npm - @usebetterdev/audit-next - Versions diffs - 0.6.0 - Mend

@usebetterdev/audit-next 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,189 @@
+# @usebetterdev/audit-next
+Next.js App Router adapter for [`@usebetterdev/audit-core`](../core). Extracts actor identity from incoming requests and propagates it via `AsyncLocalStorage` so that every audit log captured during a request automatically includes the correct actor.
+## Installation
+```bash
+pnpm add @usebetterdev/audit-next @usebetterdev/audit-core
+```
+Requires `next >= 14`.
+## How context propagation works in Next.js
+Next.js App Router has three distinct execution contexts, each requiring a different approach:
+| Context | Has `Request`? | ALS propagates? | Use |
+|---|---|---|---|
+| Edge Middleware (`middleware.ts`) | Yes | No — separate isolate | `createAuditMiddleware` |
+| Route Handler (`route.ts`) | Yes | Yes | `withAuditRoute` |
+| Server Action | No | Yes | `withAudit` |
+**Edge Middleware runs in a separate V8 isolate from route handlers.** AsyncLocalStorage set in middleware does not carry over. Instead, `createAuditMiddleware` extracts the actor from the request and forwards it as a request header (`x-better-audit-actor-id` by default). `withAuditRoute` then reads that header and sets up ALS for the handler's execution.
+## Quick start
+### Option A — Middleware + route handlers (recommended for APIs)
+```ts
+// middleware.ts
+import { createAuditMiddleware } from "@usebetterdev/audit-next";
+export default createAuditMiddleware();
+export const config = { matcher: "/api/:path*" };
+```
+```ts
+// app/api/orders/route.ts
+import { withAuditRoute, fromHeader, AUDIT_ACTOR_HEADER, getAuditContext } from "@usebetterdev/audit-next";
+import { audit } from "@/lib/audit";
+async function handler(request: NextRequest) {
+  const ctx = getAuditContext(); // { actorId: "user-123" }
+  await audit.captureLog({ tableName: "orders", operation: "INSERT", recordId: "ord-1", after: {} });
+  return Response.json({ ok: true });
+}
+export const POST = withAuditRoute(handler, {
+  extractor: { actor: fromHeader(AUDIT_ACTOR_HEADER) },
+});
+```
+> Use `AUDIT_ACTOR_HEADER` to keep the header name in sync between middleware and route handlers without hardcoding strings.
+### Option B — Route handler only (no middleware)
+If you don't use Next.js middleware, `withAuditRoute` can extract directly from the request:
+```ts
+// app/api/orders/route.ts
+import { withAuditRoute } from "@usebetterdev/audit-next";
+export const POST = withAuditRoute(handler);
+// Reads `sub` from Authorization: Bearer <jwt> by default
+```
+### Option C — Server actions
+```ts
+// app/actions.ts
+"use server";
+import { withAudit, getAuditContext } from "@usebetterdev/audit-next";
+import { audit } from "@/lib/audit";
+export const createOrder = withAudit(async (formData: FormData) => {
+  const ctx = getAuditContext(); // { actorId: "user-123" }
+  await audit.captureLog({ tableName: "orders", operation: "INSERT", recordId: "ord-1", after: {} });
+});
+```
+Server actions don't receive a `Request` object. `withAudit` reads all request headers via `next/headers` and constructs a synthetic request to run the extractor against.
+## Actor extraction
+All three wrappers use a `ContextExtractor` to resolve the actor. The default extracts the `sub` claim from `Authorization: Bearer <jwt>`. The token is decoded **without** signature verification — that is the auth layer's responsibility.
+### Custom JWT claim
+```ts
+import { fromBearerToken } from "@usebetterdev/audit-next";
+withAuditRoute(handler, {
+  extractor: { actor: fromBearerToken("user_id") },
+});
+```
+### Header-based extraction
+Common when running behind an API gateway that forwards identity as a plain header:
+```ts
+import { fromHeader } from "@usebetterdev/audit-next";
+withAuditRoute(handler, {
+  extractor: { actor: fromHeader("x-user-id") },
+});
+```
+### Cookie-based extraction
+```ts
+import { fromCookie } from "@usebetterdev/audit-next";
+withAudit(action, {
+  extractor: { actor: fromCookie("session_id") },
+});
+```
+### Custom extractor
+Write any async function that receives a `Request` and returns a string or `undefined`:
+```ts
+withAuditRoute(handler, {
+  extractor: {
+    actor: async (request) => {
+      const key = request.headers.get("x-api-key");
+      if (!key) return undefined;
+      const owner = await resolveApiKeyOwner(key);
+      return owner?.id;
+    },
+  },
+});
+```
+## Error handling
+All wrappers **fail open** — if extraction fails, the request or action proceeds without audit context. No request is ever blocked by the audit layer.
+Use `onError` to observe failures:
+```ts
+createAuditMiddleware({
+  onError: (error) => console.error("Audit extraction failed:", error),
+});
+```
+## Security note
+`createAuditMiddleware` always overwrites the actor header on the forwarded request — including when extraction fails (sets it to `""`). This prevents clients from spoofing the actor identity by sending the header directly. **Do not trust `x-better-audit-actor-id` on incoming requests unless it was set by your middleware.**
+## API
+### `createAuditMiddleware(options?)`
+Creates a Next.js edge middleware function. Extracts actor from the request and forwards it as a request header to downstream route handlers.
+### `betterAuditNext(options?)`
+Convenience alias for `createAuditMiddleware`. Use as the default export in `middleware.ts`.
+### `withAuditRoute(handler, options?)`
+Wraps an App Router route handler. Extracts actor from the incoming `NextRequest` and runs the handler inside an ALS scope.
+### `withAudit(action, options?)`
+Wraps a server action. Reads headers via `next/headers`, extracts actor, and runs the action inside an ALS scope.
+**Options (all wrappers):**
+| Option | Type | Description |
+|---|---|---|
+| `extractor` | `ContextExtractor` | Actor extractor config. Defaults to JWT `sub` claim. |
+| `onError` | `(error: unknown) => void` | Called when extraction throws. Defaults to no-op. |
+**Additional option for `createAuditMiddleware`:**
+| Option | Type | Description |
+|---|---|---|
+| `actorHeader` | `string` | Header name for forwarding the actor id. Defaults to `AUDIT_ACTOR_HEADER`. |
+### `AUDIT_ACTOR_HEADER`
+The default header name (`"x-better-audit-actor-id"`) used to forward the actor id from middleware to route handlers. Import this constant in both files to avoid hardcoding the string.
+### `getAuditContext()`
+Returns the current `AuditContext` from ALS, or `undefined` when called outside a request scope. Re-exported from `@usebetterdev/audit-core` for convenience.

