@usebetterdev/audit-drizzle 0.5.0-beta.1 → 0.6.0

package/dist/index.cjs

@@ -7,11 +7,11 @@ var __export = (target, all) => {
   for (var name in all)
     __defProp(target, name, { get: all[name], enumerable: true });
 };
-var __copyProps = (to, from, except, desc3) => {
+var __copyProps = (to, from, except, desc5) => {
   if (from && typeof from === "object" || typeof from === "function") {
     for (let key of __getOwnPropNames(from))
       if (!__hasOwnProp.call(to, key) && key !== except)
-        __defProp(to, key, { get: () => from[key], enumerable: !(desc3 = __getOwnPropDesc(from, key)) || desc3.enumerable });
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc5 = __getOwnPropDesc(from, key)) || desc5.enumerable });
   }
   return to;
 };
@@ -26,7 +26,9 @@ __export(index_exports, {
   buildWhereConditions: () => buildWhereConditions,
   decodeCursor: () => decodeCursor,
   drizzleAuditAdapter: () => drizzleAuditAdapter,
+  drizzleSqliteAuditAdapter: () => drizzleSqliteAuditAdapter,
   encodeCursor: () => encodeCursor,
+  sqliteAuditLogs: () => sqliteAuditLogs,
   withAuditProxy: () => withAuditProxy
 });
 module.exports = __toCommonJS(index_exports);
@@ -466,8 +468,439 @@ function assembleStats(summaryRows, eventsPerDayRows, topActorsRows, topTablesRo
   };
 }
 
-// src/proxy.ts
+// src/sqlite-adapter.ts
+var import_drizzle_orm4 = require("drizzle-orm");
+
+// src/sqlite-schema.ts
+var import_sqlite_core = require("drizzle-orm/sqlite-core");
+var sqliteAuditLogs = (0, import_sqlite_core.sqliteTable)(
+  "audit_logs",
+  {
+    id: (0, import_sqlite_core.text)().primaryKey(),
+    timestamp: (0, import_sqlite_core.integer)({ mode: "timestamp" }).notNull(),
+    tableName: (0, import_sqlite_core.text)("table_name").notNull(),
+    operation: (0, import_sqlite_core.text)().notNull(),
+    recordId: (0, import_sqlite_core.text)("record_id").notNull(),
+    actorId: (0, import_sqlite_core.text)("actor_id"),
+    beforeData: (0, import_sqlite_core.text)("before_data", { mode: "json" }),
+    afterData: (0, import_sqlite_core.text)("after_data", { mode: "json" }),
+    diff: (0, import_sqlite_core.text)({ mode: "json" }),
+    label: (0, import_sqlite_core.text)(),
+    description: (0, import_sqlite_core.text)(),
+    severity: (0, import_sqlite_core.text)(),
+    compliance: (0, import_sqlite_core.text)({ mode: "json" }),
+    notify: (0, import_sqlite_core.integer)({ mode: "boolean" }),
+    reason: (0, import_sqlite_core.text)(),
+    metadata: (0, import_sqlite_core.text)({ mode: "json" }),
+    redactedFields: (0, import_sqlite_core.text)("redacted_fields", { mode: "json" })
+  },
+  (table) => ({
+    tableNameTimestampIdx: (0, import_sqlite_core.index)("audit_logs_table_name_timestamp_idx").on(
+      table.tableName,
+      table.timestamp
+    ),
+    actorIdIdx: (0, import_sqlite_core.index)("audit_logs_actor_id_idx").on(table.actorId),
+    recordIdIdx: (0, import_sqlite_core.index)("audit_logs_record_id_idx").on(table.recordId),
+    tableNameRecordIdIdx: (0, import_sqlite_core.index)("audit_logs_table_name_record_id_idx").on(
+      table.tableName,
+      table.recordId
+    ),
+    operationIdx: (0, import_sqlite_core.index)("audit_logs_operation_idx").on(table.operation),
+    timestampIdx: (0, import_sqlite_core.index)("audit_logs_timestamp_idx").on(table.timestamp),
+    timestampIdIdx: (0, import_sqlite_core.index)("audit_logs_timestamp_id_idx").on(table.timestamp, table.id)
+  })
+);
+
+// src/sqlite-column-map.ts
+var VALID_OPERATIONS2 = /* @__PURE__ */ new Set([
+  "INSERT",
+  "UPDATE",
+  "DELETE"
+]);
+var VALID_SEVERITIES2 = /* @__PURE__ */ new Set([
+  "low",
+  "medium",
+  "high",
+  "critical"
+]);
+function isAuditOperation2(value) {
+  return VALID_OPERATIONS2.has(value);
+}
