npm - @geekmidas/constructs - Versions diffs - 0.3.2 → 0.5.0 - Mend

@geekmidas/constructs 0.3.2 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (550) hide show

package/src/endpoints/__tests__/AmazonApiGatewayV2EndpointAdaptor.audits.spec.ts CHANGED Viewed

@@ -1,7 +1,7 @@
 import type {
-  AuditRecord,
-  AuditStorage,
-  AuditableAction,
+	AuditableAction,
+	AuditRecord,
+	AuditStorage,
 } from '@geekmidas/audit';
 import { EnvironmentParser } from '@geekmidas/envkit';
 import type { Logger } from '@geekmidas/logger';
@@ -10,617 +10,617 @@ import { createMockContext, createMockV2Event } from '@geekmidas/testkit/aws';
 import { beforeEach, describe, expect, it, vi } from 'vitest';
 import { z } from 'zod';
 import { AmazonApiGatewayV2Endpoint } from '../AmazonApiGatewayV2EndpointAdaptor';
-import { Endpoint } from '../Endpoint';
 import type { ActorExtractor, MappedAudit } from '../audit';
+import { Endpoint } from '../Endpoint';
 // In-memory audit storage for testing
 class InMemoryAuditStorage implements AuditStorage {
-  records: AuditRecord[] = [];
+	records: AuditRecord[] = [];
-  async write(records: AuditRecord[]): Promise<void> {
-    this.records.push(...records);
-  }
+	async write(records: AuditRecord[]): Promise<void> {
+		this.records.push(...records);
+	}
-  async query(): Promise<AuditRecord[]> {
-    return this.records;
-  }
+	async query(): Promise<AuditRecord[]> {
+		return this.records;
+	}
-  clear(): void {
-    this.records = [];
-  }
+	clear(): void {
+		this.records = [];
+	}
 }
 // Test audit action types
 type TestAuditAction =
-  | AuditableAction<'user.created', { userId: string; email: string }>
-  | AuditableAction<'user.updated', { userId: string; changes: string[] }>
-  | AuditableAction<'order.placed', { orderId: string; total: number }>;
+	| AuditableAction<'user.created', { userId: string; email: string }>
+	| AuditableAction<'user.updated', { userId: string; changes: string[] }>
+	| AuditableAction<'order.placed', { orderId: string; total: number }>;
 // Mock logger
 const createMockLogger = (): Logger => {
-  const logger: Logger = {
-    debug: vi.fn(),
-    info: vi.fn(),
-    warn: vi.fn(),
-    error: vi.fn(),
-    fatal: vi.fn(),
-    trace: vi.fn(),
-    child: vi.fn(() => logger),
-  };
-  return logger;
+	const logger: Logger = {
+		debug: vi.fn(),
+		info: vi.fn(),
+		warn: vi.fn(),
+		error: vi.fn(),
+		fatal: vi.fn(),
+		trace: vi.fn(),
+		child: vi.fn(() => logger),
+	};
+	return logger;
 };
 describe('AmazonApiGatewayV2Endpoint Audits', () => {
-  let mockLogger: Logger;
-  let envParser: EnvironmentParser<{}>;
-  beforeEach(() => {
-    vi.clearAllMocks();
-    ServiceDiscovery.reset();
-    mockLogger = createMockLogger();
-    envParser = new EnvironmentParser({});
-  });
-  it('should process audits after successful endpoint execution', async () => {
-    const auditStorage = new InMemoryAuditStorage();
-    const auditStorageService: Service<'auditStorage', InMemoryAuditStorage> = {
-      serviceName: 'auditStorage' as const,
-      register: vi.fn().mockResolvedValue(auditStorage),
-    };
-    const outputSchema = z.object({ id: z.string(), email: z.string() });
-    const audits: MappedAudit<TestAuditAction, typeof outputSchema>[] = [
-      {
-        type: 'user.created',
-        payload: (response) => ({ userId: response.id, email: response.email }),
-      },
-    ];
-    const endpoint = new Endpoint({
-      route: '/users',
-      method: 'POST',
-      fn: async () => ({ id: '123', email: 'test@example.com' }),
-      input: undefined,
-      output: outputSchema,
-      services: [],
-      logger: mockLogger,
-      timeout: undefined,
-      memorySize: undefined,
-      status: 200,
-      getSession: undefined,
-      authorize: undefined,
-      description: undefined,
-      events: [],
-      publisherService: undefined,
-      auditorStorageService: auditStorageService,
-      audits,
-    });
-    const adapter = new AmazonApiGatewayV2Endpoint(envParser, endpoint as any);
-    const handler = adapter.handler;
-    const event = createMockV2Event({
-      requestContext: {
-        ...createMockV2Event().requestContext,
-        http: {
-          method: 'POST',
-          path: '/users',
-          protocol: 'HTTP/1.1',
-          sourceIp: '192.168.1.1',
-          userAgent: 'test-agent',
-        },
-      },
-      body: JSON.stringify({}),
-    });
