@teamkeel/functions-runtime 0.365.15-prerelease9 → 0.365.16-12

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@teamkeel/functions-runtime",
-  "version": "0.365.15-prerelease9",
+  "version": "0.365.16-12",
   "description": "Internal package used by @teamkeel/sdk",
   "main": "src/index.js",
   "scripts": {
@@ -28,6 +28,7 @@
     "json-rpc-2.0": "^1.4.1",
     "ksuid": "^3.0.0",
     "kysely": "^0.23.4",
-    "pg": "^8.8.0"
+    "pg": "^8.8.0",
+    "traceparent": "^1.0.0"
   }
 }

package/src/ModelAPI.js

@@ -1,8 +1,11 @@
 const { useDatabase } = require("./database");
+const { getAuditContext } = require("./auditing");
 const { QueryBuilder } = require("./QueryBuilder");
 const { QueryContext } = require("./QueryContext");
 const { applyWhereConditions } = require("./applyWhereConditions");
 const { applyJoins } = require("./applyJoins");
+const { sql } = require("kysely");
+
 const {
   applyLimit,
   applyOffset,
@@ -14,6 +17,7 @@ const {
   upperCamelCase,
 } = require("./casing");
 const tracing = require("./tracing");
+const { DatabaseError } = require("./errors");
 
 /**
  * RelationshipConfig is a simple representation of a model field that
@@ -34,13 +38,6 @@ const tracing = require("./tracing");
  * @typedef {Object.<string, TableConfig>} TableConfigMap
  */
 
-class DatabaseError extends Error {
-  constructor(error) {
-    super(error.message);
-    this.error = error;
-  }
-}
-
 class ModelAPI {
   /**
    * @param {string} tableName The name of the table this API is for
@@ -53,12 +50,52 @@ class ModelAPI {
     this._modelName = upperCamelCase(this._tableName);
   }
 
+  // execute sets the audit context in the database and then runs individual
+  // database statements within a transaction if one hasn't been opened, which
+  // is necessary because the audit parameters will only be available within transactions.
+  async #execute(fn) {
+    const db = useDatabase();
+
+    try {
+      if (db.isTransaction) {
+        await this.#setAuditParameters(db);
+        return await fn(db);
+      } else {
+        return await db.transaction().execute(async (transaction) => {
+          await this.#setAuditParameters(transaction);
+          return fn(transaction);
+        });
+      }
+    } catch (e) {
+      throw new DatabaseError(e);
+    }
+  }
+
+  // setAuditParameters sets audit context data to configuration parameters
+  // in the database so that they can be read by the triggered auditing function.
+  async #setAuditParameters(transaction) {
+    const audit = getAuditContext();
+    const statements = [];
+
+    if (audit.identityId) {
+      statements.push(`CALL set_identity_id('${audit.identityId}');`);
+    }
+
+    if (audit.traceId) {
+      statements.push(`CALL set_trace_id('${audit.traceId}');`);
+    }
+
+    if (statements.length > 0) {
+      const stmt = statements.join("");
+      await sql.raw(stmt).execute(transaction);
+    }
+  }
+
   async create(values) {
     const name = tracing.spanNameForModelAPI(this._modelName, "create");
-    const db = useDatabase();
 
     return tracing.withSpan(name, async (span) => {
-      try {
+      return await this.#execute(async (db) => {
         const query = db
           .insertInto(this._tableName)
           .values(
@@ -70,11 +107,8 @@ class ModelAPI {
 
         span.setAttribute("sql", query.compile().sql);
         const row = await query.executeTakeFirstOrThrow();
-
         return camelCaseObject(row);
-      } catch (e) {
-        throw new DatabaseError(e);
-      }
+      });
     });
   }
 
@@ -161,48 +195,49 @@ class ModelAPI {
 
   async update(where, values) {
     const name = tracing.spanNameForModelAPI(this._modelName, "update");
-    const db = useDatabase();
 
     return tracing.withSpan(name, async (span) => {
-      let builder = db.updateTable(this._tableName).returningAll();
+      return await this.#execute(async (db) => {
+        let builder = db.updateTable(this._tableName).returningAll();
 