+function isAuditSeverity2(value) {
+  return VALID_SEVERITIES2.has(value);
+}
+function sqliteAuditLogToRow(log) {
+  const row = {
+    id: log.id,
+    timestamp: log.timestamp,
+    tableName: log.tableName,
+    operation: log.operation,
+    recordId: log.recordId
+  };
+  if (log.actorId !== void 0) {
+    row.actorId = log.actorId;
+  }
+  if (log.beforeData !== void 0) {
+    row.beforeData = log.beforeData;
+  }
+  if (log.afterData !== void 0) {
+    row.afterData = log.afterData;
+  }
+  if (log.diff !== void 0) {
+    row.diff = log.diff;
+  }
+  if (log.label !== void 0) {
+    row.label = log.label;
+  }
+  if (log.description !== void 0) {
+    row.description = log.description;
+  }
+  if (log.severity !== void 0) {
+    row.severity = log.severity;
+  }
+  if (log.compliance !== void 0) {
+    row.compliance = log.compliance;
+  }
+  if (log.notify !== void 0) {
+    row.notify = log.notify;
+  }
+  if (log.reason !== void 0) {
+    row.reason = log.reason;
+  }
+  if (log.metadata !== void 0) {
+    row.metadata = log.metadata;
+  }
+  if (log.redactedFields !== void 0) {
+    row.redactedFields = log.redactedFields;
+  }
+  return row;
+}
+function sqliteRowToAuditLog(row) {
+  if (!isAuditOperation2(row.operation)) {
+    throw new Error(
+      `Invalid audit operation: "${row.operation}". Expected one of: INSERT, UPDATE, DELETE`
+    );
+  }
+  const log = {
+    id: row.id,
+    timestamp: row.timestamp,
+    tableName: row.tableName,
+    operation: row.operation,
+    recordId: row.recordId
+  };
+  if (row.actorId !== null) {
+    log.actorId = row.actorId;
+  }
+  if (row.beforeData !== null) {
+    log.beforeData = row.beforeData;
+  }
+  if (row.afterData !== null) {
+    log.afterData = row.afterData;
+  }
+  if (row.diff !== null) {
+    log.diff = row.diff;
+  }
+  if (row.label !== null) {
+    log.label = row.label;
+  }
+  if (row.description !== null) {
+    log.description = row.description;
+  }
+  if (row.severity !== null && row.severity !== void 0) {
+    if (!isAuditSeverity2(row.severity)) {
+      throw new Error(
+        `Invalid audit severity: "${row.severity}". Expected one of: low, medium, high, critical`
+      );
+    }
+    log.severity = row.severity;
+  }
+  if (row.compliance !== null) {
+    log.compliance = row.compliance;
+  }
+  if (row.notify !== null) {
+    log.notify = row.notify;
+  }
+  if (row.reason !== null) {
+    log.reason = row.reason;
+  }
+  if (row.metadata !== null) {
+    log.metadata = row.metadata;
+  }
+  if (row.redactedFields !== null) {
+    log.redactedFields = row.redactedFields;
+  }
+  return log;
+}
+
+// src/sqlite-query.ts
+var import_audit_core2 = require("@usebetterdev/audit-core");
 var import_drizzle_orm3 = require("drizzle-orm");
+function escapeLikePattern2(input) {
+  return input.replace(/[%_\\]/g, "\\$&");
+}
+function resolveTimeFilter2(filter) {
+  if ("date" in filter && filter.date !== void 0) {
+    return filter.date;
+  }
+  if ("duration" in filter && filter.duration !== void 0) {
+    return (0, import_audit_core2.parseDuration)(filter.duration);
+  }
+  throw new Error("TimeFilter must have either date or duration");
+}
+function buildSqliteWhereConditions(filters) {
+  const conditions = [];
+  if (filters.resource !== void 0) {
+    conditions.push((0, import_drizzle_orm3.eq)(sqliteAuditLogs.tableName, filters.resource.tableName));
+    if (filters.resource.recordId !== void 0) {
+      conditions.push((0, import_drizzle_orm3.eq)(sqliteAuditLogs.recordId, filters.resource.recordId));
+    }
+  }
+  if (filters.actorIds !== void 0 && filters.actorIds.length > 0) {
+    if (filters.actorIds.length === 1) {
+      conditions.push((0, import_drizzle_orm3.eq)(sqliteAuditLogs.actorId, filters.actorIds[0]));