-    const context = createMockContext();
-    const response = await handler(event, context);
-    expect(response.statusCode).toBe(200);
-    expect(response.body).toBe(
-      JSON.stringify({ id: '123', email: 'test@example.com' }),
-    );
-    // Verify audit was written
-    expect(auditStorage.records).toHaveLength(1);
-    expect(auditStorage.records[0].type).toBe('user.created');
-    expect(auditStorage.records[0].payload).toEqual({
-      userId: '123',
-      email: 'test@example.com',
-    });
-  });
-  it('should process multiple audits after successful endpoint execution', async () => {
-    const auditStorage = new InMemoryAuditStorage();
-    const auditStorageService: Service<'auditStorage', InMemoryAuditStorage> = {
-      serviceName: 'auditStorage' as const,
-      register: vi.fn().mockResolvedValue(auditStorage),
-    };
-    const outputSchema = z.object({
-      id: z.string(),
-      email: z.string(),
-      changes: z.array(z.string()),
-    });
-    const audits: MappedAudit<TestAuditAction, typeof outputSchema>[] = [
-      {
-        type: 'user.created',
-        payload: (response) => ({ userId: response.id, email: response.email }),
-      },
-      {
-        type: 'user.updated',
-        payload: (response) => ({
-          userId: response.id,
-          changes: response.changes,
-        }),
-      },
-    ];
-    const endpoint = new Endpoint({
-      route: '/users',
-      method: 'POST',
-      fn: async () => ({
-        id: '456',
-        email: 'user@example.com',
-        changes: ['name', 'email'],
-      }),
-      input: undefined,
-      output: outputSchema,
-      services: [],
-      logger: mockLogger,
-      timeout: undefined,
-      memorySize: undefined,
-      status: 201,
-      getSession: undefined,
-      authorize: undefined,
-      description: undefined,
-      events: [],
-      publisherService: undefined,
-      auditorStorageService: auditStorageService,
-      audits,
-    });
-    const adapter = new AmazonApiGatewayV2Endpoint(envParser, endpoint as any);
-    const handler = adapter.handler;
-    const event = createMockV2Event({
-      requestContext: {
-        ...createMockV2Event().requestContext,
-        http: {
-          method: 'POST',
-          path: '/users',
-          protocol: 'HTTP/1.1',
-          sourceIp: '192.168.1.1',
-          userAgent: 'test-agent',
-        },
-      },
-      body: JSON.stringify({}),
-    });
-    const context = createMockContext();
-    const response = await handler(event, context);
-    expect(response.statusCode).toBe(201);
-    // Verify both audits were written
-    expect(auditStorage.records).toHaveLength(2);
-    expect(auditStorage.records[0].type).toBe('user.created');
-    expect(auditStorage.records[1].type).toBe('user.updated');
-  });
-  it('should respect when conditions for audits', async () => {
-    const auditStorage = new InMemoryAuditStorage();
-    const auditStorageService: Service<'auditStorage', InMemoryAuditStorage> = {
-      serviceName: 'auditStorage' as const,
-      register: vi.fn().mockResolvedValue(auditStorage),
-    };
-    const outputSchema = z.object({
-      id: z.string(),
-      email: z.string(),
-      isNew: z.boolean(),
-    });
-    const audits: MappedAudit<TestAuditAction, typeof outputSchema>[] = [
-      {
-        type: 'user.created',
-        payload: (response) => ({ userId: response.id, email: response.email }),
-        when: (response) => response.isNew === true,
-      },
-      {
-        type: 'user.updated',
-        payload: (response) => ({ userId: response.id, changes: ['profile'] }),
-        when: (response) => response.isNew === false,
-      },
-    ];
-    const endpoint = new Endpoint({
-      route: '/users/:id',
-      method: 'PUT',
-      fn: async () => ({
-        id: '789',
-        email: 'updated@example.com',
-        isNew: false,
-      }),
-      input: undefined,
-      output: outputSchema,
-      services: [],
-      logger: mockLogger,
-      timeout: undefined,
-      memorySize: undefined,
-      status: 200,
-      getSession: undefined,
-      authorize: undefined,
-      description: undefined,
-      events: [],
-      publisherService: undefined,
-      auditorStorageService: auditStorageService,
-      audits,
-    });
-    const adapter = new AmazonApiGatewayV2Endpoint(envParser, endpoint as any);
-    const handler = adapter.handler;
-    const event = createMockV2Event({
