npm - @tstdl/base - Versions diffs - 0.93.1 → 0.93.3 - Mend

@tstdl/base 0.93.1 → 0.93.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (181) hide show

package/audit/audit.model.js CHANGED Viewed

@@ -7,29 +7,156 @@ var __decorate = (this && this.__decorate) || function (decorators, target, key,
 var __metadata = (this && this.__metadata) || function (k, v) {
     if (typeof Reflect === "object" && typeof Reflect.metadata === "function") return Reflect.metadata(k, v);
 };
-import { EntityWithoutMetadata, Json, Table, Timestamp, Uuid } from '../orm/index.js';
+import { EmbeddedProperty, EntityWithoutMetadata, JsonProperty, Table, TimestampProperty, UuidProperty } from '../orm/index.js';
 import { Enumeration, StringProperty } from '../schema/index.js';
 import { ActorType, AuditOutcome, AuditSeverity } from './types.js';
+/**
+ * Represents the network details of the request that triggered the audit event.
+ */
+export class RequestDetails {
+    /**
+     * The path of the request.
+     * @example '/api/v1/users/xyz'
+     */
+    path;
+    /**
+     * The IP address of the client.
+     * @example '192.168.1.100'
+     */
+    ipAddress;
+    /**
+     * The user agent string of the client.
+     * @example 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) ...'
+     */
+    userAgent;
+    /**
+     * The session ID associated with the request, if any.
+     */
+    sessionId;
+}
+__decorate([
+    StringProperty(),
+    __metadata("design:type", Object)
+], RequestDetails.prototype, "path", void 0);
+__decorate([
+    StringProperty({ nullable: true }),
+    __metadata("design:type", Object)
+], RequestDetails.prototype, "ipAddress", void 0);
+__decorate([
+    StringProperty({ nullable: true }),
+    __metadata("design:type", Object)
+], RequestDetails.prototype, "userAgent", void 0);
+__decorate([
+    UuidProperty({ nullable: true }),
+    __metadata("design:type", Object)
+], RequestDetails.prototype, "sessionId", void 0);
+/**
+ * Represents the state of data before and after a change.
+ */
+export class ChangeDetails {
+    /**
+     * The state of the data before the change occurred.
+     */
+    before;
+    /**
+     * The state of the data after the change occurred.
+     */
+    after;
+}
+__decorate([
+    JsonProperty({ nullable: true }),
+    __metadata("design:type", Object)
+], ChangeDetails.prototype, "before", void 0);
+__decorate([
+    JsonProperty({ nullable: true }),
+    __metadata("design:type", Object)
+], ChangeDetails.prototype, "after", void 0);
+/**
+ * Represents a single audit event record in the database.
+ * This entity captures who did what, when, and to what, along with other contextual information.
+ *
+ * @template Details The type of the `details` JSON object, allowing for custom, action-specific data.
+ */
 let AuditEvent = class AuditEvent extends EntityWithoutMetadata {
+    /**
+     * The timestamp when the event occurred.
+     */
     timestamp;
+    /**
+     * The ID of the tenant in which the event occurred. Can be null for system-level events.
+     */
+    tenantId;
+    /**
+     * A unique identifier to correlate multiple related audit events.
+     */
     correlationId;
+    /**
+     * The module or feature area where the event originated, in dot-separated format.
+     * @example 'user.authentication'
+     */
     module;
+    /**
+     * The specific action that was performed.
+     * @example 'login'
+     */
     action;
+    /**
+     * The outcome of the action.
+     */
     outcome;
+    /**
+     * The severity level of the event.
+     */
     severity;
-    actorId;
+    /**
+     * The type of the actor.
+     */
     actorType;
-    targetId;
+    /**
+     * The (if possible unique) identifier of the actor who performed the action.
+     */
+    actor;
+    /**
+     * The type of the impersonator, if applicable.
+     */
+    impersonatorType;
+    /**
+     * The (if possible unique) identifier of the user who is impersonating the actor, if applicable.
+     */
+    impersonator;
+    /**
+     * The type of the target entity.
+     * @example 'User'
+     */
     targetType;
+    /**
+     * The unique identifier of the primary resource or entity that was the target of the action.
+     */
+    targetId;
+    /**
+     * Network-related details for the request that triggered the event.
+     */
+    network;
+    /**
+     * Details about data changes.
