@usebetterdev/audit-core 0.6.1 → 0.8.0

package/dist/index.cjs

@@ -22,20 +22,33 @@ var index_exports = {};
 __export(index_exports, {
   AUDIT_LOG_SCHEMA: () => AUDIT_LOG_SCHEMA,
   AuditQueryBuilder: () => AuditQueryBuilder,
+  VALID_OPERATIONS: () => VALID_OPERATIONS2,
+  VALID_SEVERITIES: () => VALID_SEVERITIES2,
+  assembleStats: () => assembleStats,
   betterAudit: () => betterAudit,
   createAuditApi: () => createAuditApi,
   createAuditConsoleEndpoints: () => createAuditConsoleEndpoints,
   createExportResponse: () => createExportResponse,
+  decodeCursor: () => decodeCursor,
+  defaultExtractor: () => defaultExtractor,
+  encodeCursor: () => encodeCursor,
+  escapeLikePattern: () => escapeLikePattern,
   fromBearerToken: () => fromBearerToken,
   fromCookie: () => fromCookie,
   fromHeader: () => fromHeader,
   getAuditContext: () => getAuditContext,
   handleMiddleware: () => handleMiddleware,
+  interpretFilters: () => interpretFilters,
+  isAuditOperation: () => isAuditOperation,
+  isAuditSeverity: () => isAuditSeverity,
   mergeAuditContext: () => mergeAuditContext,
   normalizeInput: () => normalizeInput,
   parseDuration: () => parseDuration,
+  resolveTimeFilter: () => resolveTimeFilter,
   runExport: () => runExport,
-  runWithAuditContext: () => runWithAuditContext
+  runWithAuditContext: () => runWithAuditContext,
+  safeExtract: () => safeExtract,
+  toCount: () => toCount
 });
 module.exports = __toCommonJS(index_exports);
 
@@ -766,8 +779,41 @@ async function runExport(executor, options) {
   return { rowCount };
 }
 
+// src/cursor.ts
+var UUID_PATTERN = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+function encodeCursor(timestamp, id) {
+  const payload = JSON.stringify({ t: timestamp.toISOString(), i: id });
+  return btoa(payload);
+}
+function decodeCursor(cursor) {
+  let parsed;
+  try {
+    parsed = JSON.parse(atob(cursor));
+  } catch {
+    throw new Error("Invalid cursor: failed to decode");
+  }
+  if (typeof parsed !== "object" || parsed === null || !("t" in parsed) || !("i" in parsed)) {
+    throw new Error("Invalid cursor: missing required fields");
+  }
+  const record = parsed;
+  const t = record["t"];
+  const i = record["i"];
+  if (typeof t !== "string" || typeof i !== "string") {
+    throw new Error("Invalid cursor: fields must be strings");
+  }
+  const timestamp = new Date(t);
+  if (isNaN(timestamp.getTime())) {
+    throw new Error("Invalid cursor: invalid timestamp");
+  }
+  if (!UUID_PATTERN.test(i)) {
+    throw new Error("Invalid cursor: id must be a valid UUID");
+  }
+  return { timestamp, id: i };
+}
+
 // src/audit-api.ts
-var VALID_SEVERITIES = /* @__PURE__ */ new Set(["low", "medium", "high", "critical"]);
+var SEVERITY_VALUES = ["low", "medium", "high", "critical"];
+var VALID_SEVERITIES = new Set(SEVERITY_VALUES);
 var VALID_OPERATIONS = /* @__PURE__ */ new Set(["INSERT", "UPDATE", "DELETE"]);
 function toTimeFilter(date) {
   return { date };
@@ -779,18 +825,23 @@ function buildQuerySpec(filters, effectiveLimit) {
     limit
   };
   if (filters.tableName !== void 0) {
-    spec.filters.resource = { tableName: filters.tableName };
+    spec.filters.resource = filters.recordId !== void 0 ? { tableName: filters.tableName, recordId: filters.recordId } : { tableName: filters.tableName };
   }
   if (filters.actorId !== void 0) {
-    spec.filters.actorIds = [filters.actorId];
+    const raw = filters.actorId.split(",").map((v) => v.trim()).filter((v) => v.length > 0);
+    spec.filters.actorIds = [...new Set(raw)];
   }
   if (filters.severity !== void 0) {
-    if (!VALID_SEVERITIES.has(filters.severity)) {
