This client exposes the full audit
+// trail across every synthetic audit collection (see `AUDIT_COLLECTIONS`) so
+// operators can verify rows for `_tenant_members`, `_buckets`, `_audit_config`,
+// `_users`, `_api_keys`, `_impersonate`, `_hooks`, `_logs`, `_backups`, `_files`,
+// and any user-defined collection that has audit emit enabled.
+//
+// Tenant isolation: a JWT-authenticated caller scoped to a tenant only sees
+// rows for that tenant. An admin-secret call sees all rows.
+class AdminAuditClient {
+  constructor(private readonly http: HttpClient) {}
+
+  async list(params: AuditListParams = {}): Promise<AuditListResult> {
+    const query: Record<string, string> = {};
+    if (params.collection) query.collection = params.collection;
+    if (params.record_id) query.record_id = params.record_id;
+    if (params.user_id) query.user_id = params.user_id;
+    if (params.operation) query.operation = params.operation;
+    if (params.from !== undefined) query.from = String(params.from);
+    if (params.to !== undefined) query.to = String(params.to);
+    if (params.cursor !== undefined) query.cursor = String(params.cursor);
+    if (params.limit !== undefined) query.limit = String(params.limit);
+    return this.http.request<AuditListResult>("GET", "/api/v1/admin/audit", { query });
+  }
+}
+
 class AdminSettingsClient {
   constructor(private readonly http: HttpClient) {}
 
@@ -1500,6 +1599,7 @@ export class AdminClient {
   readonly relations: AdminRelationsClient;
   readonly storage: AdminStorageClient;
   readonly settings: AdminSettingsClient;
+  readonly audit: AdminAuditClient;
   readonly backups: AdminBackupsClient;
   readonly migrations: AdminMigrationsClient;
   readonly queries: AdminNamedQueriesClient;
@@ -1516,6 +1616,7 @@ export class AdminClient {
     this.relations = new AdminRelationsClient(http);
     this.storage = new AdminStorageClient(http);
     this.settings = new AdminSettingsClient(http);
+    this.audit = new AdminAuditClient(http);
     this.backups = new AdminBackupsClient(http);
     this.migrations = new AdminMigrationsClient(http);
     this.queries = new AdminNamedQueriesClient(http);

package/src/index.ts

@@ -9,6 +9,11 @@ export {
   type AdminStoredFile,
   type AdminTenantMembership,
   type AdminUser,
+  AUDIT_COLLECTIONS,
+  type AuditCollection,
+  type AuditListParams,
+  type AuditListResult,
+  type AuditLogEntry,
   type BackupDestinationConfig,
   type BackupFile,
   type BackupRetentionPolicy,