+     */
+    changes;
+    /**
+     * A flexible JSON object for storing additional, action-specific details.
+     */
     details;
 };
 __decorate([
-    Timestamp(),
+    TimestampProperty(),
     __metadata("design:type", Number)
 ], AuditEvent.prototype, "timestamp", void 0);
 __decorate([
-    Uuid({ nullable: true }),
-    __metadata("design:type", String)
+    UuidProperty({ nullable: true }),
+    __metadata("design:type", Object)
+], AuditEvent.prototype, "tenantId", void 0);
+__decorate([
+    UuidProperty({ nullable: true }),
+    __metadata("design:type", Object)
 ], AuditEvent.prototype, "correlationId", void 0);
 __decorate([
     StringProperty(),
@@ -47,24 +174,40 @@ __decorate([
     Enumeration(AuditSeverity),
     __metadata("design:type", String)
 ], AuditEvent.prototype, "severity", void 0);
-__decorate([
-    StringProperty(),
-    __metadata("design:type", String)
-], AuditEvent.prototype, "actorId", void 0);
 __decorate([
     Enumeration(ActorType),
     __metadata("design:type", String)
 ], AuditEvent.prototype, "actorType", void 0);
 __decorate([
     StringProperty(),
-    __metadata("design:type", String)
-], AuditEvent.prototype, "targetId", void 0);
+    __metadata("design:type", Object)
+], AuditEvent.prototype, "actor", void 0);
+__decorate([
+    Enumeration(ActorType, { nullable: true }),
+    __metadata("design:type", Object)
+], AuditEvent.prototype, "impersonatorType", void 0);
+__decorate([
+    StringProperty({ nullable: true }),
+    __metadata("design:type", Object)
+], AuditEvent.prototype, "impersonator", void 0);
 __decorate([
     StringProperty(),
     __metadata("design:type", String)
 ], AuditEvent.prototype, "targetType", void 0);
 __decorate([
-    Json({ nullable: true }),
+    UuidProperty(),
+    __metadata("design:type", String)
+], AuditEvent.prototype, "targetId", void 0);
+__decorate([
+    EmbeddedProperty(RequestDetails),
+    __metadata("design:type", Object)
+], AuditEvent.prototype, "network", void 0);
+__decorate([
+    EmbeddedProperty(ChangeDetails),
+    __metadata("design:type", Object)
+], AuditEvent.prototype, "changes", void 0);
+__decorate([
+    JsonProperty({ nullable: true }),
     __metadata("design:type", Object)
 ], AuditEvent.prototype, "details", void 0);
 AuditEvent = __decorate([

package/audit/auditor.d.ts CHANGED Viewed

@@ -1,42 +1,127 @@
+import type { IsEqual } from 'type-fest';
 import { type Resolvable, type resolveArgumentType } from '../injector/index.js';
-import type { UndefinableJsonObject } from '../types/index.js';
-import type { ActorType } from './types.js';
-import { AuditOutcome, AuditSeverity } from './types.js';
-export type AuditPayload = Partial<{
-    correlationId?: string;
-    outcome?: AuditOutcome;
-    severity?: AuditSeverity;
-    actorId?: string;
-    actorType?: ActorType;
+import type { TypedOmit, UndefinableJsonObject } from '../types/index.js';
+import { AuditEvent } from './audit.model.js';
+export type AuditPayload<Details extends UndefinableJsonObject = never> = Partial<TypedOmit<AuditEvent, 'id' | 'timestamp' | 'module' | 'action' | 'tenantId' | 'correlationId' | 'targetId' | 'network' | 'changes' | 'details'>> & {
+    tenantId?: string | null;
+    correlationId?: string | null;
     targetId?: string;
-    targetType?: string;
+    network?: {
+        path?: string | null;
+        ipAddress?: string | null;
+        userAgent?: string | null;
+        sessionId?: string | null;
+    };
+    changes?: {
+        before?: unknown;
+        after?: unknown;
+    };
+} & ([
+    Details
+] extends [never] ? {
     details?: UndefinableJsonObject;
-}>;
+} : IsEqual<Details, {}> extends true ? {
+    details?: UndefinableJsonObject;
+} : {
+    details: Details;
+});
 export type AuditorArgument = string | string[] | {
+    /**
+     * The module or path of modules for the auditor.
+     */
     module?: string | string[];
+    /**
+     * Default context to apply to all events logged by this auditor instance.