-      throw new Error(
-        `Invalid severity "${filters.severity}". Must be one of: low, medium, high, critical`
-      );
+    const raw = filters.severity.split(",").map((v) => v.trim()).filter((v) => v.length > 0);
+    const unique = [...new Set(raw)];
+    for (const value of unique) {
+      if (!VALID_SEVERITIES.has(value)) {
+        throw new Error(
+          `Invalid severity "${value}". Must be one of: low, medium, high, critical`
+        );
+      }
     }
-    spec.filters.severities = [filters.severity];
+    spec.filters.severities = unique.filter((v) => VALID_SEVERITIES.has(v));
   }
   if (filters.compliance !== void 0) {
     spec.filters.compliance = [filters.compliance];
@@ -816,6 +867,12 @@ function buildQuerySpec(filters, effectiveLimit) {
   if (filters.cursor !== void 0) {
     spec.cursor = filters.cursor;
   }
+  if (filters.direction === "before") {
+    spec.sortOrder = "asc";
+  }
+  if (filters.order !== void 0) {
+    spec.sortOrder = filters.order;
+  }
   return spec;
 }
 function createAuditApi(adapter, registry, maxQueryLimit) {
@@ -854,12 +911,66 @@ function createAuditApi(adapter, registry, maxQueryLimit) {
   }
   async function queryLogs(filters) {
     const queryFn = requireQueryLogs();
-    const spec = buildQuerySpec(filters ?? {}, effectiveLimit);
+    const resolved = filters ?? {};
+    const spec = buildQuerySpec(resolved, effectiveLimit);
     const result = await queryFn(spec);
+    if (resolved.direction === "before") {
+      const entries = [...result.entries].reverse();
+      const lastEntry = entries[entries.length - 1];
+      return {
+        entries,
+        // Adapter's "next" in ASC = newer entries = our prev
+        ...result.nextCursor !== void 0 && { prevCursor: result.nextCursor },
+        hasPrevPage: result.nextCursor !== void 0,
+        // Since we started from a cursor, there are older entries behind it
+        ...resolved.cursor !== void 0 && lastEntry !== void 0 && { nextCursor: encodeCursor(lastEntry.timestamp, lastEntry.id) },
+        hasNextPage: resolved.cursor !== void 0
+      };
+    }
+    const firstEntry = result.entries[0];
+    const prevCursor = resolved.cursor !== void 0 && firstEntry !== void 0 ? encodeCursor(firstEntry.timestamp, firstEntry.id) : void 0;
     return {
       entries: result.entries,
       ...result.nextCursor !== void 0 && { nextCursor: result.nextCursor },
-      hasNextPage: result.nextCursor !== void 0
+      hasNextPage: result.nextCursor !== void 0,
+      hasPrevPage: resolved.cursor !== void 0,
+      ...prevCursor !== void 0 && { prevCursor }
+    };
+  }
+  async function queryLogsAround(anchorId, filters) {
+    const queryFn = requireQueryLogs();
+    const getLogFn = requireGetLogById();
+    const anchor = await getLogFn(anchorId);
+    if (anchor === null) {
+      return { entries: [], hasNextPage: false, hasPrevPage: false };
+    }
+    const resolved = filters ?? {};
+    const limit = Math.min(resolved.limit ?? effectiveLimit, effectiveLimit);
+    const remaining = Math.max(limit - 1, 0);
+    const olderCount = Math.ceil(remaining / 2);
+    const newerCount = Math.floor(remaining / 2);
+    const anchorCursor = encodeCursor(anchor.timestamp, anchor.id);
+    const { direction: _dir, ...baseFilters } = resolved;
+    const olderSpec = buildQuerySpec({ ...baseFilters, cursor: anchorCursor, limit: olderCount }, effectiveLimit);
+    olderSpec.sortOrder = "desc";
+    const newerSpec = buildQuerySpec({ ...baseFilters, cursor: anchorCursor, limit: newerCount }, effectiveLimit);
+    newerSpec.sortOrder = "asc";
