@pya-platform/audit 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +9 -0
- package/package.json +22 -0
- package/src/index.ts +29 -0
- package/tsconfig.json +9 -0
package/CHANGELOG.md
ADDED
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
# @pya/audit
|
|
2
|
+
|
|
3
|
+
## 0.1.0
|
|
4
|
+
|
|
5
|
+
### Minor Changes
|
|
6
|
+
|
|
7
|
+
- a9ca6bf: Initial release of the Pya platform packages. Extracted from `pyaeats-app`, consumed by `pyaeats-app` (food delivery) and `pyaserv` (services classifieds).
|
|
8
|
+
|
|
9
|
+
Each package exposes a Hono router factory (auth/cms/reviews/comments) or a typed helper (email/audit/cf) parameterised over Cloudflare D1 + KV bindings. UI primitives ship as Lit web components on top of `@pya/tokens` (CSS custom properties). See `ROADMAP.md` and `docs/phase-6-rollout.md` for the consumer cutover plan.
|
package/package.json
ADDED
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@pya-platform/audit",
|
|
3
|
+
"version": "0.1.0",
|
|
4
|
+
"private": false,
|
|
5
|
+
"publishConfig": {
|
|
6
|
+
"registry": "https://registry.npmjs.org",
|
|
7
|
+
"access": "public"
|
|
8
|
+
},
|
|
9
|
+
"repository": {
|
|
10
|
+
"type": "git",
|
|
11
|
+
"url": "https://github.com/undeadliner/pya-platform.git"
|
|
12
|
+
},
|
|
13
|
+
"type": "module",
|
|
14
|
+
"description": "Audit logging — emit structured events to the `audit` stream; downstream sinks aggregate by stream tag.",
|
|
15
|
+
"exports": {
|
|
16
|
+
".": "./src/index.ts"
|
|
17
|
+
},
|
|
18
|
+
"scripts": {
|
|
19
|
+
"type-check": "tsc --noEmit",
|
|
20
|
+
"test": "echo '@pya/audit has no tests yet'"
|
|
21
|
+
}
|
|
22
|
+
}
|
package/src/index.ts
ADDED
|
@@ -0,0 +1,29 @@
|
|
|
1
|
+
// @pya-platform/audit — structured audit logging.
|
|
2
|
+
//
|
|
3
|
+
// Every event is a single JSON line on stdout, prefixed with stream:'audit'.
|
|
4
|
+
// Cloudflare Workers tail logs aggregate by stream tag; downstream pipelines
|
|
5
|
+
// (Logpush → R2 → BigQuery / DuckDB) consume only audit-tagged lines.
|
|
6
|
+
//
|
|
7
|
+
// Don't throw, don't buffer, don't fetch — the audit log must work even when
|
|
8
|
+
// every other dependency is broken.
|
|
9
|
+
|
|
10
|
+
export interface AuditEvent {
|
|
11
|
+
/** Dot-separated event name. `<feature>.<action>` ([.modifier]). */
|
|
12
|
+
readonly event: string
|
|
13
|
+
/** When it happened. Defaults to "now" if omitted. */
|
|
14
|
+
readonly ts?: number
|
|
15
|
+
/** Subject of the action — typically a user id. */
|
|
16
|
+
readonly actorId?: string
|
|
17
|
+
/** Object of the action — order id, store id, comment id, etc. */
|
|
18
|
+
readonly targetId?: string
|
|
19
|
+
/** Outcome label. Examples: ok, created, linked, rejected, sent, failed. */
|
|
20
|
+
readonly outcome?: string
|
|
21
|
+
/** Free-form context. Keep small — log lines must not exceed ~32 KB. */
|
|
22
|
+
readonly meta?: Readonly<Record<string, unknown>>
|
|
23
|
+
}
|
|
24
|
+
|
|
25
|
+
export const audit = (event: AuditEvent): void => {
|
|
26
|
+
const ts = event.ts ?? Math.floor(Date.now() / 1000)
|
|
27
|
+
const { ts: _evTs, ...rest } = event
|
|
28
|
+
console.log(JSON.stringify({ stream: 'audit', ts, ...rest }))
|
|
29
|
+
}
|