-      builder = builder.set(snakeCaseObject(values));
+        builder = builder.set(snakeCaseObject(values));
 
-      const context = new QueryContext([this._tableName], this._tableConfigMap);
+        const context = new QueryContext(
+          [this._tableName],
+          this._tableConfigMap
+        );
 
-      // TODO: support joins for update
-      builder = applyWhereConditions(context, builder, where);
+        // TODO: support joins for update
+        builder = applyWhereConditions(context, builder, where);
 
-      span.setAttribute("sql", builder.compile().sql);
+        span.setAttribute("sql", builder.compile().sql);
 
-      try {
         const row = await builder.executeTakeFirstOrThrow();
         return camelCaseObject(row);
-      } catch (e) {
-        throw new DatabaseError(e);
-      }
+      });
     });
   }
 
   async delete(where) {
     const name = tracing.spanNameForModelAPI(this._modelName, "delete");
-    const db = useDatabase();
 
     return tracing.withSpan(name, async (span) => {
-      let builder = db.deleteFrom(this._tableName).returning(["id"]);
+      return await this.#execute(async (db) => {
+        let builder = db.deleteFrom(this._tableName).returning(["id"]);
 
-      const context = new QueryContext([this._tableName], this._tableConfigMap);
+        const context = new QueryContext(
+          [this._tableName],
+          this._tableConfigMap
+        );
 
-      // TODO: support joins for delete
-      builder = applyWhereConditions(context, builder, where);
+        // TODO: support joins for delete
+        builder = applyWhereConditions(context, builder, where);
+
+        span.setAttribute("sql", builder.compile().sql);
 
-      span.setAttribute("sql", builder.compile().sql);
-      try {
         const row = await builder.executeTakeFirstOrThrow();
         return row.id;
-      } catch (e) {
-        throw new DatabaseError(e);
-      }
+      });
     });
   }
 

package/src/ModelAPI.test.js

@@ -1,4 +1,4 @@
-import { test, expect, beforeEach } from "vitest";
+import { test, expect, beforeEach, describe } from "vitest";
 const { ModelAPI } = require("./ModelAPI");
 const { sql } = require("kysely");
 const { useDatabase } = require("./database");
@@ -654,49 +654,6 @@ test("ModelAPI.findMany - notEquals", async () => {
   expect(rows[0].id).toEqual(p.id);
 });
 
-test("ModelAPI.findMany - complex query", async () => {
-  const p = await personAPI.create({
-    id: KSUID.randomSync().string,
-    name: "Jake",
-    favouriteNumber: 8,
-    date: new Date("2021-12-31"),
-  });
-  await personAPI.create({
-    id: KSUID.randomSync().string,
-    name: "Jane",
-    favouriteNumber: 12,
-    date: new Date("2022-01-11"),
-  });
-  const p2 = await personAPI.create({
-    id: KSUID.randomSync().string,
-    name: "Billy",
-    favouriteNumber: 16,
-    date: new Date("2022-01-05"),
-  });
-
-  const rows = await personAPI
-    // Will match Jake
-    .where({
-      name: {
-        startsWith: "J",
-        endsWith: "e",
-      },
-      favouriteNumber: {
-        lessThan: 10,
-      },
-    })
-    // Will match Billy
-    .orWhere({
-      date: {
-        after: new Date("2022-01-01"),
-        before: new Date("2022-01-10"),
-      },
-    })
-    .findMany();
-  expect(rows.length).toEqual(2);
-  expect(rows.map((x) => x.id).sort()).toEqual([p.id, p2.id].sort());
-});
-
 test("ModelAPI.findMany - relationships - one to many", async () => {
   const person = await personAPI.create({
     id: KSUID.randomSync().string,
@@ -883,38 +840,190 @@ test("ModelAPI.delete", async () => {
   await expect(personAPI.findOne({ id })).resolves.toEqual(null);
 });
 