+    const [olderResult, newerResult] = await Promise.all([
+      queryFn(olderSpec),
+      queryFn(newerSpec)
+    ]);
+    const newerEntries = [...newerResult.entries].reverse();
+    const entries = [...newerEntries, anchor, ...olderResult.entries];
+    const hasNextPage = olderResult.nextCursor !== void 0;
+    const hasPrevPage = newerResult.nextCursor !== void 0;
+    const oldest = entries[entries.length - 1];
+    const newest = entries[0];
+    return {
+      entries,
+      hasNextPage,
+      hasPrevPage,
+      ...hasNextPage && oldest !== void 0 && { nextCursor: encodeCursor(oldest.timestamp, oldest.id) },
+      ...hasPrevPage && newest !== void 0 && { prevCursor: encodeCursor(newest.timestamp, newest.id) }
     };
   }
   async function getLog(id) {
@@ -904,7 +1015,7 @@ function createAuditApi(adapter, registry, maxQueryLimit) {
   }
   async function exportLogs(filters, format) {
     const queryFn = requireQueryLogs();
-    const exportFormat = format ?? "json";
+    const exportFormat = format ?? "csv";
     const spec = buildQuerySpec(filters ?? {}, effectiveLimit);
     const queryBuilder = new AuditQueryBuilder(
       (s) => queryFn(s),
@@ -930,7 +1041,7 @@ function createAuditApi(adapter, registry, maxQueryLimit) {
     const purgeFn = requirePurgeLogs();
     return purgeFn(options);
   }
-  return { queryLogs, getLog, getStats, getEnrichments, exportLogs, purgeLogs };
+  return { queryLogs, queryLogsAround, getLog, getStats, getEnrichments, exportLogs, purgeLogs };
 }
 
 // ../../shared/console-utils/src/index.ts
@@ -964,7 +1075,7 @@ function exceedsMaxLength(value) {
   return value !== void 0 && value.length > MAX_PARAM_LENGTH;
 }
 function hasLongQueryParam(query) {
-  return exceedsMaxLength(query.tableName) || exceedsMaxLength(query.actorId) || exceedsMaxLength(query.cursor) || exceedsMaxLength(query.operation) || exceedsMaxLength(query.severity) || exceedsMaxLength(query.compliance) || exceedsMaxLength(query.search);
+  return exceedsMaxLength(query.tableName) || exceedsMaxLength(query.recordId) || exceedsMaxLength(query.actorId) || exceedsMaxLength(query.cursor) || exceedsMaxLength(query.operation) || exceedsMaxLength(query.severity) || exceedsMaxLength(query.compliance) || exceedsMaxLength(query.search) || exceedsMaxLength(query.around) || exceedsMaxLength(query.direction) || exceedsMaxLength(query.order);
 }
 function parseConsoleQueryFilters(query) {
   const filters = {};
@@ -978,6 +1089,12 @@ function parseConsoleQueryFilters(query) {
   if (query.tableName !== void 0) {
     filters.tableName = query.tableName;
   }
+  if (query.recordId !== void 0) {
+    if (query.tableName === void 0) {
+      return { error: "'recordId' requires 'tableName'" };
+    }
+    filters.recordId = query.recordId;
+  }
   if (query.operation !== void 0) {
     filters.operation = query.operation;
   }
@@ -996,6 +1113,18 @@ function parseConsoleQueryFilters(query) {
   if (query.cursor !== void 0) {
     filters.cursor = query.cursor;
   }
+  if (query.direction !== void 0) {
+    if (query.direction !== "after" && query.direction !== "before") {
+      return { error: "Invalid 'direction': must be 'after' or 'before'" };
+    }
+    filters.direction = query.direction;
+  }
+  if (query.order !== void 0) {
+    if (query.order !== "asc" && query.order !== "desc") {
+      return { error: "Invalid 'order': must be 'asc' or 'desc'" };
+    }
+    filters.order = query.order;
+  }
   if (query.since !== void 0) {
     const since = parseIsoDate(query.since);
     if (since === void 0) {
@@ -1010,6 +1139,9 @@ function parseConsoleQueryFilters(query) {
     }