-      requestContext: {
-        ...createMockV2Event().requestContext,
-        http: {
-          method: 'PUT',
-          path: '/users/789',
-          protocol: 'HTTP/1.1',
-          sourceIp: '192.168.1.1',
-          userAgent: 'test-agent',
-        },
-      },
-      pathParameters: { id: '789' },
-      body: JSON.stringify({}),
-    });
-    const context = createMockContext();
-    const response = await handler(event, context);
-    expect(response.statusCode).toBe(200);
-    // Only user.updated audit should be written due to when condition
-    expect(auditStorage.records).toHaveLength(1);
-    expect(auditStorage.records[0].type).toBe('user.updated');
-  });
-  it('should extract actor from request context', async () => {
-    const auditStorage = new InMemoryAuditStorage();
-    const auditStorageService: Service<'auditStorage', InMemoryAuditStorage> = {
-      serviceName: 'auditStorage' as const,
-      register: vi.fn().mockResolvedValue(auditStorage),
-    };
-    const actorExtractor: ActorExtractor = ({ header }) => ({
-      id: header('x-user-id') ?? 'anonymous',
-      type: 'user',
-      ip: header('x-forwarded-for'),
-    });
-    const outputSchema = z.object({ id: z.string(), email: z.string() });
-    const audits: MappedAudit<TestAuditAction, typeof outputSchema>[] = [
-      {
-        type: 'user.created',
-        payload: (response) => ({ userId: response.id, email: response.email }),
-      },
-    ];
-    const endpoint = new Endpoint({
-      route: '/users',
-      method: 'POST',
-      fn: async () => ({ id: '123', email: 'test@example.com' }),
-      input: undefined,
-      output: outputSchema,
-      services: [],
-      logger: mockLogger,
-      timeout: undefined,
-      memorySize: undefined,
-      status: 200,
-      getSession: undefined,
-      authorize: undefined,
-      description: undefined,
-      events: [],
-      publisherService: undefined,
-      auditorStorageService: auditStorageService,
-      actorExtractor,
-      audits,
-    });
-    const adapter = new AmazonApiGatewayV2Endpoint(envParser, endpoint as any);
-    const handler = adapter.handler;
-    const event = createMockV2Event({
-      requestContext: {
-        ...createMockV2Event().requestContext,
-        http: {
-          method: 'POST',
-          path: '/users',
-          protocol: 'HTTP/1.1',
-          sourceIp: '192.168.1.1',
-          userAgent: 'test-agent',
-        },
-      },
-      headers: {
-        'content-type': 'application/json',
-        'x-user-id': 'user-456',
-        'x-forwarded-for': '192.168.1.1',
-      },
-      body: JSON.stringify({}),
-    });
-    const context = createMockContext();
-    const response = await handler(event, context);
-    expect(response.statusCode).toBe(200);
-    // Verify actor was extracted correctly
-    expect(auditStorage.records).toHaveLength(1);
-    expect(auditStorage.records[0].actor).toEqual({
-      id: 'user-456',
-      type: 'user',
-      ip: '192.168.1.1',
-    });
-  });
-  it('should not process audits when no auditor storage is configured', async () => {
-    const outputSchema = z.object({ id: z.string(), email: z.string() });
-    const audits: MappedAudit<TestAuditAction, typeof outputSchema>[] = [
-      {
-        type: 'user.created',
-        payload: (response) => ({ userId: response.id, email: response.email }),
-      },
-    ];
-    const endpoint = new Endpoint({
-      route: '/users',
-      method: 'POST',
-      fn: async () => ({ id: '999', email: 'test@example.com' }),
-      input: undefined,
-      output: outputSchema,
-      services: [],
-      logger: mockLogger,
-      timeout: undefined,
-      memorySize: undefined,
-      status: 200,
-      getSession: undefined,
-      authorize: undefined,
-      description: undefined,
-      events: [],
-      publisherService: undefined,
-      auditorStorageService: undefined, // No auditor storage
-      audits,
-    });
-    const adapter = new AmazonApiGatewayV2Endpoint(envParser, endpoint as any);
-    const handler = adapter.handler;
-    const event = createMockV2Event({
-      requestContext: {
-        ...createMockV2Event().requestContext,
-        http: {
-          method: 'POST',
-          path: '/users',
-          protocol: 'HTTP/1.1',
-          sourceIp: '192.168.1.1',
-          userAgent: 'test-agent',
-        },
-      },
-      body: JSON.stringify({}),