+    } else {
+      conditions.push((0, import_drizzle_orm3.inArray)(sqliteAuditLogs.actorId, filters.actorIds));
+    }
+  }
+  if (filters.severities !== void 0 && filters.severities.length > 0) {
+    if (filters.severities.length === 1) {
+      conditions.push((0, import_drizzle_orm3.eq)(sqliteAuditLogs.severity, filters.severities[0]));
+    } else {
+      conditions.push((0, import_drizzle_orm3.inArray)(sqliteAuditLogs.severity, filters.severities));
+    }
+  }
+  if (filters.operations !== void 0 && filters.operations.length > 0) {
+    if (filters.operations.length === 1) {
+      conditions.push((0, import_drizzle_orm3.eq)(sqliteAuditLogs.operation, filters.operations[0]));
+    } else {
+      conditions.push((0, import_drizzle_orm3.inArray)(sqliteAuditLogs.operation, filters.operations));
+    }
+  }
+  if (filters.since !== void 0) {
+    conditions.push((0, import_drizzle_orm3.gte)(sqliteAuditLogs.timestamp, resolveTimeFilter2(filters.since)));
+  }
+  if (filters.until !== void 0) {
+    conditions.push((0, import_drizzle_orm3.lte)(sqliteAuditLogs.timestamp, resolveTimeFilter2(filters.until)));
+  }
+  if (filters.searchText !== void 0 && filters.searchText.length > 0) {
+    const escaped = escapeLikePattern2(filters.searchText);
+    const pattern = `%${escaped}%`;
+    const searchCondition = (0, import_drizzle_orm3.or)(
+      (0, import_drizzle_orm3.like)(sqliteAuditLogs.label, pattern),
+      (0, import_drizzle_orm3.like)(sqliteAuditLogs.description, pattern)
+    );
+    if (searchCondition !== void 0) {
+      conditions.push(searchCondition);
+    }
+  }
+  if (filters.compliance !== void 0 && filters.compliance.length > 0) {
+    for (const tag of filters.compliance) {
+      conditions.push(
+        import_drizzle_orm3.sql`EXISTS (SELECT 1 FROM json_each(${sqliteAuditLogs.compliance}) WHERE value = ${tag})`
+      );
+    }
+  }
+  if (conditions.length === 0) {
+    return void 0;
+  }
+  return (0, import_drizzle_orm3.and)(...conditions);
+}
+function buildSqliteCursorCondition(cursor, sortOrder) {
+  const decoded = decodeSqliteCursor(cursor);
+  const tsCompare = sortOrder === "asc" ? import_drizzle_orm3.gt : import_drizzle_orm3.lt;
+  const idCompare = sortOrder === "asc" ? import_drizzle_orm3.gt : import_drizzle_orm3.lt;
+  return (0, import_drizzle_orm3.or)(
+    tsCompare(sqliteAuditLogs.timestamp, decoded.timestamp),
+    (0, import_drizzle_orm3.and)(
+      (0, import_drizzle_orm3.eq)(sqliteAuditLogs.timestamp, decoded.timestamp),
+      idCompare(sqliteAuditLogs.id, decoded.id)
+    )
+  );
+}
+function buildSqliteOrderBy(sortOrder) {
+  if (sortOrder === "asc") {
+    return [(0, import_drizzle_orm3.asc)(sqliteAuditLogs.timestamp), (0, import_drizzle_orm3.asc)(sqliteAuditLogs.id)];
+  }
+  return [(0, import_drizzle_orm3.desc)(sqliteAuditLogs.timestamp), (0, import_drizzle_orm3.desc)(sqliteAuditLogs.id)];
+}
+function encodeSqliteCursor(timestamp2, id) {
+  const payload = JSON.stringify({ t: timestamp2.toISOString(), i: id });
+  return btoa(payload);
+}
+var UUID_PATTERN2 = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i;
+function decodeSqliteCursor(cursor) {
+  let parsed;
+  try {
+    parsed = JSON.parse(atob(cursor));
+  } catch {
+    throw new Error("Invalid cursor: failed to decode");
+  }
+  if (typeof parsed !== "object" || parsed === null || !("t" in parsed) || !("i" in parsed)) {
+    throw new Error("Invalid cursor: missing required fields");
+  }
+  const { t, i } = parsed;
+  if (typeof t !== "string" || typeof i !== "string") {
+    throw new Error("Invalid cursor: fields must be strings");
+  }
+  const timestamp2 = new Date(t);
+  if (isNaN(timestamp2.getTime())) {
+    throw new Error("Invalid cursor: invalid timestamp");
+  }
+  if (!UUID_PATTERN2.test(i)) {
