@usebetterdev/audit-drizzle 0.4.0-beta.1

package/dist/index.js

@@ -0,0 +1,845 @@
+// src/adapter.ts
+import { and as and2, eq as eq2 } from "drizzle-orm";
+
+// src/schema.ts
+import {
+  pgTable,
+  uuid,
+  timestamp,
+  text,
+  jsonb,
+  boolean,
+  index
+} from "drizzle-orm/pg-core";
+var auditLogs = pgTable(
+  "audit_logs",
+  {
+    id: uuid().primaryKey().defaultRandom(),
+    timestamp: timestamp({ withTimezone: true }).notNull().defaultNow(),
+    tableName: text("table_name").notNull(),
+    operation: text().notNull(),
+    recordId: text("record_id").notNull(),
+    actorId: text("actor_id"),
+    beforeData: jsonb("before_data"),
+    afterData: jsonb("after_data"),
+    diff: jsonb(),
+    label: text(),
+    description: text(),
+    severity: text(),
+    compliance: jsonb(),
+    notify: boolean(),
+    reason: text(),
+    metadata: jsonb(),
+    redactedFields: jsonb("redacted_fields")
+  },
+  (table) => [
+    index("audit_logs_table_name_timestamp_idx").on(
+      table.tableName,
+      table.timestamp
+    ),
+    index("audit_logs_actor_id_idx").on(table.actorId),
+    index("audit_logs_record_id_idx").on(table.recordId),
+    index("audit_logs_table_name_record_id_idx").on(
+      table.tableName,
+      table.recordId
+    ),
+    index("audit_logs_operation_idx").on(table.operation),
+    index("audit_logs_timestamp_idx").on(table.timestamp),
+    index("audit_logs_timestamp_id_idx").on(table.timestamp, table.id)
+  ]
+);
+
+// src/column-map.ts
+var VALID_OPERATIONS = /* @__PURE__ */ new Set([
+  "INSERT",
+  "UPDATE",
+  "DELETE"
+]);
+var VALID_SEVERITIES = /* @__PURE__ */ new Set([
+  "low",
+  "medium",
+  "high",
+  "critical"
+]);
+function isAuditOperation(value) {
+  return VALID_OPERATIONS.has(value);
+}
+function isAuditSeverity(value) {
+  return VALID_SEVERITIES.has(value);
+}
+function auditLogToRow(log) {
+  const row = {
+    id: log.id,
+    timestamp: log.timestamp,
+    tableName: log.tableName,
+    operation: log.operation,
+    recordId: log.recordId
+  };
+  if (log.actorId !== void 0) {
+    row.actorId = log.actorId;
+  }
+  if (log.beforeData !== void 0) {
+    row.beforeData = log.beforeData;
+  }
+  if (log.afterData !== void 0) {
+    row.afterData = log.afterData;
+  }
+  if (log.diff !== void 0) {
+    row.diff = log.diff;
+  }
+  if (log.label !== void 0) {
+    row.label = log.label;
+  }
+  if (log.description !== void 0) {
+    row.description = log.description;
+  }
+  if (log.severity !== void 0) {
+    row.severity = log.severity;
+  }
+  if (log.compliance !== void 0) {
+    row.compliance = log.compliance;
+  }
+  if (log.notify !== void 0) {
+    row.notify = log.notify;
+  }
+  if (log.reason !== void 0) {
+    row.reason = log.reason;
+  }
+  if (log.metadata !== void 0) {
+    row.metadata = log.metadata;
+  }
+  if (log.redactedFields !== void 0) {
+    row.redactedFields = log.redactedFields;
+  }
+  return row;
+}
+function rowToAuditLog(row) {
+  if (!isAuditOperation(row.operation)) {
+    throw new Error(
+      `Invalid audit operation: "${row.operation}". Expected one of: INSERT, UPDATE, DELETE`
+    );
+  }
+  const log = {
+    id: row.id,
+    timestamp: row.timestamp,
+    tableName: row.tableName,
+    operation: row.operation,
+    recordId: row.recordId
+  };
+  if (row.actorId !== null) {
+    log.actorId = row.actorId;
+  }
+  if (row.beforeData !== null) {
+    log.beforeData = row.beforeData;
+  }
+  if (row.afterData !== null) {
+    log.afterData = row.afterData;
+  }
+  if (row.diff !== null) {
+    log.diff = row.diff;
+  }
+  if (row.label !== null) {
+    log.label = row.label;
+  }
+  if (row.description !== null) {