     filters.until = until;
   }
+  if (filters.since !== void 0 && filters.until !== void 0 && filters.since >= filters.until) {
+    return { error: "'since' must be before 'until'" };
+  }
   return { filters };
 }
 function serializeLog(log) {
@@ -1026,14 +1158,22 @@ function createAuditConsoleEndpoints(api) {
       requiredPermission: "read",
       async handler(request) {
         try {
-          if (hasLongQueryParam(request.query)) {
+          const query = request.query;
+          if (hasLongQueryParam(query)) {
             return { status: 400, body: { error: "Query parameter exceeds maximum length" } };
           }
-          const parsed = parseConsoleQueryFilters(request.query);
+          const parsed = parseConsoleQueryFilters(query);
           if ("error" in parsed) {
             return { status: 400, body: { error: parsed.error } };
           }
-          const result = await api.queryLogs(parsed.filters);
+          if (parsed.filters.order !== void 0 && parsed.filters.direction !== void 0) {
+            return { status: 400, body: { error: "'order' cannot be combined with 'direction'" } };
+          }
+          const around = query.around;
+          if (around !== void 0 && (parsed.filters.cursor !== void 0 || parsed.filters.direction !== void 0 || parsed.filters.order !== void 0)) {
+            return { status: 400, body: { error: "'around' cannot be combined with 'cursor', 'direction', or 'order'" } };
+          }
+          const result = around !== void 0 ? await api.queryLogsAround(around, parsed.filters) : await api.queryLogs(parsed.filters);
           const body = {
             entries: result.entries.map(serializeLog),
             hasNextPage: result.hasNextPage
@@ -1041,6 +1181,12 @@ function createAuditConsoleEndpoints(api) {
           if (result.nextCursor !== void 0) {
             body.nextCursor = result.nextCursor;
           }
+          if (result.prevCursor !== void 0) {
+            body.prevCursor = result.prevCursor;
+          }
+          if (result.hasPrevPage) {
+            body.hasPrevPage = result.hasPrevPage;
+          }
           return { status: 200, body };
         } catch {
           return { status: 500, body: { error: "Internal server error" } };
@@ -1073,14 +1219,28 @@ function createAuditConsoleEndpoints(api) {
       requiredPermission: "read",
       async handler(request) {
         try {
+          const query = request.query;
+          if (exceedsMaxLength(query.since) || exceedsMaxLength(query.until)) {
+            return { status: 400, body: { error: "Query parameter exceeds maximum length" } };
+          }
           const options = {};
-          if (request.query.since !== void 0) {
-            const since = parseIsoDate(request.query.since);
+          if (query.since !== void 0) {
+            const since = parseIsoDate(query.since);
             if (since === void 0) {
               return { status: 400, body: { error: "Invalid 'since': must be an ISO-8601 date" } };
             }
             options.since = since;
           }
+          if (query.until !== void 0) {
+            const until = parseIsoDate(query.until);
+            if (until === void 0) {
+              return { status: 400, body: { error: "Invalid 'until': must be an ISO-8601 date" } };
+            }
+            options.until = until;
+          }
+          if (options.since !== void 0 && options.until !== void 0 && options.since >= options.until) {
+            return { status: 400, body: { error: "'since' must be before 'until'" } };
+          }
           const stats = await api.getStats(options);