-    });
-    const context = createMockContext();
-    const response = await handler(event, context);
-    expect(response.statusCode).toBe(200);
-    expect(response.body).toBe(
-      JSON.stringify({ id: '999', email: 'test@example.com' }),
-    );
-    // Should log warning
-    expect(mockLogger.warn).toHaveBeenCalledWith(
-      'No auditor storage service available',
-    );
-  });
-  it('should not process audits when endpoint throws an error', async () => {
-    const auditStorage = new InMemoryAuditStorage();
-    const auditStorageService: Service<'auditStorage', InMemoryAuditStorage> = {
-      serviceName: 'auditStorage' as const,
-      register: vi.fn().mockResolvedValue(auditStorage),
-    };
-    const outputSchema = z.object({ id: z.string(), email: z.string() });
-    const audits: MappedAudit<TestAuditAction, typeof outputSchema>[] = [
-      {
-        type: 'user.created',
-        payload: (response) => ({ userId: response.id, email: response.email }),
-      },
-    ];
-    const endpoint = new Endpoint({
-      route: '/users',
-      method: 'POST',
-      fn: async () => {
-        throw new Error('Something went wrong');
-      },
-      input: undefined,
-      output: outputSchema,
-      services: [],
-      logger: mockLogger,
-      timeout: undefined,
-      memorySize: undefined,
-      status: 200,
-      getSession: undefined,
-      authorize: undefined,
-      description: undefined,
-      events: [],
-      publisherService: undefined,
-      auditorStorageService: auditStorageService,
-      audits,
-    });
-    const adapter = new AmazonApiGatewayV2Endpoint(envParser, endpoint as any);
-    const handler = adapter.handler;
-    const event = createMockV2Event({
-      requestContext: {
-        ...createMockV2Event().requestContext,
-        http: {
-          method: 'POST',
-          path: '/users',
-          protocol: 'HTTP/1.1',
-          sourceIp: '192.168.1.1',
-          userAgent: 'test-agent',
-        },
-      },
-      body: JSON.stringify({}),
-    });
-    const context = createMockContext();
-    const response = await handler(event, context);
-    // Should return 500 due to error
-    expect(response.statusCode).toBe(500);
-    // No audits should be written when endpoint throws an error
-    expect(auditStorage.records).toHaveLength(0);
-  });
-  it('should include entityId in audit record when configured', async () => {
-    const auditStorage = new InMemoryAuditStorage();
-    const auditStorageService: Service<'auditStorage', InMemoryAuditStorage> = {
-      serviceName: 'auditStorage' as const,
-      register: vi.fn().mockResolvedValue(auditStorage),
-    };
-    const outputSchema = z.object({ id: z.string(), email: z.string() });
-    const audits: MappedAudit<TestAuditAction, typeof outputSchema>[] = [
-      {
-        type: 'user.created',
-        payload: (response) => ({ userId: response.id, email: response.email }),
-        entityId: (response) => response.id,
-        table: 'users',
-      },
-    ];
-    const endpoint = new Endpoint({
-      route: '/users',
-      method: 'POST',
-      fn: async () => ({ id: 'user-123', email: 'test@example.com' }),
-      input: undefined,
-      output: outputSchema,
-      services: [],
-      logger: mockLogger,
-      timeout: undefined,
-      memorySize: undefined,
-      status: 201,
-      getSession: undefined,
-      authorize: undefined,
-      description: undefined,
-      events: [],
-      publisherService: undefined,
-      auditorStorageService: auditStorageService,
-      audits,
-    });
-    const adapter = new AmazonApiGatewayV2Endpoint(envParser, endpoint as any);
-    const handler = adapter.handler;
-    const event = createMockV2Event({
-      requestContext: {
-        ...createMockV2Event().requestContext,
-        http: {
-          method: 'POST',
-          path: '/users',
-          protocol: 'HTTP/1.1',
-          sourceIp: '192.168.1.1',
-          userAgent: 'test-agent',
-        },
-      },
-      body: JSON.stringify({}),
-    });
-    const context = createMockContext();
-    const response = await handler(event, context);
-    expect(response.statusCode).toBe(201);
-    // Verify entityId and table are included
-    expect(auditStorage.records).toHaveLength(1);
-    expect(auditStorage.records[0].entityId).toBe('user-123');
-    expect(auditStorage.records[0].table).toBe('users');
