@replayio-app-building/netlify-recorder 0.11.0 → 0.12.0

package/dist/index.d.ts

@@ -421,4 +421,46 @@ interface SpawnRecordingContainerOptions {
  */
 declare function spawnRecordingContainer(options: SpawnRecordingContainerOptions): Promise<string>;
 
-export { type BlobData, type CapturedData, type ContainerInfraConfig, type CreateRecordingRequestHandlerOptions, type EnsureRecordingOptions, type EnvRead, type FinishRequestCallbacks, type FinishRequestOptions, type HandlerResponse$1 as HandlerResponse, type NetlifyEvent, type NetlifyV2Request, type NetworkCall, type RecordingResult, type RequestContext, type RequestInfo, type SpawnRecordingContainerOptions, createRecordingRequestHandler, createRequestRecording, ensureRequestRecording, finishRequest, readInfraConfigFromEnv, redactBlobData, remoteCallbacks, spawnRecordingContainer, startRequest };
+type SqlFunction = (...args: any[]) => Promise<any[]>;
+/**
+ * Creates the `audit_log` table and a generic PL/pgSQL trigger function
+ * (`audit_trigger_function`) that records INSERT, UPDATE, and DELETE
+ * operations on any monitored table.
+ *
+ * Call this once during schema initialization.
+ */
+declare function databaseAuditEnsureLogTable(sql: SqlFunction): Promise<void>;
+/**
+ * Creates a trigger on the specified table that calls
+ * `audit_trigger_function` for INSERT, UPDATE, and DELETE operations.
+ *
+ * Throws if `tableName` is `'audit_log'` (cannot monitor itself).
+ */
+declare function databaseAuditMonitorTable(sql: SqlFunction, tableName: string): Promise<void>;
+/**
+ * Returns all rows from the `audit_log` table, ordered by `performed_at` DESC.
+ */
+declare function databaseAuditDumpLogTable(sql: SqlFunction): Promise<Record<string, unknown>[]>;
+/**
+ * Wraps a Neon SQL tagged-template function so that after each query,
+ * any new `audit_log` rows (with NULL `replay_request_id`) are tagged
+ * with the current request ID and an incrementing call index.
+ *
+ * The request ID is read from module-level state set by
+ * `createRecordingRequestHandler`. If no request is active, the
+ * wrapper passes calls through without tagging.
+ *
+ * @example
+ * ```ts
+ * import { createAuditedSql } from "@replayio-app-building/netlify-recorder";
+ *
+ * const sql = createAuditedSql(getSql());
+ * await sql`INSERT INTO haikus (text) VALUES (${haiku})`;
+ * // audit_log entries from this INSERT are now tagged with the request ID
+ * ```
+ */
+declare function createAuditedSql(sql: SqlFunction): SqlFunction;
+
+declare function getCurrentRequestId(): string | null;
+
+export { type BlobData, type CapturedData, type ContainerInfraConfig, type CreateRecordingRequestHandlerOptions, type EnsureRecordingOptions, type EnvRead, type FinishRequestCallbacks, type FinishRequestOptions, type HandlerResponse$1 as HandlerResponse, type NetlifyEvent, type NetlifyV2Request, type NetworkCall, type RecordingResult, type RequestContext, type RequestInfo, type SpawnRecordingContainerOptions, createAuditedSql, createRecordingRequestHandler, createRequestRecording, databaseAuditDumpLogTable, databaseAuditEnsureLogTable, databaseAuditMonitorTable, ensureRequestRecording, finishRequest, getCurrentRequestId, readInfraConfigFromEnv, redactBlobData, remoteCallbacks, spawnRecordingContainer, startRequest };

package/dist/index.js

@@ -479,18 +479,32 @@ async function finishRequest(requestContext, callbacks, response, options) {
 
