@questpie/admin 3.0.3 → 3.0.4

package/dist/server/modules/admin/routes/reactive.d.mts

@@ -1,4 +1,4 @@
-import * as questpie143 from "questpie";
+import * as questpie135 from "questpie";
 
 //#region src/server/modules/admin/routes/reactive.d.ts
 
@@ -13,7 +13,7 @@ import * as questpie143 from "questpie";
  * Batch reactive endpoint.
  * Executes multiple reactive handlers in a single request.
  */
-declare const batchReactive: questpie143.JsonRouteDefinition<{
+declare const batchReactive: questpie135.JsonRouteDefinition<{
   collection: string;
   type: "collection" | "global";
   requests: {
@@ -26,12 +26,12 @@ declare const batchReactive: questpie143.JsonRouteDefinition<{
   }[];
   formData?: Record<string, unknown> | undefined;
   prevData?: Record<string, unknown> | null | undefined;
-}, any, questpie143.JsonRouteParams>;
+}, any, questpie135.JsonRouteParams>;
 /**
  * Dynamic options endpoint.
  * Fetches options for select/relation fields with search and pagination.
  */
-declare const fieldOptions: questpie143.JsonRouteDefinition<{
+declare const fieldOptions: questpie135.JsonRouteDefinition<{
   collection: string;
   type: "collection" | "global";
   field: string;
@@ -40,12 +40,12 @@ declare const fieldOptions: questpie143.JsonRouteDefinition<{
   page: number;
   limit: number;
   siblingData?: Record<string, unknown> | null | undefined;
-}, any, questpie143.JsonRouteParams>;
+}, any, questpie135.JsonRouteParams>;
 /**
  * Reactive functions bundle.
  */
 declare const reactiveFunctions: {
-  readonly batchReactive: questpie143.JsonRouteDefinition<{
+  readonly batchReactive: questpie135.JsonRouteDefinition<{
     collection: string;
     type: "collection" | "global";
     requests: {
@@ -58,8 +58,8 @@ declare const reactiveFunctions: {
     }[];
     formData?: Record<string, unknown> | undefined;
     prevData?: Record<string, unknown> | null | undefined;
-  }, any, questpie143.JsonRouteParams>;
-  readonly fieldOptions: questpie143.JsonRouteDefinition<{
+  }, any, questpie135.JsonRouteParams>;
+  readonly fieldOptions: questpie135.JsonRouteDefinition<{
     collection: string;
     type: "collection" | "global";
     field: string;
@@ -68,7 +68,7 @@ declare const reactiveFunctions: {
     page: number;
     limit: number;
     siblingData?: Record<string, unknown> | null | undefined;
-  }, any, questpie143.JsonRouteParams>;
+  }, any, questpie135.JsonRouteParams>;
 };
 //#endregion
 export { batchReactive, fieldOptions, reactiveFunctions };

package/dist/server/modules/admin/routes/setup.d.mts

@@ -1,4 +1,4 @@
-import * as questpie135 from "questpie";
+import * as questpie143 from "questpie";
 