+     */
     context?: Partial<AuditPayload>;
 };
-export declare class Auditor implements Resolvable<AuditorArgument> {
+type AuditEvents = Record<string, UndefinableJsonObject>;
+/**
+ * A service for logging audit events.
+ * It provides a structured way to record activities within the system.
+ * The Auditor can be forked to create sub-auditors for different modules or enriched with contextual data.
+ *
+ * @template Events A record mapping event action names to their specific `details` payload types.
+ */
+export declare class Auditor<Events extends AuditEvents = Record<never, never>> implements Resolvable<AuditorArgument> {
     #private;
+    /**
+     * The module path for this auditor instance.
+     */
     readonly module: string[];
-    readonly context: Partial<Partial<{
-        correlationId?: string;
-        outcome?: AuditOutcome;
-        severity?: AuditSeverity;
-        actorId?: string;
-        actorType?: ActorType;
-        targetId?: string;
-        targetType?: string;
-        details?: UndefinableJsonObject;
-    }>>;
+    /**
+     * The context that is automatically merged into every event logged by this auditor.
+     */
+    readonly context: Partial<AuditPayload<never>>;
+    /**
+     * A dot-separated string representation of the module path.
+     * @example ['user', 'authentication'] becomes 'user.authentication'
+     */
     get moduleString(): string;
     readonly [resolveArgumentType]: AuditorArgument;
-    fork(subModule: string | string[]): Auditor;
-    with(context: Partial<AuditPayload>): Auditor;
-    withCorrelation(): Auditor;
-    log(action: string, data?: AuditPayload): Promise<void>;
-    info(action: string, data: AuditPayload): Promise<void>;
-    warn(action: string, data: AuditPayload): Promise<void>;
-    error(action: string, data: AuditPayload): Promise<void>;
-    critical(action: string, data: AuditPayload): Promise<void>;
+    /**
+     * Creates a new `Auditor` instance for a submodule.
+     * The new auditor inherits the context of its parent and appends the submodule to its module path.
+     *
+     * @param subModule The name of the submodule or a path of submodules.
+     * @returns A new `Auditor` instance for the specified submodule.
+     * @template T The event map of the new Auditor instance.
+     */
+    fork<T extends AuditEvents = Record<string, never>>(subModule: string | string[]): Auditor<T>;
+    /**
+     * Creates a new `Auditor` instance with additional context.
+     * The new context is merged with the existing context.
+     *
+     * @param context The additional context to apply.
+     * @returns A new `Auditor` instance with the merged context.
+     * @template T The event map of the new Auditor instance.
+     */
+    with<T extends AuditEvents = Events>(context: Partial<AuditPayload>): Auditor<T>;
+    /**
+     * Creates a new `Auditor` instance with a correlation ID in its context.
+     * If a correlation ID already exists in the context, it is preserved. Otherwise, a new UUID is generated.
+     *
+     * @returns A new `Auditor` instance with a correlation ID.
+     */
+    withCorrelation(): Auditor<Events>;
+    /**
+     * Logs a generic audit event.
+     *
+     * @param action The name of the action being logged. Must be a key of the `Events` type.
+     * @param data The payload containing details about the event.
+     */
+    log<const E extends Extract<keyof Events, string>>(action: E, data?: AuditPayload<Events[E]>): Promise<void>;
+    /**
+     * Logs an informational event.
+     * Automatically sets severity to `Info` and defaults outcome to `Success`.
+     *
+     * @param action The name of the action being logged.
+     * @param data The payload containing details about the event.
+     */
+    info<const E extends Extract<keyof Events, string>>(action: E, data: AuditPayload<Events[E]>): Promise<void>;
+    /**
+     * Logs a warning event.
+     * Automatically sets severity to `Warn` and defaults outcome to `Failure`.
+     *
+     * @param action The name of the action being logged.
+     * @param data The payload containing details about the event.
+     */
+    warn<const E extends Extract<keyof Events, string>>(action: E, data: AuditPayload<Events[E]>): Promise<void>;
+    /**
+     * Logs an error event.
+     * Automatically sets severity to `Error` and defaults outcome to `Failure`.
+     *
+     * @param action The name of the action being logged.
+     * @param data The payload containing details about the event.
+     */
+    error<const E extends Extract<keyof Events, string>>(action: E, data: AuditPayload<Events[E]>): Promise<void>;
+    /**
+     * Logs a critical event.