           return { status: 200, body: stats };
         } catch {
@@ -1107,20 +1267,33 @@ function createAuditConsoleEndpoints(api) {
       requiredPermission: "read",
       async handler(request) {
         try {
-          const format = request.query.format;
+          const query = request.query;
+          const format = query.format;
           if (format !== void 0 && format !== "csv" && format !== "json") {
             return { status: 400, body: { error: "Invalid format. Must be 'csv' or 'json'" } };
           }
-          if (hasLongQueryParam(request.query)) {
+          if (hasLongQueryParam(query)) {
             return { status: 400, body: { error: "Query parameter exceeds maximum length" } };
           }
-          const parsed = parseConsoleQueryFilters(request.query);
+          const parsed = parseConsoleQueryFilters(query);
           if ("error" in parsed) {
             return { status: 400, body: { error: parsed.error } };
           }
-          const exportFormat = format;
-          const data = await api.exportLogs(parsed.filters, exportFormat);
-          return { status: 200, body: data };
+          const effectiveFormat = format ?? "csv";
+          const data = await api.exportLogs(parsed.filters, effectiveFormat);
+          const contentType = effectiveFormat === "csv" ? "text/csv; charset=utf-8" : "application/json; charset=utf-8";
+          const ext = effectiveFormat === "csv" ? "csv" : "json";
+          const dateStamp = (/* @__PURE__ */ new Date()).toISOString().slice(0, 10);
+          const filename = `audit-export-${dateStamp}.${ext}`;
+          return {
+            status: 200,
+            body: data,
+            headers: {
+              "content-type": contentType,
+              "content-disposition": `attachment; filename="${filename}"`,
+              "cache-control": "no-cache"
+            }
+          };
         } catch {
           return { status: 500, body: { error: "Internal server error" } };
         }
@@ -1509,6 +1682,139 @@ var AUDIT_LOG_SCHEMA = {
   }
 };
 
+// src/escape.ts
+function escapeLikePattern(input) {
+  return input.replace(/[%_\\]/g, "\\$&");
+}
+
+// src/time-filter.ts
+function resolveTimeFilter(filter) {
+  if ("date" in filter && filter.date !== void 0) {
+    return filter.date;
+  }
+  if ("duration" in filter && filter.duration !== void 0) {
+    return parseDuration(filter.duration);
+  }
+  throw new Error("TimeFilter must have either date or duration");
+}
+
+// src/filter-builder.ts
+function interpretFilters(filters, options) {
+  const conditions = [];
+  if (filters.resource !== void 0) {
+    conditions.push({ kind: "eq", field: "tableName", value: filters.resource.tableName });
+    if (filters.resource.recordId !== void 0) {
+      conditions.push({ kind: "eq", field: "recordId", value: filters.resource.recordId });
+    }
+  }
+  pushArrayFilter(conditions, "actorId", filters.actorIds);
+  pushArrayFilter(conditions, "severity", filters.severities);
+  pushArrayFilter(conditions, "operation", filters.operations);
+  if (filters.since !== void 0) {
+    conditions.push({ kind: "timestampGte", value: resolveTimeFilter(filters.since) });
+  }
+  if (filters.until !== void 0) {
+    conditions.push({ kind: "timestampLte", value: resolveTimeFilter(filters.until) });
+  }
+  if (filters.searchText !== void 0 && filters.searchText.length > 0) {
+    const escaped = escapeLikePattern(filters.searchText);
+    conditions.push({ kind: "search", pattern: `%${escaped}%` });
+  }
+  if (filters.compliance !== void 0 && filters.compliance.length > 0) {