 //#region src/server/modules/admin/routes/setup.d.ts
 
@@ -10,7 +10,7 @@ import * as questpie135 from "questpie";
  * need an existing admin to create the first invitation.
  */
 /**
- * Check if setup is required (no users exist in the system).
+ * Check if setup is required (no admin users exist in the system).
  *
  * @example
  * ```ts
@@ -20,12 +20,12 @@ import * as questpie135 from "questpie";
  * }
  * ```
  */
-declare const isSetupRequired: questpie135.JsonRouteDefinition<Record<string, never>, any, questpie135.JsonRouteParams>;
+declare const isSetupRequired: questpie143.JsonRouteDefinition<Record<string, never>, any, questpie143.JsonRouteParams>;
 /**
  * Create the first admin user in the system.
- * This function only works when no users exist (setup mode).
+ * This function only works when no admin users exist (setup mode).
  *
- * Security: Once any user exists, this function will refuse to create more users.
+ * Security: Once any admin user exists, this function will refuse to create more users.
  * This prevents unauthorized admin creation after initial setup.
  *
  * @example
@@ -43,21 +43,21 @@ declare const isSetupRequired: questpie135.JsonRouteDefinition<Record<string, ne
  * }
  * ```
  */
-declare const createFirstAdmin: questpie135.JsonRouteDefinition<{
+declare const createFirstAdmin: questpie143.JsonRouteDefinition<{
   email: string;
   password: string;
   name: string;
-}, any, questpie135.JsonRouteParams>;
+}, any, questpie143.JsonRouteParams>;
 /**
  * Bundle of setup-related functions.
  */
 declare const setupFunctions: {
-  readonly isSetupRequired: questpie135.JsonRouteDefinition<Record<string, never>, any, questpie135.JsonRouteParams>;
-  readonly createFirstAdmin: questpie135.JsonRouteDefinition<{
+  readonly isSetupRequired: questpie143.JsonRouteDefinition<Record<string, never>, any, questpie143.JsonRouteParams>;
+  readonly createFirstAdmin: questpie143.JsonRouteDefinition<{
     email: string;
     password: string;
     name: string;
-  }, any, questpie135.JsonRouteParams>;
+  }, any, questpie143.JsonRouteParams>;
 };
 //#endregion
 export { createFirstAdmin, isSetupRequired, setupFunctions };

package/dist/server/modules/admin/routes/setup.mjs

@@ -1,7 +1,7 @@
 import { getApp } from "./route-helpers.mjs";
 import { z } from "zod";
 import { route } from "questpie";
-import { eq, sql as sql$1 } from "drizzle-orm";
+import { eq, sql as sql$1 } from "questpie/drizzle";
 
 //#region src/server/modules/admin/routes/setup.ts
 /**
@@ -28,7 +28,7 @@ const createFirstAdminOutputSchema = z.object({
 	error: z.string().optional()
 });
 /**
-* Check if setup is required (no users exist in the system).
+* Check if setup is required (no admin users exist in the system).
 *
 * @example
 * ```ts
@@ -41,13 +41,13 @@ const createFirstAdminOutputSchema = z.object({
 const isSetupRequired = route().post().schema(isSetupRequiredSchema).outputSchema(isSetupRequiredOutputSchema).handler(async (ctx) => {
 	const app = getApp(ctx);
 	const userCollection = app.getCollectionConfig("user");
-	return { required: (await app.db.select({ count: sql$1`count(*)::int` }).from(userCollection.table))[0].count === 0 };
+	return { required: (await app.db.select({ count: sql$1`count(*)::int` }).from(userCollection.table).where(eq(userCollection.table.role, "admin")))[0].count === 0 };
 });
 /**
 * Create the first admin user in the system.
-* This function only works when no users exist (setup mode).
+* This function only works when no admin users exist (setup mode).
 *
-* Security: Once any user exists, this function will refuse to create more users.
+* Security: Once any admin user exists, this function will refuse to create more users.
 * This prevents unauthorized admin creation after initial setup.
 *
 * @example
@@ -69,9 +69,9 @@ const createFirstAdmin = route().post().schema(createFirstAdminSchema).outputSch
 	const app = getApp(ctx);
 	const input = ctx.input;
 	const userCollection = app.getCollectionConfig("user");
-	if ((await app.db.select({ count: sql$1`count(*)::int` }).from(userCollection.table))[0].count > 0) return {
+	if ((await app.db.select({ count: sql$1`count(*)::int` }).from(userCollection.table).where(eq(userCollection.table.role, "admin")))[0].count > 0) return {
 		success: false,
-		error: "Setup already completed - users exist in the system"
+		error: "Setup already completed - admin users exist in the system"
 	};
 	try {
 		const signUpResult = await app.auth.api.signUpEmail({ body: {

package/dist/server/modules/admin/routes/translations.d.mts

@@ -1,4 +1,4 @@
-import * as questpie462 from "questpie";
+import * as questpie464 from "questpie";
 