+     * Automatically sets severity to `Critical` and defaults outcome to `Failure`.
+     *
+     * @param action The name of the action being logged.
+     * @param data The payload containing details about the event.
+     */
+    critical<const E extends Extract<keyof Events, string>>(action: E, data: AuditPayload<Events[E]>): Promise<void>;
 }
+export {};

package/audit/auditor.js CHANGED Viewed

@@ -9,56 +9,171 @@ var __metadata = (this && this.__metadata) || function (k, v) {
 };
 var Auditor_1;
 import { createContextProvider } from '../context/index.js';
-import { Injectable, injectArgument } from '../injector/index.js';
-import { injectRepository } from '../orm/server/index.js';
-import { TRANSACTION_TIMESTAMP } from '../orm/sqls.js';
+import { inject, Injectable, injectArgument, provide } from '../injector/index.js';
+import { Logger, LogLevel } from '../logger/index.js';
+import { TRANSACTION_TIMESTAMP } from '../orm/index.js';
+import { DatabaseConfig, EntityRepositoryConfig, injectRepository, isInTransactionalContext } from '../orm/server/index.js';
 import { toArray } from '../utils/array/index.js';
 import { Memoize } from '../utils/function/memoize.js';
-import { filterUndefinedFromRecord, objectKeys } from '../utils/object/object.js';
+import { filterNullishFromRecord, filterUndefinedFromRecord, objectKeys } from '../utils/object/object.js';
 import { assertDefinedPass, isArray, isNotArray, isObject, isString } from '../utils/type-guards.js';
 import { AuditEvent } from './audit.model.js';
+import { AuditModuleConfig } from './module.js';
 import { AuditOutcome, AuditSeverity } from './types.js';
 const { runInAuditorCreationContext, getCurrentAuditorCreationContext, isInAuditorCreationContext } = createContextProvider('AuditorCreation');
+const severityLogLevelMap = {
+    [AuditSeverity.Info]: 'info',
+    [AuditSeverity.Warn]: 'warn',
+    [AuditSeverity.Error]: 'error',
+    [AuditSeverity.Critical]: 'error',
+};
+/**
+ * A service for logging audit events.
+ * It provides a structured way to record activities within the system.
+ * The Auditor can be forked to create sub-auditors for different modules or enriched with contextual data.
+ *
+ * @template Events A record mapping event action names to their specific `details` payload types.
+ */
 let Auditor = Auditor_1 = class Auditor {
-    #repository = injectRepository(AuditEvent);
-    #argument = isInAuditorCreationContext() ? injectArgument(this, { optional: true }) : undefined;
-    #creationContext = getCurrentAuditorCreationContext();
-    module = this.#creationContext?.module ?? moduleFromArgument(this.#argument);
-    context = this.#creationContext?.context ?? ((isObject(this.#argument) && isNotArray(this.#argument)) ? (this.#argument.context ?? {}) : {});
+    #repository = getCurrentAuditorCreationContext()?.repository ?? injectRepository(AuditEvent);
+    #logger = getCurrentAuditorCreationContext()?.logger ?? inject(Logger, 'Audit');
+    #argument = (isInAuditorCreationContext() || isInTransactionalContext()) ? undefined : injectArgument(this, { optional: true });
+    /**
+     * The module path for this auditor instance.
+     */
+    module = getCurrentAuditorCreationContext()?.module ?? moduleFromArgument(this.#argument);
+    /**
+     * The context that is automatically merged into every event logged by this auditor.
+     */
+    context = getCurrentAuditorCreationContext()?.context ?? ((isObject(this.#argument) && isNotArray(this.#argument)) ? (this.#argument.context ?? {}) : {});
+    /**
+     * A dot-separated string representation of the module path.
+     * @example ['user', 'authentication'] becomes 'user.authentication'
+     */
     get moduleString() {
         return this.module.join('.');
     }
+    /**
+     * Creates a new `Auditor` instance for a submodule.
+     * The new auditor inherits the context of its parent and appends the submodule to its module path.
+     *
+     * @param subModule The name of the submodule or a path of submodules.
+     * @returns A new `Auditor` instance for the specified submodule.
+     * @template T The event map of the new Auditor instance.
+     */
     fork(subModule) {
         return runInAuditorCreationContext({
+            repository: this.#repository,
             module: [...this.module, ...toArray(subModule)],
             context: this.context,
+            logger: this.#logger,
         }, () => new Auditor_1());
     }
+    /**
+     * Creates a new `Auditor` instance with additional context.