+    conditions.push({ kind: "compliance", tags: [...filters.compliance] });
+  }
+  if (options?.cursor !== void 0) {
+    conditions.push({
+      kind: "cursor",
+      timestamp: options.cursor.timestamp,
+      id: options.cursor.id,
+      sortOrder: options.sortOrder ?? "desc"
+    });
+  }
+  return conditions;
+}
+function pushArrayFilter(conditions, field, values) {
+  if (values === void 0 || values.length === 0) {
+    return;
+  }
+  if (values.length === 1) {
+    const first = values[0];
+    if (first !== void 0) {
+      conditions.push({ kind: "eq", field, value: first });
+    }
+  } else {
+    conditions.push({ kind: "in", field, values: [...values] });
+  }
+}
+
+// src/stats.ts
+function toCount(value) {
+  if (typeof value === "number") {
+    return value;
+  }
+  if (typeof value === "string") {
+    const n = Number(value);
+    return Number.isNaN(n) ? 0 : n;
+  }
+  if (typeof value === "bigint") {
+    return Number(value);
+  }
+  return 0;
+}
+function assembleStats(summaryRows, eventsPerDayRows, topActorsRows, topTablesRows, operationRows, severityRows) {
+  const summary = summaryRows[0];
+  const totalLogs = summary !== void 0 ? toCount(summary.totalLogs) : 0;
+  const tablesAudited = summary !== void 0 ? toCount(summary.tablesAudited) : 0;
+  const eventsPerDay = eventsPerDayRows.map((row) => ({
+    date: row.date instanceof Date ? row.date.toISOString().split("T")[0] ?? "" : String(row.date),
+    count: toCount(row.count)
+  }));
+  const topActors = topActorsRows.map((row) => ({
+    actorId: String(row.actorId),
+    count: toCount(row.count)
+  }));
+  const topTables = topTablesRows.map((row) => ({
+    tableName: String(row.tableName),
+    count: toCount(row.count)
+  }));
+  const operationBreakdown = {};
+  for (const row of operationRows) {
+    operationBreakdown[String(row.operation)] = toCount(row.count);
+  }
+  const severityBreakdown = {};
+  for (const row of severityRows) {
+    severityBreakdown[String(row.severity)] = toCount(row.count);
+  }
+  return {
+    totalLogs,
+    tablesAudited,
+    eventsPerDay,
+    topActors,
+    topTables,
+    operationBreakdown,
+    severityBreakdown
+  };
+}
+
+// src/validation.ts
+var VALID_OPERATIONS2 = /* @__PURE__ */ new Set([
+  "INSERT",
+  "UPDATE",
+  "DELETE"
+]);
+var VALID_SEVERITIES2 = /* @__PURE__ */ new Set([
+  "low",
+  "medium",
+  "high",
+  "critical"
+]);
+function isAuditOperation(value) {
+  return VALID_OPERATIONS2.has(value);
+}
+function isAuditSeverity(value) {
+  return VALID_SEVERITIES2.has(value);
+}
+
 // src/context-extractor.ts
 function decodeJwtPayload(token) {
   try {
@@ -1586,6 +1892,9 @@ function fromHeader(headerName) {
     return value.trim();
   };
 }
+var defaultExtractor = {
+  actor: fromBearerToken("sub")
+};
 async function safeExtract(extractor, request, onError) {
   if (!extractor) {
     return void 0;
@@ -1612,19 +1921,32 @@ async function handleMiddleware(extractor, request, next, options = {}) {
 0 && (module.exports = {
   AUDIT_LOG_SCHEMA,
   AuditQueryBuilder,
+  VALID_OPERATIONS,
+  VALID_SEVERITIES,
+  assembleStats,
   betterAudit,
   createAuditApi,
   createAuditConsoleEndpoints,
   createExportResponse,
+  decodeCursor,
+  defaultExtractor,
+  encodeCursor,
+  escapeLikePattern,
   fromBearerToken,
   fromCookie,
   fromHeader,
   getAuditContext,
   handleMiddleware,
+  interpretFilters,
+  isAuditOperation,
+  isAuditSeverity,
   mergeAuditContext,
   normalizeInput,
   parseDuration,
+  resolveTimeFilter,
   runExport,
-  runWithAuditContext
+  runWithAuditContext,
+  safeExtract,
+  toCount
 });
 //# sourceMappingURL=index.cjs.map