 //#region src/server/modules/admin/routes/translations.d.ts
 
@@ -17,10 +17,10 @@ import * as questpie462 from "questpie";
  * Bundle of translation-related functions.
  */
 declare const translationFunctions: {
-  readonly getAdminTranslations: questpie462.JsonRouteDefinition<{
+  readonly getAdminTranslations: questpie464.JsonRouteDefinition<{
     locale: string;
-  }, any, questpie462.JsonRouteParams>;
-  readonly getAdminLocales: questpie462.JsonRouteDefinition<Record<string, never> | undefined, any, questpie462.JsonRouteParams>;
+  }, any, questpie464.JsonRouteParams>;
+  readonly getAdminLocales: questpie464.JsonRouteDefinition<Record<string, never> | undefined, any, questpie464.JsonRouteParams>;
 };
 //#endregion
 export { translationFunctions };

package/dist/server/modules/admin/routes/translations.mjs

@@ -29,7 +29,11 @@ function getAdminLocaleConfig(app) {
 const getAdminTranslationsSchema = z.object({ locale: z.string() });
 const messageValueSchema = z.union([z.string(), z.object({
 	one: z.string(),
-	other: z.string()
+	other: z.string(),
+	zero: z.string().optional(),
+	two: z.string().optional(),
+	few: z.string().optional(),
+	many: z.string().optional()
 })]);
 const getAdminTranslationsOutputSchema = z.object({
 	locale: z.string(),

package/dist/server/modules/admin/routes/widget-data.d.mts

@@ -1,4 +1,4 @@
-import * as questpie69 from "questpie";
+import * as questpie93 from "questpie";
 