+     * The new context is merged with the existing context.
+     *
+     * @param context The additional context to apply.
+     * @returns A new `Auditor` instance with the merged context.
+     * @template T The event map of the new Auditor instance.
+     */
     with(context) {
         return runInAuditorCreationContext({
+            repository: this.#repository,
             module: this.module,
-            context: { ...this.context, ...context, details: { ...this.context.details, ...context.details } },
+            context: {
+                ...this.context,
+                ...context,
+                network: { ...this.context.network, ...context.network },
+                changes: { ...this.context.changes, ...context.changes },
+                details: { ...this.context.details, ...context.details },
+            },
+            logger: this.#logger,
         }, () => new Auditor_1());
     }
+    /**
+     * Creates a new `Auditor` instance with a correlation ID in its context.
+     * If a correlation ID already exists in the context, it is preserved. Otherwise, a new UUID is generated.
+     *
+     * @returns A new `Auditor` instance with a correlation ID.
+     */
     withCorrelation() {
         return this.with({ correlationId: this.context.correlationId ?? crypto.randomUUID() });
     }
+    /**
+     * Logs a generic audit event.
+     *
+     * @param action The name of the action being logged. Must be a key of the `Events` type.
+     * @param data The payload containing details about the event.
+     */
     async log(action, data) {
-        const mergedData = { ...this.context, ...data, details: filterUndefinedFromRecord({ ...this.context.details, ...data?.details }) };
+        const mergedData = {
+            ...this.context,
+            ...data,
+            network: { ...this.context.network, ...data?.network },
+            changes: { ...this.context.changes, ...data?.changes },
+            details: filterUndefinedFromRecord({ ...this.context.details, ...data?.details }),
+        };
+        const outcome = assertDefinedPass(mergedData.outcome, 'Audit outcome is required');
+        const severity = assertDefinedPass(mergedData.severity, 'Audit severity is required');
+        const logMessage = `<${this.moduleString}> ${action} - ${outcome}`;
+        const details = (objectKeys(mergedData.details).length > 0) ? mergedData.details : undefined;
+        const network = filterNullishFromRecord({
+            ipAddress: mergedData.network.ipAddress,
+            userAgent: mergedData.network.userAgent,
+            sessionId: mergedData.network.sessionId,
+        });
+        const changes = filterUndefinedFromRecord({
+            before: mergedData.changes.before,
+            after: mergedData.changes.after,
+        });
+        const logContext = filterNullishFromRecord({
+            correlationId: mergedData.correlationId,
+            actorType: mergedData.actorType,
+            actor: mergedData.actor,
+            targetType: mergedData.targetType,
+            targetId: mergedData.targetId,
+            impersonatorType: mergedData.impersonatorType,
+            impersonator: mergedData.impersonator,
+            network: (objectKeys(network).length > 0) ? network : undefined,
+            changes: (objectKeys(changes).length > 0) ? changes : undefined,
+            details,
+        });
+        this.#logger[severityLogLevelMap[severity]](logMessage, logContext);
         await this.#repository.insert({
             timestamp: TRANSACTION_TIMESTAMP,
-            correlationId: mergedData.correlationId,
+            tenantId: mergedData.tenantId ?? null,
+            correlationId: mergedData.correlationId ?? null,
             module: this.moduleString,
-            action: action,
-            outcome: assertDefinedPass(mergedData.outcome, 'Audit outcome is required'),
-            severity: assertDefinedPass(mergedData.severity, 'Audit severity is required'),
-            actorId: assertDefinedPass(mergedData.actorId, 'Audit actorId is required'),
+            action,
+            outcome,
+            severity,
             actorType: assertDefinedPass(mergedData.actorType, 'Audit actorType is required'),
-            targetId: assertDefinedPass(mergedData.targetId, 'Audit targetId is required'),
+            actor: assertDefinedPass(mergedData.actor, 'Audit actor is required'),
+            impersonatorType: mergedData.impersonatorType ?? null,
+            impersonator: mergedData.impersonator ?? null,
             targetType: assertDefinedPass(mergedData.targetType, 'Audit targetType is required'),
-            details: (objectKeys(mergedData.details).length > 0) ? mergedData.details : undefined,
+            targetId: assertDefinedPass(mergedData.targetId, 'Audit targetId is required'),
+            network: {
+                path: mergedData.network.path ?? null,
+                ipAddress: mergedData.network.ipAddress ?? null,
+                userAgent: mergedData.network.userAgent ?? null,
+                sessionId: mergedData.network.sessionId ?? null,
+            },
+            changes: {
+                before: mergedData.changes.before ?? null,
+                after: mergedData.changes.after ?? null,
+            },
+            details: details ?? null,
         });
     }
+    /**
+     * Logs an informational event.