+    throw new Error("Invalid cursor: id must be a valid UUID");
+  }
+  return { timestamp: timestamp2, id: i };
+}
+
+// src/sqlite-adapter.ts
+var DEFAULT_LIMIT2 = 50;
+var MAX_LIMIT2 = 250;
+function toCount2(value) {
+  if (typeof value === "number") {
+    return value;
+  }
+  if (typeof value === "string") {
+    return Number(value);
+  }
+  return 0;
+}
+function drizzleSqliteAuditAdapter(db) {
+  return {
+    async writeLog(log) {
+      const row = sqliteAuditLogToRow(log);
+      await db.insert(sqliteAuditLogs).values(row).execute();
+    },
+    async queryLogs(spec) {
+      const sortOrder = spec.sortOrder ?? "desc";
+      const limit = Math.min(spec.limit ?? DEFAULT_LIMIT2, MAX_LIMIT2);
+      const whereCondition = buildSqliteWhereConditions(spec.filters);
+      const cursorCondition = spec.cursor !== void 0 ? buildSqliteCursorCondition(spec.cursor, sortOrder) : void 0;
+      const combined = (0, import_drizzle_orm4.and)(whereCondition, cursorCondition);
+      const fetchLimit = limit + 1;
+      const orderColumns = buildSqliteOrderBy(sortOrder);
+      const query = db.select().from(sqliteAuditLogs).where(combined).orderBy(...orderColumns).limit(fetchLimit);
+      const rows = await query;
+      const hasNextPage = rows.length > limit;
+      const resultRows = hasNextPage ? rows.slice(0, -1) : rows;
+      const entries = resultRows.map(sqliteRowToAuditLog);
+      const lastRow = resultRows[resultRows.length - 1];
+      if (hasNextPage && lastRow !== void 0) {
+        return { entries, nextCursor: encodeSqliteCursor(lastRow.timestamp, lastRow.id) };
+      }
+      return { entries };
+    },
+    async getLogById(id) {
+      const query = db.select().from(sqliteAuditLogs).where((0, import_drizzle_orm4.eq)(sqliteAuditLogs.id, id)).limit(1);
+      const rows = await query;
+      const row = rows[0];
+      if (row === void 0) {
+        return null;
+      }
+      return sqliteRowToAuditLog(row);
+    },
+    async purgeLogs(options) {
+      if (options.tableName !== void 0 && options.tableName.trim().length === 0) {
+        throw new Error("purgeLogs: tableName must be a non-empty string when provided");
+      }
+      const conditions = [(0, import_drizzle_orm4.lt)(sqliteAuditLogs.timestamp, options.before)];
+      if (options.tableName !== void 0) {
+        conditions.push((0, import_drizzle_orm4.eq)(sqliteAuditLogs.tableName, options.tableName));
+      }
+      await db.delete(sqliteAuditLogs).where((0, import_drizzle_orm4.and)(...conditions));
+      const changesResult = await db.select({ count: import_drizzle_orm4.sql`changes()` }).from(sqliteAuditLogs);
+      const deletedCount = changesResult[0] !== void 0 ? toCount2(changesResult[0].count) : 0;
+      return { deletedCount };
+    },
+    async getStats(options) {
+      const sinceCondition = options?.since !== void 0 ? (0, import_drizzle_orm4.gte)(sqliteAuditLogs.timestamp, options.since) : void 0;
+      const summaryQuery = db.select({
+        totalLogs: import_drizzle_orm4.sql`count(*)`,
+        tablesAudited: import_drizzle_orm4.sql`count(DISTINCT ${sqliteAuditLogs.tableName})`
+      }).from(sqliteAuditLogs).where(sinceCondition);
+      const eventsPerDayQuery = db.select({
+        date: import_drizzle_orm4.sql`strftime('%Y-%m-%d', ${sqliteAuditLogs.timestamp}, 'unixepoch')`,
+        count: import_drizzle_orm4.sql`count(*)`
+      }).from(sqliteAuditLogs).where(sinceCondition).groupBy(import_drizzle_orm4.sql`strftime('%Y-%m-%d', ${sqliteAuditLogs.timestamp}, 'unixepoch')`).orderBy(import_drizzle_orm4.sql`strftime('%Y-%m-%d', ${sqliteAuditLogs.timestamp}, 'unixepoch')`).limit(365);
+      const topActorsQuery = db.select({
+        actorId: sqliteAuditLogs.actorId,
+        count: import_drizzle_orm4.sql`count(*)`