 //#region src/server/modules/admin/routes/widget-data.d.ts
 
@@ -20,13 +20,13 @@ import * as questpie69 from "questpie";
  * const data = await client.routes.fetchWidgetData({ widgetId: "my-widget" });
  * ```
  */
-declare const fetchWidgetData: questpie69.JsonRouteDefinition<{
+declare const fetchWidgetData: questpie93.JsonRouteDefinition<{
   widgetId: string;
-}, any, questpie69.JsonRouteParams>;
+}, any, questpie93.JsonRouteParams>;
 declare const widgetDataFunctions: {
-  readonly fetchWidgetData: questpie69.JsonRouteDefinition<{
+  readonly fetchWidgetData: questpie93.JsonRouteDefinition<{
     widgetId: string;
-  }, any, questpie69.JsonRouteParams>;
+  }, any, questpie93.JsonRouteParams>;
 };
 //#endregion
 export { fetchWidgetData, widgetDataFunctions };

package/dist/server/modules/admin-preferences/collections/admin-preferences.mjs

@@ -1,5 +1,5 @@
 import { collection } from "questpie";
-import { uniqueIndex } from "drizzle-orm/pg-core";
+import { uniqueIndex } from "questpie/drizzle-pg-core";
 
 //#region src/server/modules/admin-preferences/collections/admin-preferences.ts
 /**

package/dist/server/modules/admin-preferences/collections/saved-views.d.mts

@@ -1,10 +1,10 @@
 import { FilterOperator, FilterRule, SortConfig, ViewConfiguration } from "../../../../shared/types/saved-views.types.mjs";
 import * as questpie_shared15 from "questpie/shared";
-import * as questpie73 from "questpie";
+import * as questpie107 from "questpie";
+import * as questpie_src_server_modules_core_fields_email_js2 from "questpie/src/server/modules/core/fields/email.js";
+import * as questpie_src_server_modules_core_fields_json_js2 from "questpie/src/server/modules/core/fields/json.js";
 import * as drizzle_orm_pg_core22 from "drizzle-orm/pg-core";
 import * as drizzle_orm5 from "drizzle-orm";
-import * as questpie_src_server_modules_core_fields_email_js1 from "questpie/src/server/modules/core/fields/email.js";
-import * as questpie_src_server_modules_core_fields_json_js1 from "questpie/src/server/modules/core/fields/json.js";
 
 //#region src/server/modules/admin-preferences/collections/saved-views.d.ts
 
@@ -33,22 +33,22 @@ import * as questpie_src_server_modules_core_fields_json_js1 from "questpie/src/
  * });
  * ```
  */
-declare const savedViewsCollection: questpie73.CollectionBuilder<questpie_shared15.Override<questpie_shared15.Override<questpie73.EmptyCollectionState<"admin_saved_views", undefined, {
-  readonly text: typeof questpie73.text;
-  readonly textarea: typeof questpie73.textarea;
-  readonly email: typeof questpie_src_server_modules_core_fields_email_js1.email;
-  readonly url: typeof questpie73.url;
-  readonly number: typeof questpie73.number;
-  readonly boolean: typeof questpie73.boolean;
-  readonly date: typeof questpie73.date;
-  readonly datetime: typeof questpie73.datetime;
-  readonly time: typeof questpie73.time;
-  readonly select: typeof questpie73.select;
-  readonly upload: typeof questpie73.upload;
-  readonly relation: typeof questpie73.relation;
-  readonly object: typeof questpie73.object;
-  readonly json: typeof questpie_src_server_modules_core_fields_json_js1.json;
-  readonly from: typeof questpie73.from;
+declare const savedViewsCollection: questpie107.CollectionBuilder<questpie_shared15.Override<questpie_shared15.Override<questpie107.EmptyCollectionState<"admin_saved_views", undefined, {
+  readonly text: typeof questpie107.text;
+  readonly textarea: typeof questpie107.textarea;
+  readonly email: typeof questpie_src_server_modules_core_fields_email_js2.email;
+  readonly url: typeof questpie107.url;
+  readonly number: typeof questpie107.number;
+  readonly boolean: typeof questpie107.boolean;
+  readonly date: typeof questpie107.date;
+  readonly datetime: typeof questpie107.datetime;
+  readonly time: typeof questpie107.time;
+  readonly select: typeof questpie107.select;
+  readonly upload: typeof questpie107.upload;
+  readonly relation: typeof questpie107.relation;
+  readonly object: typeof questpie107.object;
+  readonly json: typeof questpie_src_server_modules_core_fields_json_js2.json;
+  readonly from: typeof questpie107.from;
 }>, {
   fields: {
     readonly userId: drizzle_orm5.NotNull<drizzle_orm_pg_core22.PgVarcharBuilder<[string, ...string[]]>>;
@@ -59,31 +59,31 @@ declare const savedViewsCollection: questpie73.CollectionBuilder<questpie_shared
   };
   localized: readonly string[];
   fieldDefinitions: {
-    readonly userId: questpie73.FieldWithMethods<Omit<questpie73.TextFieldState, "notNull" | "column"> & {
+    readonly userId: questpie107.FieldWithMethods<Omit<questpie107.TextFieldState, "notNull" | "column"> & {
       notNull: true;
       column: drizzle_orm5.NotNull<drizzle_orm_pg_core22.PgVarcharBuilder<[string, ...string[]]>>;
     } & {
       label: questpie_shared15.I18nText;
-    }, questpie73.TextFieldMethods>;
-    readonly collectionName: questpie73.FieldWithMethods<Omit<questpie73.TextFieldState, "notNull" | "column"> & {
+    }, questpie107.TextFieldMethods>;
+    readonly collectionName: questpie107.FieldWithMethods<Omit<questpie107.TextFieldState, "notNull" | "column"> & {
       notNull: true;
       column: drizzle_orm5.NotNull<drizzle_orm_pg_core22.PgVarcharBuilder<[string, ...string[]]>>;
     } & {
       label: questpie_shared15.I18nText;
-    }, questpie73.TextFieldMethods>;
-    readonly name: questpie73.FieldWithMethods<Omit<questpie73.TextFieldState, "notNull" | "column"> & {
+    }, questpie107.TextFieldMethods>;
+    readonly name: questpie107.FieldWithMethods<Omit<questpie107.TextFieldState, "notNull" | "column"> & {
       notNull: true;
       column: drizzle_orm5.NotNull<drizzle_orm_pg_core22.PgVarcharBuilder<[string, ...string[]]>>;
     } & {
       label: questpie_shared15.I18nText;
-    }, questpie73.TextFieldMethods>;
-    readonly configuration: questpie73.Field<Omit<questpie73.JsonFieldState, "notNull" | "column"> & {
+    }, questpie107.TextFieldMethods>;
+    readonly configuration: questpie107.Field<Omit<questpie107.JsonFieldState, "notNull" | "column"> & {
       notNull: true;
       column: drizzle_orm5.NotNull<drizzle_orm_pg_core22.PgJsonbBuilder>;
     } & {
       label: questpie_shared15.I18nText;
     }>;
-    readonly isDefault: questpie73.Field<Omit<questpie73.BooleanFieldState, "column" | "hasDefault"> & {
+    readonly isDefault: questpie107.Field<Omit<questpie107.BooleanFieldState, "column" | "hasDefault"> & {
       hasDefault: true;
       column: drizzle_orm5.HasDefault<drizzle_orm_pg_core22.PgBooleanBuilder>;
     } & {