-test("ModelAPI chained findMany with offset/limit/order by", async () => {
-  await postAPI.create({
-    id: KSUID.randomSync().string,
-    title: "adam",
+describe("QueryBuilder", () => {
+  test("ModelAPI chained findMany with offset/limit/order by", async () => {
+    await postAPI.create({
+      id: KSUID.randomSync().string,
+      title: "adam",
+    });
+    await postAPI.create({
+      id: KSUID.randomSync().string,
+      title: "dave",
+    });
+    const three = await postAPI.create({
+      id: KSUID.randomSync().string,
+      title: "jon",
+    });
+    const four = await postAPI.create({
+      id: KSUID.randomSync().string,
+      title: "jon bretman",
+    });
+
+    const results = await postAPI
+      .where({ title: { equals: "adam" } })
+      .orWhere({
+        title: { startsWith: "jon" },
+      })
+      .findMany({
+        limit: 3,
+        offset: 1,
+        orderBy: {
+          title: "asc",
+        },
+      });
+
+    // because we've offset by 1, adam should not appear in the results even though
+    // the query constraints match adam
+    expect(results).toEqual([three, four]);
   });
-  await postAPI.create({
-    id: KSUID.randomSync().string,
-    title: "dave",
+
+  test("ModelAPI.findMany - complex query", async () => {
+    const p = await personAPI.create({
+      id: KSUID.randomSync().string,
+      name: "Jake",
+      favouriteNumber: 8,
+      date: new Date("2021-12-31"),
+    });
+    await personAPI.create({
+      id: KSUID.randomSync().string,
+      name: "Jane",
+      favouriteNumber: 12,
+      date: new Date("2022-01-11"),
+    });
+    const p2 = await personAPI.create({
+      id: KSUID.randomSync().string,
+      name: "Billy",
+      favouriteNumber: 16,
+      date: new Date("2022-01-05"),
+    });
+
+    const rows = await personAPI
+      // Will match Jake
+      .where({
+        name: {
+          startsWith: "J",
+          endsWith: "e",
+        },
+        favouriteNumber: {
+          lessThan: 10,
+        },
+      })
+      // Will match Billy
+      .orWhere({
+        date: {
+          after: new Date("2022-01-01"),
+          before: new Date("2022-01-10"),
+        },
+      })
+      .findMany();
+    expect(rows.length).toEqual(2);
+    expect(rows.map((x) => x.id).sort()).toEqual([p.id, p2.id].sort());
   });
-  const three = await postAPI.create({
-    id: KSUID.randomSync().string,
-    title: "jon",
+
+  test("ModelAPI chained delete", async () => {
+    const p = await personAPI.create({
+      id: KSUID.randomSync().string,
+      name: "Jake",
+      favouriteNumber: 8,
+      date: new Date("2021-12-31"),
+    });
+
+    const deletedId = await personAPI.where({ id: p.id }).delete();
+
+    expect(deletedId).toEqual(p.id);
   });
-  const four = await postAPI.create({
-    id: KSUID.randomSync().string,
-    title: "jon bretman",
+
+  test("Model API chained delete - non existent id", async () => {
+    const fakeId = "xxx";
+
+    // the error message returned from the runtime will actually be 'record not found'
+    // but this is handled at handleRequest level
+    // no result is the error msg returned by kysely.
+    await expect(personAPI.where({ id: fakeId }).delete()).rejects.toThrow(
+      "no result"
+    );
   });
 
-  const results = await postAPI
-    .where({ title: { equals: "adam" } })
-    .orWhere({
-      title: { startsWith: "jon" },
-    })
-    .findMany({
-      limit: 3,
-      offset: 1,
-      orderBy: {
-        title: "asc",
-      },
+  test("Model API chained findOne", async () => {
+    const p = await personAPI.create({
+      id: KSUID.randomSync().string,
+      name: "Jake",
+      favouriteNumber: 8,
+      date: new Date("2021-12-31"),
     });
 