-  });
-  it('should include endpoint metadata in audit records', async () => {
-    const auditStorage = new InMemoryAuditStorage();
-    const auditStorageService: Service<'auditStorage', InMemoryAuditStorage> = {
-      serviceName: 'auditStorage' as const,
-      register: vi.fn().mockResolvedValue(auditStorage),
-    };
-    const outputSchema = z.object({ id: z.string(), email: z.string() });
-    const audits: MappedAudit<TestAuditAction, typeof outputSchema>[] = [
-      {
-        type: 'user.created',
-        payload: (response) => ({ userId: response.id, email: response.email }),
-      },
-    ];
-    const endpoint = new Endpoint({
-      route: '/users',
-      method: 'POST',
-      fn: async () => ({ id: '123', email: 'test@example.com' }),
-      input: undefined,
-      output: outputSchema,
-      services: [],
-      logger: mockLogger,
-      timeout: undefined,
-      memorySize: undefined,
-      status: 200,
-      getSession: undefined,
-      authorize: undefined,
-      description: undefined,
-      events: [],
-      publisherService: undefined,
-      auditorStorageService: auditStorageService,
-      audits,
-    });
-    const adapter = new AmazonApiGatewayV2Endpoint(envParser, endpoint as any);
-    const handler = adapter.handler;
-    const event = createMockV2Event({
-      requestContext: {
-        ...createMockV2Event().requestContext,
-        http: {
-          method: 'POST',
-          path: '/users',
-          protocol: 'HTTP/1.1',
-          sourceIp: '192.168.1.1',
-          userAgent: 'test-agent',
-        },
-      },
-      body: JSON.stringify({}),
-    });
-    const context = createMockContext();
-    const response = await handler(event, context);
-    expect(response.statusCode).toBe(200);
-    // Verify metadata includes endpoint info
-    expect(auditStorage.records).toHaveLength(1);
-    expect(auditStorage.records[0].metadata).toEqual({
-      endpoint: '/users',
-      method: 'POST',
-    });
-  });
+	let mockLogger: Logger;
+	let envParser: EnvironmentParser<{}>;
+	beforeEach(() => {
+		vi.clearAllMocks();
+		ServiceDiscovery.reset();
+		mockLogger = createMockLogger();
+		envParser = new EnvironmentParser({});
+	});
+	it('should process audits after successful endpoint execution', async () => {
+		const auditStorage = new InMemoryAuditStorage();
+		const auditStorageService: Service<'auditStorage', InMemoryAuditStorage> = {
+			serviceName: 'auditStorage' as const,
+			register: vi.fn().mockResolvedValue(auditStorage),
+		};
+		const outputSchema = z.object({ id: z.string(), email: z.string() });
+		const audits: MappedAudit<TestAuditAction, typeof outputSchema>[] = [
+			{
+				type: 'user.created',
+				payload: (response) => ({ userId: response.id, email: response.email }),
+			},
+		];
+		const endpoint = new Endpoint({
+			route: '/users',
+			method: 'POST',
+			fn: async () => ({ id: '123', email: 'test@example.com' }),
+			input: undefined,
+			output: outputSchema,
+			services: [],
+			logger: mockLogger,
+			timeout: undefined,
+			memorySize: undefined,
+			status: 200,
+			getSession: undefined,
+			authorize: undefined,
+			description: undefined,
+			events: [],
+			publisherService: undefined,
+			auditorStorageService: auditStorageService,
+			audits,
+		});
+		const adapter = new AmazonApiGatewayV2Endpoint(envParser, endpoint as any);
+		const handler = adapter.handler;
+		const event = createMockV2Event({
+			requestContext: {
+				...createMockV2Event().requestContext,
+				http: {
+					method: 'POST',
+					path: '/users',
+					protocol: 'HTTP/1.1',
+					sourceIp: '192.168.1.1',
+					userAgent: 'test-agent',
+				},
+			},
+			body: JSON.stringify({}),
+		});
+		const context = createMockContext();
+		const response = await handler(event, context);
+		expect(response.statusCode).toBe(200);
+		expect(response.body).toBe(
+			JSON.stringify({ id: '123', email: 'test@example.com' }),
+		);
+		// Verify audit was written
+		expect(auditStorage.records).toHaveLength(1);
+		expect(auditStorage.records[0].type).toBe('user.created');
+		expect(auditStorage.records[0].payload).toEqual({
+			userId: '123',
+			email: 'test@example.com',
+		});
+	});
+	it('should process multiple audits after successful endpoint execution', async () => {
+		const auditStorage = new InMemoryAuditStorage();
+		const auditStorageService: Service<'auditStorage', InMemoryAuditStorage> = {