package/dist/server/modules/audit/.generated/module.d.mts

@@ -4,7 +4,7 @@ import * as questpie64 from "questpie";
 
 //#region src/server/modules/audit/.generated/module.d.ts
 interface AuditCollections {
-  auditLogCollection: typeof auditLogCollection;
+  admin_audit_log: typeof auditLogCollection;
 }
 interface AuditJobs {
   auditCleanup: typeof auditCleanupJob;

package/dist/server/modules/audit/.generated/module.mjs

@@ -6,7 +6,7 @@ import app_default from "../config/app.mjs";
 //#region src/server/modules/audit/.generated/module.ts
 const _module = {
 	name: "questpie-audit",
-	collections: { auditLogCollection },
+	collections: { admin_audit_log: auditLogCollection },
 	jobs: { auditCleanup: auditCleanupJob },
 	globals: {},
 	routes: {},

package/dist/server/modules/audit/collections/audit-log.d.mts

@@ -1,9 +1,9 @@
 import * as questpie_shared0 from "questpie/shared";
 import * as questpie16 from "questpie";
-import * as drizzle_orm_pg_core0 from "drizzle-orm/pg-core";
-import * as drizzle_orm0 from "drizzle-orm";
 import * as questpie_src_server_modules_core_fields_email_js0 from "questpie/src/server/modules/core/fields/email.js";
 import * as questpie_src_server_modules_core_fields_json_js0 from "questpie/src/server/modules/core/fields/json.js";
+import * as drizzle_orm_pg_core0 from "drizzle-orm/pg-core";
+import * as drizzle_orm0 from "drizzle-orm";
 import * as questpie_src_server_fields_operators_builtin_js0 from "questpie/src/server/fields/operators/builtin.js";
 
 //#region src/server/modules/audit/collections/audit-log.d.ts

package/dist/server/modules/audit/collections/audit-log.mjs

@@ -1,5 +1,5 @@
 import { collection } from "questpie";
-import { index } from "drizzle-orm/pg-core";
+import { index } from "questpie/drizzle-pg-core";
 