+     * Automatically sets severity to `Info` and defaults outcome to `Success`.
+     *
+     * @param action The name of the action being logged.
+     * @param data The payload containing details about the event.
+     */
     async info(action, data) {
         await this.log(action, {
             ...data,
@@ -66,6 +181,13 @@ let Auditor = Auditor_1 = class Auditor {
             outcome: data.outcome ?? AuditOutcome.Success,
         });
     }
+    /**
+     * Logs a warning event.
+     * Automatically sets severity to `Warn` and defaults outcome to `Failure`.
+     *
+     * @param action The name of the action being logged.
+     * @param data The payload containing details about the event.
+     */
     async warn(action, data) {
         await this.log(action, {
             ...data,
@@ -73,6 +195,13 @@ let Auditor = Auditor_1 = class Auditor {
             outcome: data.outcome ?? AuditOutcome.Failure,
         });
     }
+    /**
+     * Logs an error event.
+     * Automatically sets severity to `Error` and defaults outcome to `Failure`.
+     *
+     * @param action The name of the action being logged.
+     * @param data The payload containing details about the event.
+     */
     async error(action, data) {
         await this.log(action, {
             ...data,
@@ -80,6 +209,13 @@ let Auditor = Auditor_1 = class Auditor {
             outcome: data.outcome ?? AuditOutcome.Failure,
         });
     }
+    /**
+     * Logs a critical event.
+     * Automatically sets severity to `Critical` and defaults outcome to `Failure`.
+     *
+     * @param action The name of the action being logged.
+     * @param data The payload containing details about the event.
+     */
     async critical(action, data) {
         await this.log(action, {
             ...data,
@@ -94,7 +230,12 @@ __decorate([
     __metadata("design:paramtypes", [])
 ], Auditor.prototype, "moduleString", null);
 Auditor = Auditor_1 = __decorate([
-    Injectable()
+    Injectable({
+        providers: [
+            provide(EntityRepositoryConfig, { useValue: { schema: 'audit' } }),
+            { provide: DatabaseConfig, useFactory: (_, context) => context.resolve(AuditModuleConfig).database ?? context.resolve(DatabaseConfig, undefined, { skipSelf: true }) },
+        ],
+    })
 ], Auditor);
 export { Auditor };
 function moduleFromArgument(argument) {

package/audit/drizzle/0000_bored_stick.sql ADDED Viewed

@@ -0,0 +1,26 @@
+CREATE TYPE "audit"."actor_type" AS ENUM('anonymous', 'system', 'api-key', 'user');--> statement-breakpoint
+CREATE TYPE "audit"."audit_outcome" AS ENUM('pending', 'success', 'cancelled', 'failure', 'denied');--> statement-breakpoint
+CREATE TYPE "audit"."audit_severity" AS ENUM('info', 'warn', 'error', 'critical');--> statement-breakpoint
+CREATE TABLE "audit"."event" (
+	"id" uuid PRIMARY KEY DEFAULT gen_random_uuid() NOT NULL,
+	"timestamp" timestamp with time zone NOT NULL,
+	"tenant_id" uuid,
+	"correlation_id" uuid,
+	"module" text NOT NULL,
+	"action" text NOT NULL,
+	"outcome" "audit"."audit_outcome" NOT NULL,
+	"severity" "audit"."audit_severity" NOT NULL,
+	"actor_type" "audit"."actor_type" NOT NULL,
+	"actor" text NOT NULL,
+	"impersonator_type" "audit"."actor_type",
+	"impersonator" text,
+	"target_type" text NOT NULL,
+	"target_id" uuid NOT NULL,
+	"network_path" text NOT NULL,
+	"network_ip_address" text,
+	"network_user_agent" text,
+	"network_session_id" uuid,
+	"changes_before" jsonb,
+	"changes_after" jsonb,
+	"details" jsonb
+);