+    log.description = row.description;
+  }
+  if (row.severity !== null && row.severity !== void 0) {
+    if (!isAuditSeverity(row.severity)) {
+      throw new Error(
+        `Invalid audit severity: "${row.severity}". Expected one of: low, medium, high, critical`
+      );
+    }
+    log.severity = row.severity;
+  }
+  if (row.compliance !== null) {
+    log.compliance = row.compliance;
+  }
+  if (row.notify !== null) {
+    log.notify = row.notify;
+  }
+  if (row.reason !== null) {
+    log.reason = row.reason;
+  }
+  if (row.metadata !== null) {
+    log.metadata = row.metadata;
+  }
+  if (row.redactedFields !== null) {
+    log.redactedFields = row.redactedFields;
+  }
+  return log;
+}
+
+// src/query.ts
+import { parseDuration } from "@usebetterdev/audit-core";
+import {
+  and,
+  or,
+  eq,
+  gt,
+  lt,
+  gte,
+  lte,
+  inArray,
+  ilike,
+  asc,
+  desc,
+  sql
+} from "drizzle-orm";
+function escapeLikePattern(input) {
+  return input.replace(/[%_\\]/g, "\\$&");
+}
+function resolveTimeFilter(filter) {
+  if ("date" in filter && filter.date !== void 0) {
+    return filter.date;
+  }
+  if ("duration" in filter && filter.duration !== void 0) {
+    return parseDuration(filter.duration);
+  }
+  throw new Error("TimeFilter must have either date or duration");
+}
+function buildWhereConditions(filters) {
+  const conditions = [];
+  if (filters.resource !== void 0) {
+    conditions.push(eq(auditLogs.tableName, filters.resource.tableName));
+    if (filters.resource.recordId !== void 0) {
+      conditions.push(eq(auditLogs.recordId, filters.resource.recordId));
+    }
+  }
+  if (filters.actorIds !== void 0 && filters.actorIds.length > 0) {
+    if (filters.actorIds.length === 1) {
+      conditions.push(eq(auditLogs.actorId, filters.actorIds[0]));
+    } else {
+      conditions.push(inArray(auditLogs.actorId, filters.actorIds));
+    }
+  }
+  if (filters.severities !== void 0 && filters.severities.length > 0) {
+    if (filters.severities.length === 1) {
+      conditions.push(eq(auditLogs.severity, filters.severities[0]));
+    } else {
+      conditions.push(inArray(auditLogs.severity, filters.severities));
+    }
+  }
+  if (filters.operations !== void 0 && filters.operations.length > 0) {
+    if (filters.operations.length === 1) {
+      conditions.push(eq(auditLogs.operation, filters.operations[0]));
+    } else {
+      conditions.push(inArray(auditLogs.operation, filters.operations));
+    }
+  }
+  if (filters.since !== void 0) {
+    conditions.push(gte(auditLogs.timestamp, resolveTimeFilter(filters.since)));
+  }
+  if (filters.until !== void 0) {
+    conditions.push(lte(auditLogs.timestamp, resolveTimeFilter(filters.until)));
+  }
+  if (filters.searchText !== void 0 && filters.searchText.length > 0) {
+    const escaped = escapeLikePattern(filters.searchText);
+    const pattern = `%${escaped}%`;
+    const searchCondition = or(
+      ilike(auditLogs.label, pattern),
+      ilike(auditLogs.description, pattern)
+    );
+    if (searchCondition !== void 0) {
+      conditions.push(searchCondition);
+    }
+  }
+  if (filters.compliance !== void 0 && filters.compliance.length > 0) {
+    conditions.push(
+      sql`${auditLogs.compliance} @> ${JSON.stringify(filters.compliance)}::jsonb`
+    );
+  }
+  if (conditions.length === 0) {
+    return void 0;
+  }
+  return and(...conditions);
+}
+function buildCursorCondition(cursor, sortOrder) {
+  const decoded = decodeCursor(cursor);
+  const tsCompare = sortOrder === "asc" ? gt : lt;
+  const idCompare = sortOrder === "asc" ? gt : lt;
+  return or(
+    tsCompare(auditLogs.timestamp, decoded.timestamp),
+    and(