 //#region src/server/modules/audit/collections/audit-log.ts
 /**

package/dist/server/modules/audit/config/app.mjs

@@ -19,16 +19,36 @@ function isAuditDisabled(type, name) {
 * Compute field-level changes between original and current data.
 * Returns an object of `{ field: { from, to } }` or null if no meaningful changes.
 */
+const SKIP_CHANGE_FIELDS = new Set([
+	"updatedAt",
+	"createdAt",
+	"id"
+]);
+function shouldSkipChangeField(key) {
+	return SKIP_CHANGE_FIELDS.has(key) || key.startsWith("_");
+}
+function makeFieldChangeMap(data, direction) {
+	if (!data) return null;
+	const changes = {};
+	for (const key of Object.keys(data)) {
+		if (shouldSkipChangeField(key)) continue;
+		const value = data[key];
+		if (value == null) continue;
+		changes[key] = direction === "create" ? {
+			from: null,
+			to: value
+		} : {
+			from: value,
+			to: null
+		};
+	}
+	return Object.keys(changes).length > 0 ? changes : null;
+}
 function computeChanges(original, current) {
 	if (!original) return null;
 	const changes = {};
-	const skipFields = new Set([
-		"updatedAt",
-		"createdAt",
-		"id"
-	]);
 	for (const key of Object.keys(current)) {
-		if (skipFields.has(key) || key.startsWith("_")) continue;
+		if (shouldSkipChangeField(key)) continue;
 		const fromVal = original[key];
 		const toVal = current[key];
 		if (fromVal == null && toVal == null) continue;
@@ -85,24 +105,61 @@ function getResourceTypeLabel(type, name) {
 * Generate a human-readable title for the audit log entry.
 */
 function generateTitle(action, _resourceType, resourceTypeLabel, resourceLabel, userName) {
-	const user = userName || "Unknown";
 	const resource = resourceLabel || "(unnamed)";
-	return `${user} ${{
+	return `${userName} ${{
 		create: "created",
 		update: "updated",
 		delete: "deleted",
 		transition: "changed status of"
 	}[action] || action} ${resourceTypeLabel} '${resource}'`;
 }
+function firstNonEmptyString(...values) {
+	for (const value of values) {
+		if (typeof value !== "string") continue;
+		const trimmed = value.trim();
+		if (trimmed.length > 0) return trimmed;
+	}
+	return null;
+}
+function resolveAuditActor(ctx) {
+	const user = ctx.session?.user;
+	const userId = user?.id != null ? String(user.id) : null;
+	const userName = firstNonEmptyString(user?.name, user?.email, userId);
+	if (userName) return {
+		actorType: "user",
+		userId,
+		userName
+	};
+	if (ctx.accessMode === "system") return {
+		actorType: "system",
+		userId: "system",
+		userName: "System"
+	};
+	return {
+		actorType: "anonymous",
+		userId: null,
+		userName: "Anonymous"
+	};
+}
+function buildAuditMetadata(ctx, actor, extra) {
+	return {
+		actorType: actor.actorType,
+		accessMode: ctx.accessMode ?? null,
+		...extra
+	};
+}
+function logAuditFailure(ctx, message, err) {
+	ctx.logger?.error?.(message, err);
+}
 async function collectionAfterChange(ctx) {
 	try {
 		const collections = ctx.collections ?? ctx.app?.collections;
 		if (isAuditDisabled("collection", ctx.collection)) return;
 		const action = ctx.operation === "create" ? "create" : "update";
-		const changes = ctx.operation === "update" ? computeChanges(ctx.original, ctx.data) : null;
+		const changes = ctx.operation === "update" ? computeChanges(ctx.original, ctx.data) : makeFieldChangeMap(ctx.data, "create");
 		if (ctx.operation === "update" && !changes) return;
 		const resourceLabel = extractLabel(ctx.data);
-		const userName = ctx.session?.user?.name || ctx.session?.user?.email || null;
+		const actor = resolveAuditActor(ctx);
 		const resourceTypeLabel = getResourceTypeLabel("collection", ctx.collection);