 // src/createRecordingRequestHandler.ts
 import crypto from "crypto";
+
+// src/requestState.ts
+var _currentRequestId = null;
+function setCurrentRequestId(id) {
+  _currentRequestId = id;
+}
+function getCurrentRequestId() {
+  return _currentRequestId;
+}
+
+// src/createRecordingRequestHandler.ts
 function createRecordingRequestHandler(handler, options) {
   return async (event, context) => {
+    const requestId = crypto.randomUUID();
+    setCurrentRequestId(requestId);
     const reqContext = startRequest(event);
     let response;
     try {
       response = await handler(event, context);
     } catch (err) {
+      setCurrentRequestId(null);
       reqContext.cleanup();
       throw err;
     }
     reqContext.cleanup();
-    const requestId = crypto.randomUUID();
+    setCurrentRequestId(null);
     const responseWithHeader = {
       ...response,
       headers: {
@@ -1091,11 +1105,107 @@ async function createRequestRecording(blobUrlOrData, handlerPath, requestInfo) {
   }
   return result;
 }
+
+// src/databaseAudit.ts
+async function databaseAuditEnsureLogTable(sql) {
+  await sql`
+    CREATE TABLE IF NOT EXISTS audit_log (
+      id BIGSERIAL PRIMARY KEY,
+      table_name TEXT NOT NULL,
+      record_id TEXT NOT NULL,
+      action TEXT NOT NULL,
+      old_data JSONB,
+      new_data JSONB,
+      changed_fields TEXT[],
+      performed_at TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+      replay_request_id TEXT,
+      replay_request_call_index INTEGER
+    )
+  `;
+  await sql`CREATE INDEX IF NOT EXISTS idx_audit_log_table_name ON audit_log (table_name)`;
+  await sql`CREATE INDEX IF NOT EXISTS idx_audit_log_replay_request_id ON audit_log (replay_request_id)`;
+  await sql`CREATE INDEX IF NOT EXISTS idx_audit_log_performed_at ON audit_log (performed_at DESC)`;
+  await sql`
+    CREATE OR REPLACE FUNCTION audit_trigger_function()
+    RETURNS TRIGGER AS $$
+    DECLARE
+      changed_cols TEXT[];
+    BEGIN
+      IF TG_OP = 'INSERT' THEN
+        INSERT INTO audit_log (table_name, record_id, action, new_data)
+        VALUES (TG_TABLE_NAME, NEW.id::TEXT, 'INSERT', to_jsonb(NEW));
+        RETURN NEW;
+      ELSIF TG_OP = 'UPDATE' THEN
+        SELECT ARRAY_AGG(n.key) INTO changed_cols
+        FROM jsonb_each_text(to_jsonb(NEW)) n
+        LEFT JOIN jsonb_each_text(to_jsonb(OLD)) o ON n.key = o.key
+        WHERE o.value IS DISTINCT FROM n.value;
+
+        INSERT INTO audit_log (table_name, record_id, action, old_data, new_data, changed_fields)
+        VALUES (TG_TABLE_NAME, NEW.id::TEXT, 'UPDATE', to_jsonb(OLD), to_jsonb(NEW), COALESCE(changed_cols, ARRAY[]::TEXT[]));
+        RETURN NEW;
+      ELSIF TG_OP = 'DELETE' THEN
+        INSERT INTO audit_log (table_name, record_id, action, old_data)
+        VALUES (TG_TABLE_NAME, OLD.id::TEXT, 'DELETE', to_jsonb(OLD));
+        RETURN OLD;
+      END IF;
+      RETURN NULL;
+    END;
+    $$ LANGUAGE plpgsql
+  `;
+}
+async function databaseAuditMonitorTable(sql, tableName) {
+  if (tableName === "audit_log") {
+    throw new Error("Cannot monitor the audit_log table itself");
+  }
+  if (!/^[a-zA-Z_][a-zA-Z0-9_]*$/.test(tableName)) {
+    throw new Error(`Invalid table name: ${tableName}`);
+  }
+  const triggerName = `audit_trigger_${tableName}`;
+  await sql(
+    `DROP TRIGGER IF EXISTS ${triggerName} ON "${tableName}"`,
+    []
+  );
+  await sql(
+    `CREATE TRIGGER ${triggerName} AFTER INSERT OR UPDATE OR DELETE ON "${tableName}" FOR EACH ROW EXECUTE FUNCTION audit_trigger_function()`,
+    []
+  );
+}
+async function databaseAuditDumpLogTable(sql) {
+  const rows = await sql`SELECT * FROM audit_log ORDER BY performed_at DESC`;
+  return rows;
+}
+function createAuditedSql(sql) {
+  let callIndex = 0;
+  const requestId = getCurrentRequestId();
+  const auditedSql = async (strings, ...values) => {
+    const result = await sql(strings, ...values);
+    callIndex++;
+    if (requestId) {
+      try {
+        await sql`
+          UPDATE audit_log
+          SET replay_request_id = ${requestId}, replay_request_call_index = ${callIndex}
+          WHERE replay_request_id IS NULL
+        `;
+      } catch (err) {
+        console.warn("netlify-recorder: failed to update audit log:", err);
+      }
+    }
+    return result;
+  };
+  return auditedSql;
+}
 export {
+  createAuditedSql,
   createRecordingRequestHandler,
   createRequestRecording,
+  databaseAuditDumpLogTable,
+  databaseAuditEnsureLogTable,
+  databaseAuditMonitorTable,
   ensureRequestRecording,
   finishRequest,
+  getCurrentRequestId,
   readInfraConfigFromEnv,
   redactBlobData,
   remoteCallbacks,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@replayio-app-building/netlify-recorder",
-  "version": "0.11.0",
+  "version": "0.12.0",
   "description": "Capture and replay Netlify function executions as Replay recordings",
   "type": "module",
   "exports": {