+      eq(auditLogs.timestamp, decoded.timestamp),
+      idCompare(auditLogs.id, decoded.id)
+    )
+  );
+}
+function buildOrderBy(sortOrder) {
+  if (sortOrder === "asc") {
+    return [asc(auditLogs.timestamp), asc(auditLogs.id)];
+  }
+  return [desc(auditLogs.timestamp), desc(auditLogs.id)];
+}
+function encodeCursor(timestamp2, id) {
+  const payload = JSON.stringify({ t: timestamp2.toISOString(), i: id });
+  return btoa(payload);
+}
+var UUID_PATTERN = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+function decodeCursor(cursor) {
+  let parsed;
+  try {
+    parsed = JSON.parse(atob(cursor));
+  } catch {
+    throw new Error("Invalid cursor: failed to decode");
+  }
+  if (typeof parsed !== "object" || parsed === null || !("t" in parsed) || !("i" in parsed)) {
+    throw new Error("Invalid cursor: missing required fields");
+  }
+  const { t, i } = parsed;
+  if (typeof t !== "string" || typeof i !== "string") {
+    throw new Error("Invalid cursor: fields must be strings");
+  }
+  const timestamp2 = new Date(t);
+  if (isNaN(timestamp2.getTime())) {
+    throw new Error("Invalid cursor: invalid timestamp");
+  }
+  if (!UUID_PATTERN.test(i)) {
+    throw new Error("Invalid cursor: id must be a valid UUID");
+  }
+  return { timestamp: timestamp2, id: i };
+}
+
+// src/adapter.ts
+var DEFAULT_LIMIT = 50;
+var MAX_LIMIT = 250;
+function drizzleAuditAdapter(db) {
+  return {
+    async writeLog(log) {
+      const row = auditLogToRow(log);
+      await db.insert(auditLogs).values(row).execute();
+    },
+    async queryLogs(spec) {
+      const sortOrder = spec.sortOrder ?? "desc";
+      const limit = Math.min(spec.limit ?? DEFAULT_LIMIT, MAX_LIMIT);
+      const whereCondition = buildWhereConditions(spec.filters);
+      const cursorCondition = spec.cursor !== void 0 ? buildCursorCondition(spec.cursor, sortOrder) : void 0;
+      const combined = and2(whereCondition, cursorCondition);
+      const fetchLimit = limit + 1;
+      const orderColumns = buildOrderBy(sortOrder);
+      const query = db.select().from(auditLogs).where(combined).orderBy(...orderColumns).limit(fetchLimit);
+      const rows = await query;
+      const hasNextPage = rows.length > limit;
+      const resultRows = hasNextPage ? rows.slice(0, -1) : rows;
+      const entries = resultRows.map(rowToAuditLog);
+      const lastRow = resultRows[resultRows.length - 1];
+      if (hasNextPage && lastRow !== void 0) {
+        return { entries, nextCursor: encodeCursor(lastRow.timestamp, lastRow.id) };
+      }
+      return { entries };
+    },
+    async getLogById(id) {
+      const query = db.select().from(auditLogs).where(eq2(auditLogs.id, id)).limit(1);
+      const rows = await query;
+      const row = rows[0];
+      if (row === void 0) {
+        return null;
+      }
+      return rowToAuditLog(row);
+    }
+  };
+}
+
+// src/proxy.ts
+import { getTableName } from "drizzle-orm";
+
+// src/operation-map.ts
+var OPERATION_MAP = {
+  insert: "INSERT",
+  update: "UPDATE",
+  delete: "DELETE"
+};
+
+// src/proxy.ts
+function withAuditProxy(db, captureLog, options) {
+  const primaryKey = options?.primaryKey ?? "id";
+  const missingRecordIdPolicy = options?.onMissingRecordId ?? "warn";
+  const skipBeforeState = new Set(options?.skipBeforeState ?? []);
+  const maxBeforeStateRows = options?.maxBeforeStateRows ?? 1e3;
+  const handleError = (error, table, op) => {
+    try {
+      if (options?.onError !== void 0) {
+        options.onError(error);
+      } else {
+        const msg = error instanceof Error ? error.message : String(error);
+        console.error(
+          `audit-drizzle: capture failed for ${op} on ${table} \u2014 ${msg}`