-  // because we've offset by 1, adam should not appear in the results even though
-  // the query constraints match adam
-  expect(results).toEqual([three, four]);
+    const jake = await personAPI.where({ id: p.id }).findOne();
+
+    expect(jake).toEqual(p);
+  });
+
+  // test("Model API chained order by", async () => {
+  //   const p1 = await postAPI.create({
+  //     id: KSUID.randomSync().string,
+  //     title: "adam",
+  //   });
+  //   const p2 = await postAPI.create({
+  //     id: KSUID.randomSync().string,
+  //     title: "dave",
+  //   });
+  //   const p3 = await postAPI.create({
+  //     id: KSUID.randomSync().string,
+  //     title: "jon",
+  //   });
+  //   const p4 = await postAPI.create({
+  //     id: KSUID.randomSync().string,
+  //     title: "jon bretman",
+  //   });
+
+  //   const query = postAPI
+  //     .where({ title: "adam" })
+  //     .orWhere({ title: "dave" })
+  //     .orderBy({ title: "desc" });
+
+  //   const results = await query.findMany();
+
+  //   expect(results[0].id).toEqual(p2);
+  // });
+
+  test("Model API chained update", async () => {
+    const p1 = await postAPI.create({
+      id: KSUID.randomSync().string,
+      title: "adam",
+    });
+    const p2 = await postAPI.create({
+      id: KSUID.randomSync().string,
+      title: "adam",
+    });
+    const p3 = await postAPI.create({
+      id: KSUID.randomSync().string,
+      title: "adam",
+    });
+
+    const updatedRow = await postAPI
+      .where({ id: p2.id })
+      .update({ title: "adam 2" });
+
+    expect(updatedRow.title).toEqual("adam 2");
+    expect(updatedRow.id).toEqual(p2.id);
+
+    // will fail because there is more than 1 row matching the constraints (p1 and p3)
+    await expect(
+      postAPI
+        .where({
+          title: "adam",
+        })
+        .update({ title: "bob" })
+    ).rejects.toThrowError(
+      "more than one row matched update constraints - only unique fields should be used when updating."
+    );
+
+    // will fail because there are no rows to update
+    await expect(
+      postAPI
+        .where({
+          title: "no match",
+        })
+        .update({ title: "bob" })
+    ).resolves.toEqual(null);
+  });
 });

package/src/QueryBuilder.js

@@ -5,10 +5,15 @@ const {
   applyOrderBy,
 } = require("./applyAdditionalQueryConstraints");
 const { applyJoins } = require("./applyJoins");
-const { camelCaseObject } = require("./casing");
+const {
+  camelCaseObject,
+  snakeCaseObject,
+  upperCamelCase,
+} = require("./casing");
 const { useDatabase } = require("./database");
 const { QueryContext } = require("./QueryContext");
 const tracing = require("./tracing");
+const { DatabaseError } = require("./errors");
 
 class QueryBuilder {
   /**
@@ -20,6 +25,7 @@ class QueryBuilder {
     this._tableName = tableName;
     this._context = context;
     this._db = db;
+    this._modelName = upperCamelCase(this._tableName);
   }
 
   where(where) {
@@ -43,6 +49,128 @@ class QueryBuilder {
     return new QueryBuilder(this._tableName, context, builder);
   }
 