 		await collections[AUDIT_LOG_COLLECTION].create({
 			action,
@@ -110,18 +167,18 @@ async function collectionAfterChange(ctx) {
 			resource: ctx.collection,
 			resourceId: ctx.data?.id ? String(ctx.data.id) : null,
 			resourceLabel,
-			userId: ctx.session?.user?.id ? String(ctx.session.user.id) : null,
-			userName,
+			userId: actor.userId,
+			userName: actor.userName,
 			locale: ctx.locale || null,
 			changes,
-			metadata: null,
-			title: generateTitle(action, "collection", resourceTypeLabel, resourceLabel, userName)
+			metadata: buildAuditMetadata(ctx, actor, { operation: ctx.operation }),
+			title: generateTitle(action, "collection", resourceTypeLabel, resourceLabel, actor.userName)
 		}, {
 			accessMode: "system",
 			db: ctx.db
 		});
 	} catch (err) {
-		console.error(`[Audit] Failed to log ${ctx.operation} for collection "${ctx.collection}":`, err);
+		logAuditFailure(ctx, `[Audit] Failed to log ${ctx.operation} for collection "${ctx.collection}":`, err);
 	}
 }
 async function collectionAfterDelete(ctx) {
@@ -129,7 +186,7 @@ async function collectionAfterDelete(ctx) {
 		const collections = ctx.collections ?? ctx.app?.collections;
 		if (isAuditDisabled("collection", ctx.collection)) return;
 		const resourceLabel = extractLabel(ctx.data);
-		const userName = ctx.session?.user?.name || ctx.session?.user?.email || null;
+		const actor = resolveAuditActor(ctx);
 		const resourceTypeLabel = getResourceTypeLabel("collection", ctx.collection);
 		await collections[AUDIT_LOG_COLLECTION].create({
 			action: "delete",
@@ -137,18 +194,18 @@ async function collectionAfterDelete(ctx) {
 			resource: ctx.collection,
 			resourceId: ctx.data?.id ? String(ctx.data.id) : null,
 			resourceLabel,
-			userId: ctx.session?.user?.id ? String(ctx.session.user.id) : null,
-			userName,
+			userId: actor.userId,
+			userName: actor.userName,
 			locale: ctx.locale || null,
-			changes: null,
-			metadata: null,
-			title: generateTitle("delete", "collection", resourceTypeLabel, resourceLabel, userName)
+			changes: makeFieldChangeMap(ctx.data, "delete"),
+			metadata: buildAuditMetadata(ctx, actor, { operation: "delete" }),
+			title: generateTitle("delete", "collection", resourceTypeLabel, resourceLabel, actor.userName)
 		}, {
 			accessMode: "system",
 			db: ctx.db
 		});
 	} catch (err) {
-		console.error(`[Audit] Failed to log delete for collection "${ctx.collection}":`, err);
+		logAuditFailure(ctx, `[Audit] Failed to log delete for collection "${ctx.collection}":`, err);
 	}
 }
 async function collectionAfterTransition(ctx) {
@@ -156,7 +213,7 @@ async function collectionAfterTransition(ctx) {
 		const collections = ctx.collections ?? ctx.app?.collections;
 		if (isAuditDisabled("collection", ctx.collection)) return;
 		const resourceLabel = extractLabel(ctx.data);
-		const userName = ctx.session?.user?.name || ctx.session?.user?.email || null;
+		const actor = resolveAuditActor(ctx);
 		const resourceTypeLabel = getResourceTypeLabel("collection", ctx.collection);
 		await collections[AUDIT_LOG_COLLECTION].create({
 			action: "transition",
@@ -164,31 +221,31 @@ async function collectionAfterTransition(ctx) {
 			resource: ctx.collection,
 			resourceId: ctx.data?.id ? String(ctx.data.id) : null,
 			resourceLabel,
-			userId: ctx.session?.user?.id ? String(ctx.session.user.id) : null,
-			userName,
+			userId: actor.userId,
+			userName: actor.userName,
 			locale: ctx.locale || null,
 			changes: { stage: {
 				from: ctx.fromStage,
 				to: ctx.toStage
 			} },
-			metadata: {
+			metadata: buildAuditMetadata(ctx, actor, {
 				fromStage: ctx.fromStage,