+        );
+      }
+    } catch {
+    }
+  };
+  return new Proxy(db, {
+    get(target, prop, receiver) {
+      if (typeof prop === "string" && (prop === "insert" || prop === "update" || prop === "delete")) {
+        const method = prop;
+        const originalMethod = Reflect.get(target, prop, receiver);
+        return (table) => {
+          const tableName = getTableName(table);
+          const detectedPk = getPrimaryKeyColumnName(table);
+          const effectivePk = detectedPk ?? primaryKey;
+          const originalBuilder = originalMethod.call(target, table);
+          const ctx = {
+            tableName,
+            operation: OPERATION_MAP[method],
+            captureLog,
+            primaryKey: effectivePk,
+            handleError,
+            onMissingRecordId: missingRecordIdPolicy,
+            auditedSet: /* @__PURE__ */ new WeakSet(),
+            dbTarget: target,
+            table,
+            skipBeforeState,
+            maxBeforeStateRows
+          };
+          return wrapBuilder(originalBuilder, ctx);
+        };
+      }
+      if (prop === "transaction") {
+        const originalTransaction = Reflect.get(
+          target,
+          prop,
+          receiver
+        );
+        return (...args) => {
+          const callback = args[0];
+          const rest = args.slice(1);
+          const wrappedCallback = (tx) => {
+            const proxiedTx = withAuditProxy(
+              tx,
+              captureLog,
+              options
+            );
+            return callback(proxiedTx);
+          };
+          return originalTransaction.call(target, wrappedCallback, ...rest);
+        };
+      }
+      return Reflect.get(target, prop, receiver);
+    }
+  });
+}
+function wrapBuilder(builder, ctx, state = {}) {
+  return new Proxy(builder, {
+    get(target, prop, receiver) {
+      if (prop === "values") {
+        return (...args) => {
+          const data = args[0];
+          const newTrackedValues = Array.isArray(data) ? data : [data];
+          const result = target.values(...args);
+          return wrapBuilder(result, ctx, {
+            ...state,
+            trackedValues: newTrackedValues
+          });
+        };
+      }
+      if (prop === "set") {
+        return (...args) => {
+          const newTrackedSet = args[0];
+          const result = target.set(...args);
+          return wrapBuilder(result, ctx, {
+            ...state,
+            trackedSet: newTrackedSet
+          });
+        };
+      }
+      if (prop === "where") {
+        return (...args) => {
+          const condition = args[0];
+          const result = target.where(...args);
+          return wrapBuilder(result, ctx, {
+            ...state,
+            trackedWhere: condition
+          });
+        };
+      }
+      if (prop === "returning") {
+        return (...args) => {
+          const result = target.returning(...args);
+          return wrapBuilder(result, ctx, {
+            ...state,
+            hasReturning: true
+          });
+        };
+      }
+      if (prop === "then") {
+        return (onFulfilled, onRejected) => {
+          const thenFn = Reflect.get(target, "then", receiver);
+          const needsBeforeState = (ctx.operation === "UPDATE" || ctx.operation === "DELETE") && state.trackedWhere !== void 0 && !ctx.skipBeforeState.has(ctx.tableName) && // For DELETE with .returning(), returned rows ARE the before-state
+          !(ctx.operation === "DELETE" && state.hasReturning === true);
+          if (needsBeforeState) {
+            return executeWithBeforeState(
+              target,
+              thenFn,
+              ctx,
+              state,