+			serviceName: 'auditStorage' as const,
+			register: vi.fn().mockResolvedValue(auditStorage),
+		};
+		const outputSchema = z.object({
+			id: z.string(),
+			email: z.string(),
+			changes: z.array(z.string()),
+		});
+		const audits: MappedAudit<TestAuditAction, typeof outputSchema>[] = [
+			{
+				type: 'user.created',
+				payload: (response) => ({ userId: response.id, email: response.email }),
+			},
+			{
+				type: 'user.updated',
+				payload: (response) => ({
+					userId: response.id,
+					changes: response.changes,
+				}),
+			},
+		];
+		const endpoint = new Endpoint({
+			route: '/users',
+			method: 'POST',
+			fn: async () => ({
+				id: '456',
+				email: 'user@example.com',
+				changes: ['name', 'email'],
+			}),
+			input: undefined,
+			output: outputSchema,
+			services: [],
+			logger: mockLogger,
+			timeout: undefined,
+			memorySize: undefined,
+			status: 201,
+			getSession: undefined,
+			authorize: undefined,
+			description: undefined,
+			events: [],
+			publisherService: undefined,
+			auditorStorageService: auditStorageService,
+			audits,
+		});
+		const adapter = new AmazonApiGatewayV2Endpoint(envParser, endpoint as any);
+		const handler = adapter.handler;
+		const event = createMockV2Event({
+			requestContext: {
+				...createMockV2Event().requestContext,
+				http: {
+					method: 'POST',
+					path: '/users',
+					protocol: 'HTTP/1.1',
+					sourceIp: '192.168.1.1',
+					userAgent: 'test-agent',
+				},
+			},
+			body: JSON.stringify({}),
+		});
+		const context = createMockContext();
+		const response = await handler(event, context);
+		expect(response.statusCode).toBe(201);
+		// Verify both audits were written
+		expect(auditStorage.records).toHaveLength(2);
+		expect(auditStorage.records[0].type).toBe('user.created');
+		expect(auditStorage.records[1].type).toBe('user.updated');
+	});
+	it('should respect when conditions for audits', async () => {
+		const auditStorage = new InMemoryAuditStorage();
+		const auditStorageService: Service<'auditStorage', InMemoryAuditStorage> = {
+			serviceName: 'auditStorage' as const,
+			register: vi.fn().mockResolvedValue(auditStorage),
+		};
+		const outputSchema = z.object({
+			id: z.string(),
+			email: z.string(),
+			isNew: z.boolean(),
+		});
+		const audits: MappedAudit<TestAuditAction, typeof outputSchema>[] = [
+			{
+				type: 'user.created',
+				payload: (response) => ({ userId: response.id, email: response.email }),
+				when: (response) => response.isNew === true,
+			},
+			{
+				type: 'user.updated',
+				payload: (response) => ({ userId: response.id, changes: ['profile'] }),
+				when: (response) => response.isNew === false,
+			},
+		];
+		const endpoint = new Endpoint({
+			route: '/users/:id',
+			method: 'PUT',
+			fn: async () => ({
+				id: '789',
+				email: 'updated@example.com',
+				isNew: false,
+			}),
+			input: undefined,
+			output: outputSchema,
+			services: [],
+			logger: mockLogger,
+			timeout: undefined,
+			memorySize: undefined,
+			status: 200,
+			getSession: undefined,
+			authorize: undefined,
+			description: undefined,
+			events: [],
+			publisherService: undefined,
+			auditorStorageService: auditStorageService,
+			audits,
+		});
+		const adapter = new AmazonApiGatewayV2Endpoint(envParser, endpoint as any);
+		const handler = adapter.handler;
+		const event = createMockV2Event({
+			requestContext: {
+				...createMockV2Event().requestContext,
+				http: {
+					method: 'PUT',
+					path: '/users/789',
+					protocol: 'HTTP/1.1',
+					sourceIp: '192.168.1.1',
+					userAgent: 'test-agent',
+				},
+			},
+			pathParameters: { id: '789' },
+			body: JSON.stringify({}),
+		});
+		const context = createMockContext();
+		const response = await handler(event, context);
+		expect(response.statusCode).toBe(200);
+		// Only user.updated audit should be written due to when condition
+		expect(auditStorage.records).toHaveLength(1);
+		expect(auditStorage.records[0].type).toBe('user.updated');
+	});
+	it('should extract actor from request context', async () => {
+		const auditStorage = new InMemoryAuditStorage();
+		const auditStorageService: Service<'auditStorage', InMemoryAuditStorage> = {
+			serviceName: 'auditStorage' as const,
+			register: vi.fn().mockResolvedValue(auditStorage),
+		};
+		const actorExtractor: ActorExtractor = ({ header }) => ({
+			id: header('x-user-id') ?? 'anonymous',
+			type: 'user',
+			ip: header('x-forwarded-for'),