+  sql() {
+    return this._db.compile().sql;
+  }
+
+  async update(values) {
+    const name = tracing.spanNameForModelAPI(this._modelName, "update");
+    const db = useDatabase();
+
+    return tracing.withSpan(name, async (span) => {
+      // we build a sub-query to add to the WHERE id IN (XXX) containing all of the
+      // wheres added in previous .where() chains.
+      const sub = this._db.clearSelect().select("id");
+
+      const query = db
+        .updateTable(this._tableName)
+        .set(snakeCaseObject(values))
+        .returningAll()
+        .where("id", "in", sub);
+
+      try {
+        const result = await query.execute();
+        const numUpdatedRows = result.length;
+
+        // the double (==) is important because we are comparing bigint to int
+        if (numUpdatedRows == 0) {
+          return null;
+        }
+
+        if (numUpdatedRows > 1) {
+          throw new DatabaseError(
+            new Error(
+              "more than one row matched update constraints - only unique fields should be used when updating."
+            )
+          );
+        }
+
+        return camelCaseObject(result[0]);
+      } catch (e) {
+        throw new DatabaseError(e);
+      }
+    });
+  }
+
+  async delete() {
+    const name = tracing.spanNameForModelAPI(this._modelName, "delete");
+    const db = useDatabase();
+
+    return tracing.withSpan(name, async (span) => {
+      // the original query selects the distinct id + the model.* so we need to clear
+      const sub = this._db.clearSelect().select("id");
+      let builder = db.deleteFrom(this._tableName).where("id", "in", sub);
+
+      const query = builder.returning(["id"]);
+
+      // final query looks something like:
+      // delete from "person" where "id" in (select distinct on ("person"."id") "id" from "person" where "person"."id" = $1) returning "id"
+
+      span.setAttribute("sql", query.compile().sql);
+
+      try {
+        const row = await query.executeTakeFirstOrThrow();
+        return row.id;
+      } catch (e) {
+        throw new DatabaseError(e);
+      }
+    });
+  }
+
+  async findOne() {
+    const name = tracing.spanNameForModelAPI(this._modelName, "findOne");
+    const db = useDatabase();
+
+    return tracing.withSpan(name, async (span) => {
+      let builder = db
+        .selectFrom((qb) => {
+          // this._db contains all of the where constraints and joins
+          // we want to include that in the sub query in the same way we
+          // add all of this information into the sub query in the ModelAPI's
+          // implementation of findOne
+          return this._db.as(this._tableName);
+        })
+        .selectAll();
+
+      span.setAttribute("sql", builder.compile().sql);
+
+      const row = await builder.executeTakeFirstOrThrow();
+
+      if (!row) {
+        return null;
+      }
+
+      return camelCaseObject(row);
+    });
+  }
+
+  // orderBy(conditions) {
+  //   const context = this._context.clone();
+
+  //   const builder = applyOrderBy(
+  //     context,
+  //     this._db,
+  //     this._tableName,
+  //     conditions
+  //   );
+
+  //   return new QueryBuilder(this._tableName, context, builder);
+  // }
+
+  // limit(limit) {
+  //   const context = this._context.clone();
+  //   const builder = applyLimit(context, this._db, limit);
+
+  //   return new QueryBuilder(this._tableName, context, builder);
+  // }
+
+  // offset(offset) {
+  //   const context = this._context.clone();
+  //   const builder = applyOffset(context, builder, offset);
+
+  //   return new QueryBuilder(this._tableName, context, builder);
+  // }
+
   async findMany(params) {
     const name = tracing.spanNameForModelAPI(this._modelName, "findMany");
     const db = useDatabase();

package/src/auditing.js

@@ -0,0 +1,35 @@
+const { AsyncLocalStorage } = require("async_hooks");
+const TraceParent = require("traceparent");
+
+const auditContextStorage = new AsyncLocalStorage();
+
+// withAuditContext creates the audit context from the runtime request body
+// and sets it to in AsyncLocalStorage so that this data is available to the
+// ModelAPI during the execution of actions, jobs and subscribers.
+async function withAuditContext(request, cb) {
+  let audit = {};
+  if (request.meta?.identity) {
+    audit.identityId = request.meta.identity.id;
+  }
+  if (request.meta?.tracing?.traceparent) {
+    audit.traceId = TraceParent.fromString(
+      request.meta.tracing.traceparent
+    )?.traceId;
+  }
+
+  return await auditContextStorage.run(audit, () => {
+    return cb();
+  });
+}
+
+// getAuditContext retrieves the audit context from AsyncLocalStorage.
+function getAuditContext() {
+  let auditStore = auditContextStorage.getStore();
+  return {
+    identityId: auditStore?.identityId,
+    traceId: auditStore?.traceId,
+  };
+}
+
+module.exports.withAuditContext = withAuditContext;
+module.exports.getAuditContext = getAuditContext;