+              onFulfilled,
+              onRejected
+            );
+          }
+          return thenFn.call(
+            target,
+            async (result) => {
+              if (ctx.auditedSet.has(target)) {
+                return onFulfilled?.(result);
+              }
+              ctx.auditedSet.add(target);
+              try {
+                await fireCaptureLog(result, ctx, state);
+              } catch (error) {
+                ctx.handleError(error, ctx.tableName, ctx.operation);
+              }
+              return onFulfilled?.(result);
+            },
+            onRejected
+          );
+        };
+      }
+      const value = Reflect.get(target, prop, receiver);
+      if (typeof value === "function") {
+        return (...args) => {
+          const result = value.apply(
+            target,
+            args
+          );
+          if (result !== null && typeof result === "object") {
+            return wrapBuilder(
+              result,
+              ctx,
+              state
+            );
+          }
+          return result;
+        };
+      }
+      return value;
+    }
+  });
+}
+function executeWithBeforeState(target, thenFn, ctx, state, onFulfilled, onRejected) {
+  const beforePromise = fetchBeforeState(ctx, state);
+  return beforePromise.then(
+    (beforeRows) => {
+      return thenFn.call(
+        target,
+        async (result) => {
+          if (ctx.auditedSet.has(target)) {
+            return onFulfilled?.(result);
+          }
+          ctx.auditedSet.add(target);
+          try {
+            if (beforeRows !== void 0) {
+              await fireCaptureLogWithBeforeState(
+                result,
+                beforeRows,
+                ctx,
+                state
+              );
+            } else {
+              await fireCaptureLog(result, ctx, state);
+            }
+          } catch (error) {
+            ctx.handleError(error, ctx.tableName, ctx.operation);
+          }
+          return onFulfilled?.(result);
+        },
+        onRejected
+      );
+    },
+    (error) => {
+      ctx.handleError(error, ctx.tableName, ctx.operation);
+      return thenFn.call(
+        target,
+        async (result) => {
+          if (ctx.auditedSet.has(target)) {
+            return onFulfilled?.(result);
+          }
+          ctx.auditedSet.add(target);
+          try {
+            await fireCaptureLog(result, ctx, state);
+          } catch (captureError) {
+            ctx.handleError(captureError, ctx.tableName, ctx.operation);
+          }
+          return onFulfilled?.(result);
+        },
+        onRejected
+      );
+    }
+  );
+}
+async function fetchBeforeState(ctx, state) {
+  const selectFn = ctx.dbTarget.select;
+  if (selectFn === void 0) {
+    return void 0;
+  }
+  const selectBuilder = selectFn.call(ctx.dbTarget);
+  const fromFn = selectBuilder.from;
+  if (fromFn === void 0) {
+    return void 0;
+  }
+  const fromBuilder = fromFn.call(selectBuilder, ctx.table);
+  const whereFn = fromBuilder.where;
+  if (whereFn === void 0) {
+    return void 0;
+  }
+  const whereBuilder = whereFn.call(fromBuilder, state.trackedWhere);
+  const limitFn = whereBuilder.limit;
+  const fetchLimit = ctx.maxBeforeStateRows + 1;
+  const queryBuilder = limitFn !== void 0 ? limitFn.call(whereBuilder, fetchLimit) : whereBuilder;
+  const rows = await queryBuilder;
+  if (rows.length > ctx.maxBeforeStateRows) {
+    ctx.handleError(
+      new Error(
+        `audit-drizzle: before-state SELECT returned more than ${ctx.maxBeforeStateRows} rows, skipping before-state capture`
+      ),
+      ctx.tableName,
+      ctx.operation
+    );