 				toStage: ctx.toStage
-			},
-			title: generateTitle("transition", "collection", resourceTypeLabel, resourceLabel, userName)
+			}),
+			title: generateTitle("transition", "collection", resourceTypeLabel, resourceLabel, actor.userName)
 		}, {
 			accessMode: "system",
 			db: ctx.db
 		});
 	} catch (err) {
-		console.error(`[Audit] Failed to log transition for collection "${ctx.collection}":`, err);
+		logAuditFailure(ctx, `[Audit] Failed to log transition for collection "${ctx.collection}":`, err);
 	}
 }
 async function globalAfterChange(ctx) {
 	try {
 		const collections = ctx.collections ?? ctx.app?.collections;
 		if (isAuditDisabled("global", ctx.global)) return;
-		const userName = ctx.session?.user?.name || ctx.session?.user?.email || null;
+		const actor = resolveAuditActor(ctx);
 		const resourceTypeLabel = getResourceTypeLabel("global", ctx.global);
 		await collections[AUDIT_LOG_COLLECTION].create({
 			action: "update",
@@ -196,25 +253,25 @@ async function globalAfterChange(ctx) {
 			resource: ctx.global,
 			resourceId: null,
 			resourceLabel: ctx.global,
-			userId: ctx.session?.user?.id ? String(ctx.session.user.id) : null,
-			userName,
+			userId: actor.userId,
+			userName: actor.userName,
 			locale: ctx.locale || null,
 			changes: null,
-			metadata: null,
-			title: generateTitle("update", "global", resourceTypeLabel, ctx.global, userName)
+			metadata: buildAuditMetadata(ctx, actor, { operation: "update" }),
+			title: generateTitle("update", "global", resourceTypeLabel, ctx.global, actor.userName)
 		}, {
 			accessMode: "system",
 			db: ctx.db
 		});
 	} catch (err) {
-		console.error(`[Audit] Failed to log update for global "${ctx.global}":`, err);
+		logAuditFailure(ctx, `[Audit] Failed to log update for global "${ctx.global}":`, err);
 	}
 }
 async function globalAfterTransition(ctx) {
 	try {
 		const collections = ctx.collections ?? ctx.app?.collections;
 		if (isAuditDisabled("global", ctx.global)) return;
-		const userName = ctx.session?.user?.name || ctx.session?.user?.email || null;
+		const actor = resolveAuditActor(ctx);
 		const resourceTypeLabel = getResourceTypeLabel("global", ctx.global);
 		await collections[AUDIT_LOG_COLLECTION].create({
 			action: "transition",
@@ -222,24 +279,24 @@ async function globalAfterTransition(ctx) {
 			resource: ctx.global,
 			resourceId: null,
 			resourceLabel: ctx.global,
-			userId: ctx.session?.user?.id ? String(ctx.session.user.id) : null,
-			userName,
+			userId: actor.userId,
+			userName: actor.userName,
 			locale: ctx.locale || null,
 			changes: { stage: {
 				from: ctx.fromStage,
 				to: ctx.toStage
 			} },
-			metadata: {
+			metadata: buildAuditMetadata(ctx, actor, {
 				fromStage: ctx.fromStage,
 				toStage: ctx.toStage
-			},
-			title: generateTitle("transition", "global", resourceTypeLabel, ctx.global, userName)
+			}),
+			title: generateTitle("transition", "global", resourceTypeLabel, ctx.global, actor.userName)
 		}, {
 			accessMode: "system",
 			db: ctx.db
 		});
 	} catch (err) {
-		console.error(`[Audit] Failed to log transition for global "${ctx.global}":`, err);
+		logAuditFailure(ctx, `[Audit] Failed to log transition for global "${ctx.global}":`, err);
 	}
 }
 /**

package/dist/server/modules/audit/jobs/audit-cleanup.mjs

@@ -1,7 +1,7 @@
 import { AUDIT_LOG_COLLECTION } from "../collections/audit-log.mjs";
 import { z } from "zod";
 import { job } from "questpie";
-import { sql as sql$1 } from "drizzle-orm";
+import { sql as sql$1 } from "questpie/drizzle";
 
 //#region src/server/modules/audit/jobs/audit-cleanup.ts
 /**