+		});
+		const outputSchema = z.object({ id: z.string(), email: z.string() });
+		const audits: MappedAudit<TestAuditAction, typeof outputSchema>[] = [
+			{
+				type: 'user.created',
+				payload: (response) => ({ userId: response.id, email: response.email }),
+			},
+		];
+		const endpoint = new Endpoint({
+			route: '/users',
+			method: 'POST',
+			fn: async () => ({ id: '123', email: 'test@example.com' }),
+			input: undefined,
+			output: outputSchema,
+			services: [],
+			logger: mockLogger,
+			timeout: undefined,
+			memorySize: undefined,
+			status: 200,
+			getSession: undefined,
+			authorize: undefined,
+			description: undefined,
+			events: [],
+			publisherService: undefined,
+			auditorStorageService: auditStorageService,
+			actorExtractor,
+			audits,
+		});
+		const adapter = new AmazonApiGatewayV2Endpoint(envParser, endpoint as any);
+		const handler = adapter.handler;
+		const event = createMockV2Event({
+			requestContext: {
+				...createMockV2Event().requestContext,
+				http: {
+					method: 'POST',
+					path: '/users',
+					protocol: 'HTTP/1.1',
+					sourceIp: '192.168.1.1',
+					userAgent: 'test-agent',
+				},
+			},
+			headers: {
+				'content-type': 'application/json',
+				'x-user-id': 'user-456',
+				'x-forwarded-for': '192.168.1.1',
+			},
+			body: JSON.stringify({}),
+		});
+		const context = createMockContext();
+		const response = await handler(event, context);
+		expect(response.statusCode).toBe(200);
+		// Verify actor was extracted correctly
+		expect(auditStorage.records).toHaveLength(1);
+		expect(auditStorage.records[0].actor).toEqual({
+			id: 'user-456',
+			type: 'user',
+			ip: '192.168.1.1',
+		});
+	});
+	it('should not process audits when no auditor storage is configured', async () => {
+		const outputSchema = z.object({ id: z.string(), email: z.string() });
+		const audits: MappedAudit<TestAuditAction, typeof outputSchema>[] = [
+			{
+				type: 'user.created',
+				payload: (response) => ({ userId: response.id, email: response.email }),
+			},
+		];
+		const endpoint = new Endpoint({
+			route: '/users',
+			method: 'POST',
+			fn: async () => ({ id: '999', email: 'test@example.com' }),
+			input: undefined,
+			output: outputSchema,
+			services: [],
+			logger: mockLogger,
+			timeout: undefined,
+			memorySize: undefined,
+			status: 200,
+			getSession: undefined,
+			authorize: undefined,
+			description: undefined,
+			events: [],
+			publisherService: undefined,
+			auditorStorageService: undefined, // No auditor storage
+			audits,
+		});
+		const adapter = new AmazonApiGatewayV2Endpoint(envParser, endpoint as any);
+		const handler = adapter.handler;
+		const event = createMockV2Event({
+			requestContext: {
+				...createMockV2Event().requestContext,
+				http: {
+					method: 'POST',
+					path: '/users',
+					protocol: 'HTTP/1.1',
+					sourceIp: '192.168.1.1',
+					userAgent: 'test-agent',
+				},
+			},
+			body: JSON.stringify({}),
+		});
+		const context = createMockContext();
+		const response = await handler(event, context);
+		expect(response.statusCode).toBe(200);
+		expect(response.body).toBe(
+			JSON.stringify({ id: '999', email: 'test@example.com' }),
+		);
+		// Should log warning
+		expect(mockLogger.warn).toHaveBeenCalledWith(
+			'No auditor storage service available',
+		);
+	});
+	it('should not process audits when endpoint throws an error', async () => {
+		const auditStorage = new InMemoryAuditStorage();
+		const auditStorageService: Service<'auditStorage', InMemoryAuditStorage> = {
+			serviceName: 'auditStorage' as const,
+			register: vi.fn().mockResolvedValue(auditStorage),
+		};
+		const outputSchema = z.object({ id: z.string(), email: z.string() });
+		const audits: MappedAudit<TestAuditAction, typeof outputSchema>[] = [
+			{
+				type: 'user.created',
+				payload: (response) => ({ userId: response.id, email: response.email }),
+			},
+		];
+		const endpoint = new Endpoint({
+			route: '/users',
+			method: 'POST',
+			fn: async () => {
+				throw new Error('Something went wrong');
+			},
+			input: undefined,
+			output: outputSchema,
+			services: [],
+			logger: mockLogger,
+			timeout: undefined,
+			memorySize: undefined,
+			status: 200,
+			getSession: undefined,
+			authorize: undefined,
+			description: undefined,
+			events: [],
+			publisherService: undefined,
+			auditorStorageService: auditStorageService,
+			audits,
+		});