+    return void 0;
+  }
+  return rows;
+}
+function getPrimaryKeyColumnName(table) {
+  for (const [key, value] of Object.entries(table)) {
+    if (value !== null && typeof value === "object" && "primary" in value && value.primary === true) {
+      return key;
+    }
+  }
+  return void 0;
+}
+function extractRecordId(row, primaryKey) {
+  const value = row[primaryKey];
+  if (value !== void 0 && value !== null) {
+    return String(value);
+  }
+  return "";
+}
+function applyMissingRecordIdPolicy(ctx, detail) {
+  const policy = ctx.onMissingRecordId;
+  if (policy === "skip") {
+    return false;
+  }
+  if (policy === "throw") {
+    throw new Error(
+      `audit-drizzle: missing recordId for ${ctx.operation} on ${ctx.tableName} \u2014 ${detail}`
+    );
+  }
+  ctx.handleError(
+    new Error(
+      `audit-drizzle: missing recordId for ${ctx.operation} on ${ctx.tableName} \u2014 ${detail}`
+    ),
+    ctx.tableName,
+    ctx.operation
+  );
+  return true;
+}
+async function fireCaptureLogWithBeforeState(result, beforeRows, ctx, state) {
+  const returnedRows = Array.isArray(result) ? result : [];
+  if (ctx.operation === "UPDATE") {
+    if (beforeRows.length === 0) {
+      ctx.handleError(
+        new Error(
+          "audit-drizzle: before-state SELECT returned 0 rows but UPDATE succeeded \u2014 possible race condition"
+        ),
+        ctx.tableName,
+        ctx.operation
+      );
+      await fireCaptureLog(result, ctx, state);
+      return;
+    }
+    const beforeMap = /* @__PURE__ */ new Map();
+    for (const row of beforeRows) {
+      const pk = extractRecordId(row, ctx.primaryKey);
+      if (pk !== "") {
+        beforeMap.set(pk, row);
+      }
+    }
+    if (beforeMap.size === 0) {
+      ctx.handleError(
+        new Error(
+          `audit-drizzle: before-state rows exist but none have primary key "${ctx.primaryKey}" \u2014 check primaryKey option`
+        ),
+        ctx.tableName,
+        ctx.operation
+      );
+      await fireCaptureLog(result, ctx, state);
+      return;
+    }
+    if (state.hasReturning === true && returnedRows.length > 0) {
+      for (const returnedRow of returnedRows) {
+        const row = returnedRow;
+        const recordId = extractRecordId(row, ctx.primaryKey);
+        if (recordId === "") {
+          continue;
+        }
+        const beforeRow = beforeMap.get(recordId);
+        await ctx.captureLog({
+          tableName: ctx.tableName,
+          operation: ctx.operation,
+          recordId,
+          ...beforeRow !== void 0 && { before: beforeRow },
+          after: row
+        });
+      }
+    } else {
+      for (const [pk, beforeRow] of beforeMap) {
+        const afterRow = state.trackedSet !== void 0 ? { ...beforeRow, ...state.trackedSet } : beforeRow;
+        await ctx.captureLog({
+          tableName: ctx.tableName,
+          operation: ctx.operation,
+          recordId: pk,
+          before: beforeRow,
+          after: afterRow
+        });
+      }
+    }
+  } else if (ctx.operation === "DELETE") {
+    if (beforeRows.length === 0) {
+      ctx.handleError(
+        new Error(
+          "audit-drizzle: before-state SELECT returned 0 rows but DELETE succeeded \u2014 possible race condition"
+        ),
+        ctx.tableName,
+        ctx.operation
+      );
+      await fireCaptureLog(result, ctx, state);
+      return;
+    }
+    for (const beforeRow of beforeRows) {
+      const recordId = extractRecordId(beforeRow, ctx.primaryKey);
+      if (recordId === "") {
+        const shouldProceed = applyMissingRecordIdPolicy(
+          ctx,
+          "before-state row missing primary key"
+        );