package/src/consts.js

@@ -1,12 +1,12 @@
 const PROTO_ACTION_TYPES = {
-  UNKNOWN: "OPERATION_TYPE_UNKNOWN",
-  CREATE: "OPERATION_TYPE_CREATE",
-  GET: "OPERATION_TYPE_GET",
-  LIST: "OPERATION_TYPE_LIST",
-  UPDATE: "OPERATION_TYPE_UPDATE",
-  DELETE: "OPERATION_TYPE_DELETE",
-  READ: "OPERATION_TYPE_READ",
-  WRITE: "OPERATION_TYPE_WRITE",
+  UNKNOWN: "ACTION_TYPE_UNKNOWN",
+  CREATE: "ACTION_TYPE_CREATE",
+  GET: "ACTION_TYPE_GET",
+  LIST: "ACTION_TYPE_LIST",
+  UPDATE: "ACTION_TYPE_UPDATE",
+  DELETE: "ACTION_TYPE_DELETE",
+  READ: "ACTION_TYPE_READ",
+  WRITE: "ACTION_TYPE_WRITE",
   JOB: "JOB_TYPE",
   SUBSCRIBER: "SUBSCRIBER_TYPE",
 };

package/src/database.js

@@ -15,6 +15,7 @@ async function withDatabase(db, actionType, cb) {
   let requiresTransaction = true;
 
   switch (actionType) {
+    case PROTO_ACTION_TYPES.SUBSCRIBER:
     case PROTO_ACTION_TYPES.JOB:
     case PROTO_ACTION_TYPES.GET:
     case PROTO_ACTION_TYPES.LIST:
@@ -22,6 +23,7 @@ async function withDatabase(db, actionType, cb) {
       break;
   }
 
+  // db.transaction() provides a kysely instance bound to a transaction.
   if (requiresTransaction) {
     return db.transaction().execute(async (transaction) => {
       return dbInstance.run(transaction, async () => {
@@ -30,8 +32,11 @@ async function withDatabase(db, actionType, cb) {
     });
   }
 
-  return dbInstance.run(db, async () => {
-    return cb({ transaction: db });
+  // db.connection() provides a kysely instance bound to a single database connection.
+  return db.connection().execute(async (sDb) => {
+    return dbInstance.run(sDb, async () => {
+      return cb({ sDb });
+    });
   });
 }
 

package/src/errors.js

@@ -1,5 +1,13 @@
 const { createJSONRPCErrorResponse } = require("json-rpc-2.0");
-const { PermissionError } = require("./permissions");
+
+class PermissionError extends Error {}
+
+class DatabaseError extends Error {
+  constructor(error) {
+    super(error.message);
+    this.error = error;
+  }
+}
 
 const RuntimeErrors = {
   // Catchall error type for unhandled execution errors during custom function
@@ -113,4 +121,6 @@ const parseKeyMessage = (msg) => {
 module.exports = {
   errorToJSONRPCResponse,
   RuntimeErrors,
+  DatabaseError,
+  PermissionError,
 };

package/src/handleSubscriber.js

@@ -49,7 +49,7 @@ async function handleSubscriber(request, config) {
         const subscriberFunction = subscribers[request.method];
         const actionType = PROTO_ACTION_TYPES.SUBSCRIBER;
 
-        await tryExecuteSubscriber({ db, actionType }, async () => {
+        await tryExecuteSubscriber({ request, db, actionType }, async () => {
           // Return the subscriber function to the containing tryExecuteSubscriber block
           return subscriberFunction(ctx, request.params);
         });

package/src/permissions.js

@@ -1,6 +1,5 @@
 const { AsyncLocalStorage } = require("async_hooks");
-
-class PermissionError extends Error {}
+const { PermissionError } = require("./errors");
 
 const PERMISSION_STATE = {
   UNKNOWN: "unknown",

package/src/permissions.test.js

@@ -2,13 +2,11 @@ const {
   permissionsApiInstance,
   Permissions,
   PERMISSION_STATE,
-  PermissionError,
   checkBuiltInPermissions,
 } = require("./permissions");
-
 import { useDatabase } from "./database";
-
 import { beforeEach, describe, expect, test } from "vitest";
+const { PermissionError } = require("./errors");
 
 let permissions;
 let ctx = {};

package/src/tracing.js

@@ -6,7 +6,7 @@ const {
 const { NodeTracerProvider } = require("@opentelemetry/sdk-trace-node");
 const { envDetectorSync } = require("@opentelemetry/resources");
 