+      }).from(sqliteAuditLogs).where((0, import_drizzle_orm4.and)(sinceCondition, (0, import_drizzle_orm4.isNotNull)(sqliteAuditLogs.actorId))).groupBy(sqliteAuditLogs.actorId).orderBy((0, import_drizzle_orm4.desc)(import_drizzle_orm4.sql`count(*)`)).limit(10);
+      const topTablesQuery = db.select({
+        tableName: sqliteAuditLogs.tableName,
+        count: import_drizzle_orm4.sql`count(*)`
+      }).from(sqliteAuditLogs).where(sinceCondition).groupBy(sqliteAuditLogs.tableName).orderBy((0, import_drizzle_orm4.desc)(import_drizzle_orm4.sql`count(*)`)).limit(10);
+      const operationQuery = db.select({
+        operation: sqliteAuditLogs.operation,
+        count: import_drizzle_orm4.sql`count(*)`
+      }).from(sqliteAuditLogs).where(sinceCondition).groupBy(sqliteAuditLogs.operation);
+      const severityQuery = db.select({
+        severity: sqliteAuditLogs.severity,
+        count: import_drizzle_orm4.sql`count(*)`
+      }).from(sqliteAuditLogs).where((0, import_drizzle_orm4.and)(sinceCondition, (0, import_drizzle_orm4.isNotNull)(sqliteAuditLogs.severity))).groupBy(sqliteAuditLogs.severity);
+      const results = await Promise.all([
+        summaryQuery,
+        eventsPerDayQuery,
+        topActorsQuery,
+        topTablesQuery,
+        operationQuery,
+        severityQuery
+      ]);
+      const [
+        summaryRows,
+        eventsPerDayRows,
+        topActorsRows,
+        topTablesRows,
+        operationRows,
+        severityRows
+      ] = results;
+      return assembleStats2(
+        summaryRows,
+        eventsPerDayRows,
+        topActorsRows,
+        topTablesRows,
+        operationRows,
+        severityRows
+      );
+    }
+  };
+}
+function assembleStats2(summaryRows, eventsPerDayRows, topActorsRows, topTablesRows, operationRows, severityRows) {
+  const summary = summaryRows[0];
+  const totalLogs = summary !== void 0 ? toCount2(summary.totalLogs) : 0;
+  const tablesAudited = summary !== void 0 ? toCount2(summary.tablesAudited) : 0;
+  const eventsPerDay = eventsPerDayRows.map((row) => ({
+    date: String(row.date),
+    count: toCount2(row.count)
+  }));
+  const topActors = topActorsRows.map((row) => ({
+    actorId: String(row.actorId),
+    count: toCount2(row.count)
+  }));
+  const topTables = topTablesRows.map((row) => ({
+    tableName: String(row.tableName),
+    count: toCount2(row.count)
+  }));
+  const operationBreakdown = {};
+  for (const row of operationRows) {
+    operationBreakdown[String(row.operation)] = toCount2(row.count);
+  }
+  const severityBreakdown = {};
+  for (const row of severityRows) {
+    severityBreakdown[String(row.severity)] = toCount2(row.count);
+  }
+  return {
+    totalLogs,
+    tablesAudited,
+    eventsPerDay,
+    topActors,
+    topTables,
+    operationBreakdown,
+    severityBreakdown
+  };
+}
+
+// src/proxy.ts
+var import_drizzle_orm5 = require("drizzle-orm");
 
 // src/operation-map.ts
 var OPERATION_MAP = {
@@ -501,7 +934,7 @@ function withAuditProxy(db, captureLog, options) {
         const method = prop;
         const originalMethod = Reflect.get(target, prop, receiver);
         return (table) => {
-          const tableName = (0, import_drizzle_orm3.getTableName)(table);
+          const tableName = (0, import_drizzle_orm5.getTableName)(table);
           const detectedPk = getPrimaryKeyColumnName(table);
           const effectivePk = detectedPk ?? primaryKey;
           const originalBuilder = originalMethod.call(target, table);
@@ -965,7 +1398,9 @@ async function fireCaptureLog(result, ctx, state) {
   buildWhereConditions,
   decodeCursor,
   drizzleAuditAdapter,
+  drizzleSqliteAuditAdapter,
   encodeCursor,
+  sqliteAuditLogs,
   withAuditProxy
 });
 //# sourceMappingURL=index.cjs.map