+        if (!shouldProceed) {
+          continue;
+        }
+        await ctx.captureLog({
+          tableName: ctx.tableName,
+          operation: ctx.operation,
+          recordId: "unknown",
+          before: beforeRow
+        });
+        continue;
+      }
+      await ctx.captureLog({
+        tableName: ctx.tableName,
+        operation: ctx.operation,
+        recordId,
+        before: beforeRow
+      });
+    }
+  }
+}
+async function fireCaptureLog(result, ctx, state) {
+  const { trackedValues, trackedSet } = state;
+  const returnedRows = Array.isArray(result) ? result : [];
+  if (ctx.operation === "INSERT") {
+    const values = trackedValues ?? [];
+    for (let i = 0; i < values.length; i++) {
+      const row = values[i];
+      if (row === void 0) {
+        continue;
+      }
+      const returnedRow = returnedRows.length > i ? returnedRows[i] : void 0;
+      const recordId = returnedRow !== void 0 ? extractRecordId(returnedRow, ctx.primaryKey) : extractRecordId(row, ctx.primaryKey);
+      if (recordId === "") {
+        const shouldProceed = applyMissingRecordIdPolicy(
+          ctx,
+          "use .returning() or include the primary key in .values()"
+        );
+        if (!shouldProceed) {
+          continue;
+        }
+        await ctx.captureLog({
+          tableName: ctx.tableName,
+          operation: ctx.operation,
+          recordId: "unknown",
+          after: row
+        });
+        continue;
+      }
+      await ctx.captureLog({
+        tableName: ctx.tableName,
+        operation: ctx.operation,
+        recordId,
+        after: row
+      });
+    }
+  } else if (ctx.operation === "UPDATE") {
+    if (returnedRows.length > 0) {
+      for (const returnedRow of returnedRows) {
+        const row = returnedRow;
+        const recordId = extractRecordId(row, ctx.primaryKey);
+        if (recordId === "") {
+          continue;
+        }
+        await ctx.captureLog({
+          tableName: ctx.tableName,
+          operation: ctx.operation,
+          recordId,
+          ...trackedSet !== void 0 && { after: trackedSet }
+        });
+      }
+    } else if (trackedSet !== void 0) {
+      const recordId = extractRecordId(trackedSet, ctx.primaryKey);
+      if (recordId === "") {
+        const shouldProceed = applyMissingRecordIdPolicy(
+          ctx,
+          "use .returning() to get the record id"
+        );
+        if (!shouldProceed) {
+          return;
+        }
+      }
+      await ctx.captureLog({
+        tableName: ctx.tableName,
+        operation: ctx.operation,
+        recordId: recordId || "unknown",
+        after: trackedSet
+      });
+    }
+  } else if (ctx.operation === "DELETE") {
+    if (returnedRows.length > 0) {
+      for (const returnedRow of returnedRows) {
+        const row = returnedRow;
+        const recordId = extractRecordId(row, ctx.primaryKey);
+        if (recordId === "") {
+          continue;
+        }
+        await ctx.captureLog({
+          tableName: ctx.tableName,
+          operation: ctx.operation,
+          recordId,
+          before: row
+        });
+      }
+    } else {
+      const shouldProceed = applyMissingRecordIdPolicy(
+        ctx,
+        "use .returning() to get the record id"
+      );
+      if (!shouldProceed) {
+        return;
+      }
+      await ctx.captureLog({
+        tableName: ctx.tableName,
+        operation: ctx.operation,
+        recordId: "unknown"
+      });
+    }
+  }
+}
+export {
+  auditLogs,
+  buildCursorCondition,
+  buildOrderBy,
+  buildWhereConditions,
+  decodeCursor,
+  drizzleAuditAdapter,
+  encodeCursor,
+  withAuditProxy
+};
+//# sourceMappingURL=index.js.map