@prooflog/node 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (13) hide show
  1. package/README.md +77 -0
  2. package/dist/index.d.mts +37 -0
  3. package/dist/index.d.ts +37 -0
  4. package/dist/index.js +598 -0
  5. package/dist/index.js.map +1 -0
  6. package/dist/index.mjs +592 -0
  7. package/dist/index.mjs.map +1 -0
  8. package/package.json +33 -0
  9. package/src/client.ts +146 -0
  10. package/src/index.ts +10 -0
  11. package/src/types.ts +22 -0
  12. package/tsconfig.json +7 -0
  13. package/tsup.config.ts +13 -0
package/README.md ADDED
@@ -0,0 +1,77 @@
1
+ # @prooflog/node
2
+
3
+ Cryptographically tamper-proof audit logging for Node.js.
4
+
5
+ Every audit log entry is SHA-256 hash-chained — if anyone modifies a historical record,
6
+ the chain breaks and verification fails instantly.
7
+
8
+ ## Install
9
+
10
+ ```bash
11
+ npm install @prooflog/node
12
+ ```
13
+
14
+
15
+
16
+ ## Usage
17
+
18
+ ```typescript
19
+ import { ProofLog } from '@prooflog/node'
20
+
21
+ const log = new ProofLog({
22
+ databaseUrl: process.env.DATABASE_URL,
23
+ })
24
+
25
+ // Log an event
26
+ await log.ingest('your-org-id', {
27
+ action: 'user.login',
28
+ actor: { id: 'usr_123', email: 'alice@example.com' },
29
+ target: { id: 'proj_456', type: 'project' },
30
+ metadata: { ip: '203.0.113.4' }
31
+ })
32
+
33
+ // Verify chain integrity
34
+ const result = await log.verify('your-org-id')
35
+ console.log(result)
36
+ // { valid: true, totalEntries: 42 }
37
+ ```
38
+
39
+ ## API
40
+
41
+ ### `new ProofLog(config)`
42
+
43
+ | Option | Type | Required | Description |
44
+ |---|---|---|---|
45
+ | `databaseUrl` | `string` | ✅ | PostgreSQL connection string |
46
+
47
+ ### `log.ingest(organisationId, options)`
48
+
49
+ | Option | Type | Required | Description |
50
+ |---|---|---|---|
51
+ | `action` | `string` | ✅ | Event name e.g. `user.login` |
52
+ | `actor` | `{ id: string, ...}` | ✅ | Who performed the action |
53
+ | `target` | `object` | ❌ | What was acted upon |
54
+ | `metadata` | `object` | ❌ | Extra context e.g. IP, userAgent |
55
+
56
+ Returns `{ sequence, hash }`.
57
+
58
+ ### `log.verify(organisationId)`
59
+
60
+ Recomputes every hash in the chain and returns:
61
+
62
+ ```typescript
63
+ {
64
+ valid: boolean // true if chain is intact
65
+ totalEntries: number // entries verified
66
+ tamperedAt?: number // sequence number where tampering detected
67
+ reason?: string // human readable explanation
68
+ }
69
+ ```
70
+
71
+ ## How it works
72
+
73
+ Each log entry stores a SHA-256 hash computed from its own data plus the previous entry's hash — forming a chain. Modifying any historical entry breaks every subsequent hash, making tampering instantly detectable.
74
+
75
+ ## License
76
+
77
+ MIT
package/dist/index.d.mts ADDED
@@ -0,0 +1,37 @@
1
+ interface ProofLogConfig {
2
+ databaseUrl: string;
3
+ }
4
+ interface IngestOptions {
5
+ action: string;
6
+ actor: Record<string, unknown> & {
7
+ id: string;
8
+ };
9
+ target?: Record<string, unknown>;
10
+ metadata?: Record<string, unknown>;
11
+ }
12
+ interface IngestResult {
13
+ sequence: number;
14
+ hash: string;
15
+ }
16
+ interface VerifyResult {
17
+ valid: boolean;
18
+ totalEntries: number;
19
+ tamperedAt?: number;
20
+ reason?: string;
21
+ }
22
+
23
+ declare class ProofLog {
24
+ private db;
25
+ constructor(config: ProofLogConfig);
26
+ /**
27
+ * Pushes a new audit log event directly to the database.
28
+ * Handles concurrency retries internally.
29
+ */
30
+ ingest(organisationId: string, options: IngestOptions): Promise<IngestResult>;
31
+ /**
32
+ * Triggers a cryptographic verification of the audit log chain for the organisation in batches.
33
+ */
34
+ verify(organisationId: string): Promise<VerifyResult>;
35
+ }
36
+
37
+ export { type IngestOptions, type IngestResult, ProofLog, type ProofLogConfig, type VerifyResult };
package/dist/index.d.ts ADDED
@@ -0,0 +1,37 @@
1
+ interface ProofLogConfig {
2
+ databaseUrl: string;
3
+ }
4
+ interface IngestOptions {
5
+ action: string;
6
+ actor: Record<string, unknown> & {
7
+ id: string;
8
+ };
9
+ target?: Record<string, unknown>;
10
+ metadata?: Record<string, unknown>;
11
+ }
12
+ interface IngestResult {
13
+ sequence: number;
14
+ hash: string;
15
+ }
16
+ interface VerifyResult {
17
+ valid: boolean;
18
+ totalEntries: number;
19
+ tamperedAt?: number;
20
+ reason?: string;
21
+ }
22
+
23
+ declare class ProofLog {
24
+ private db;
25
+ constructor(config: ProofLogConfig);
26
+ /**
27
+ * Pushes a new audit log event directly to the database.
28
+ * Handles concurrency retries internally.
29
+ */
30
+ ingest(organisationId: string, options: IngestOptions): Promise<IngestResult>;
31
+ /**
32
+ * Triggers a cryptographic verification of the audit log chain for the organisation in batches.
33
+ */
34
+ verify(organisationId: string): Promise<VerifyResult>;
35
+ }
36
+
37
+ export { type IngestOptions, type IngestResult, ProofLog, type ProofLogConfig, type VerifyResult };