-function withSpan(name, fn) {
+async function withSpan(name, fn) {
   return getTracer().startActiveSpan(name, async (span) => {
     try {
       // await the thing (this means we can use try/catch)

package/src/tryExecuteFunction.js

@@ -1,22 +1,26 @@
 const { withDatabase } = require("./database");
+const { withAuditContext } = require("./auditing");
 const {
   withPermissions,
   PERMISSION_STATE,
-  PermissionError,
   checkBuiltInPermissions,
 } = require("./permissions");
+const { PermissionError } = require("./errors");
 const { PROTO_ACTION_TYPES } = require("./consts");
 
 // tryExecuteFunction will create a new database transaction around a function call
 // and handle any permissions checks. If a permission check fails, then an Error will be thrown and the catch block will be hit.
 function tryExecuteFunction(
-  { db, permitted, permissionFns, actionType, request, ctx },
+  { request, db, permitted, permissionFns, actionType, ctx },
   cb
 ) {
   return withPermissions(permitted, async ({ getPermissionState }) => {
     return withDatabase(db, actionType, async ({ transaction }) => {
-      const fnResult = await cb();
-      // api.permissions maintains an internal state of whether the current operation has been *explicitly* permitted/denied by the user in the course of their custom function, or if execution has already been permitted by a role based permission (evaluated in the main runtime).
+      const fnResult = await withAuditContext(request, async () => {
+        return cb();
+      });
+
+      // api.permissions maintains an internal state of whether the current function has been *explicitly* permitted/denied by the user in the course of their custom function, or if execution has already been permitted by a role based permission (evaluated in the main runtime).
       // we need to check that the final state is permitted or unpermitted. if it's not, then it means that the user has taken no explicit action to permit/deny
       // and therefore we default to checking the permissions defined in the schema automatically.
       switch (getPermissionState()) {

package/src/tryExecuteJob.js

@@ -1,16 +1,17 @@
 const { withDatabase } = require("./database");
-const {
-  withPermissions,
-  PERMISSION_STATE,
-  PermissionError,
-} = require("./permissions");
+const { withAuditContext } = require("./auditing");
+const { withPermissions, PERMISSION_STATE } = require("./permissions");
+const { PermissionError } = require("./errors");
 
 // tryExecuteJob will create a new database transaction around a function call
 // and handle any permissions checks. If a permission check fails, then an Error will be thrown and the catch block will be hit.
 function tryExecuteJob({ db, permitted, actionType, request }, cb) {
   return withPermissions(permitted, async ({ getPermissionState }) => {
-    return withDatabase(db, actionType, async ({ transaction }) => {
-      await cb();
+    return withDatabase(db, actionType, async () => {
+      await withAuditContext(request, async () => {
+        return cb();
+      });
+
       // api.permissions maintains an internal state of whether the current operation has been *explicitly* permitted/denied by the user in the course of their custom function, or if execution has already been permitted by a role based permission (evaluated in the main runtime).
       // we need to check that the final state is permitted or unpermitted. if it's not, then it means that the user has taken no explicit action to permit/deny
       // and therefore we default to checking the permissions defined in the schema automatically.

package/src/tryExecuteSubscriber.js

@@ -1,9 +1,12 @@
 const { withDatabase } = require("./database");
+const { withAuditContext } = require("./auditing");
 
 // tryExecuteSubscriber will create a new database connection and execute the function call.
-function tryExecuteSubscriber({ db, actionType }, cb) {
+function tryExecuteSubscriber({ request, db, actionType }, cb) {
   return withDatabase(db, actionType, async () => {
-    await cb();
+    await withAuditContext(request, async () => {
+      return cb();
+    });
   });
 }