+		const adapter = new AmazonApiGatewayV2Endpoint(envParser, endpoint as any);
+		const handler = adapter.handler;
+		const event = createMockV2Event({
+			requestContext: {
+				...createMockV2Event().requestContext,
+				http: {
+					method: 'POST',
+					path: '/users',
+					protocol: 'HTTP/1.1',
+					sourceIp: '192.168.1.1',
+					userAgent: 'test-agent',
+				},
+			},
+			body: JSON.stringify({}),
+		});
+		const context = createMockContext();
+		const response = await handler(event, context);
+		// Should return 500 due to error
+		expect(response.statusCode).toBe(500);
+		// No audits should be written when endpoint throws an error
+		expect(auditStorage.records).toHaveLength(0);
+	});
+	it('should include entityId in audit record when configured', async () => {
+		const auditStorage = new InMemoryAuditStorage();
+		const auditStorageService: Service<'auditStorage', InMemoryAuditStorage> = {
+			serviceName: 'auditStorage' as const,
+			register: vi.fn().mockResolvedValue(auditStorage),
+		};
+		const outputSchema = z.object({ id: z.string(), email: z.string() });
+		const audits: MappedAudit<TestAuditAction, typeof outputSchema>[] = [
+			{
+				type: 'user.created',
+				payload: (response) => ({ userId: response.id, email: response.email }),
+				entityId: (response) => response.id,
+				table: 'users',
+			},
+		];
+		const endpoint = new Endpoint({
+			route: '/users',
+			method: 'POST',
+			fn: async () => ({ id: 'user-123', email: 'test@example.com' }),
+			input: undefined,
+			output: outputSchema,
+			services: [],
+			logger: mockLogger,
+			timeout: undefined,
+			memorySize: undefined,
+			status: 201,
+			getSession: undefined,
+			authorize: undefined,
+			description: undefined,
+			events: [],
+			publisherService: undefined,
+			auditorStorageService: auditStorageService,
+			audits,
+		});
+		const adapter = new AmazonApiGatewayV2Endpoint(envParser, endpoint as any);
+		const handler = adapter.handler;
+		const event = createMockV2Event({
+			requestContext: {
+				...createMockV2Event().requestContext,
+				http: {
+					method: 'POST',
+					path: '/users',
+					protocol: 'HTTP/1.1',
+					sourceIp: '192.168.1.1',
+					userAgent: 'test-agent',
+				},
+			},
+			body: JSON.stringify({}),
+		});
+		const context = createMockContext();
+		const response = await handler(event, context);
+		expect(response.statusCode).toBe(201);
+		// Verify entityId and table are included
+		expect(auditStorage.records).toHaveLength(1);
+		expect(auditStorage.records[0].entityId).toBe('user-123');
+		expect(auditStorage.records[0].table).toBe('users');
+	});
+	it('should include endpoint metadata in audit records', async () => {
+		const auditStorage = new InMemoryAuditStorage();
+		const auditStorageService: Service<'auditStorage', InMemoryAuditStorage> = {
+			serviceName: 'auditStorage' as const,
+			register: vi.fn().mockResolvedValue(auditStorage),
+		};
+		const outputSchema = z.object({ id: z.string(), email: z.string() });
+		const audits: MappedAudit<TestAuditAction, typeof outputSchema>[] = [
+			{
+				type: 'user.created',
+				payload: (response) => ({ userId: response.id, email: response.email }),
+			},
+		];
+		const endpoint = new Endpoint({
+			route: '/users',
+			method: 'POST',
+			fn: async () => ({ id: '123', email: 'test@example.com' }),
+			input: undefined,
+			output: outputSchema,
+			services: [],
+			logger: mockLogger,
+			timeout: undefined,
+			memorySize: undefined,
+			status: 200,
+			getSession: undefined,
+			authorize: undefined,
+			description: undefined,
+			events: [],
+			publisherService: undefined,
+			auditorStorageService: auditStorageService,
+			audits,
+		});
+		const adapter = new AmazonApiGatewayV2Endpoint(envParser, endpoint as any);
+		const handler = adapter.handler;
+		const event = createMockV2Event({
+			requestContext: {
+				...createMockV2Event().requestContext,
+				http: {
+					method: 'POST',
+					path: '/users',
+					protocol: 'HTTP/1.1',
+					sourceIp: '192.168.1.1',
+					userAgent: 'test-agent',
+				},
+			},
+			body: JSON.stringify({}),
+		});
+		const context = createMockContext();
+		const response = await handler(event, context);
+		expect(response.statusCode).toBe(200);
+		// Verify metadata includes endpoint info
+		expect(auditStorage.records).toHaveLength(1);
+		expect(auditStorage.records[0].metadata).toEqual({
+			endpoint: '/users',
+			method: 'POST',
+		});
+	});
 });