package/dist/index.cjs ADDED Viewed

@@ -0,0 +1,127 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  AUDIT_ACTOR_HEADER: () => AUDIT_ACTOR_HEADER,
+  betterAuditNext: () => betterAuditNext,
+  createAuditMiddleware: () => createAuditMiddleware,
+  fromBearerToken: () => import_audit_core2.fromBearerToken,
+  fromCookie: () => import_audit_core2.fromCookie,
+  fromHeader: () => import_audit_core2.fromHeader,
+  getAuditContext: () => import_audit_core2.getAuditContext,
+  runWithAuditContext: () => import_audit_core2.runWithAuditContext,
+  withAudit: () => withAudit,
+  withAuditRoute: () => withAuditRoute
+});
+module.exports = __toCommonJS(index_exports);
+var import_audit_core = require("@usebetterdev/audit-core");
+var import_headers = require("next/headers");
+var import_server = require("next/server");
+var import_audit_core2 = require("@usebetterdev/audit-core");
+var AUDIT_ACTOR_HEADER = "x-better-audit-actor-id";
+var defaultExtractor = {
+  actor: (0, import_audit_core.fromBearerToken)("sub")
+};
+async function tryExtract(extractor, request, onError) {
+  if (!extractor) {
+    return void 0;
+  }
+  try {
+    return await extractor(request);
+  } catch (error) {
+    if (onError) {
+      onError(error);
+    }
+    return void 0;
+  }
+}
+function createAuditMiddleware(options = {}) {
+  const extractor = options.extractor ?? defaultExtractor;
+  const actorHeader = options.actorHeader ?? AUDIT_ACTOR_HEADER;
+  return async (request) => {
+    const actorId = await tryExtract(
+      extractor.actor,
+      request,
+      options.onError
+    );
+    const requestHeaders = new Headers(request.headers);
+    requestHeaders.set(actorHeader, actorId ?? "");
+    return import_server.NextResponse.next({
+      request: { headers: requestHeaders }
+    });
+  };
+}
+function betterAuditNext(options = {}) {
+  return createAuditMiddleware(options);
+}
+function withAuditRoute(handler, options = {}) {
+  const extractor = options.extractor ?? defaultExtractor;
+  return async (request, context) => {
+    const actorId = await tryExtract(
+      extractor.actor,
+      request,
+      options.onError
+    );
+    if (actorId === void 0) {
+      return handler(request, context);
+    }
+    const auditContext = { actorId };
+    return (0, import_audit_core.runWithAuditContext)(auditContext, () => handler(request, context));
+  };
+}
+function withAudit(action, options = {}) {
+  const extractor = options.extractor ?? defaultExtractor;
+  return async (...args) => {
+    let actorId;
+    try {
+      const headersList = await (0, import_headers.headers)();
+      const syntheticRequest = new Request("http://localhost", {
+        headers: headersList
+      });
+      actorId = await tryExtract(
+        extractor.actor,
+        syntheticRequest,
+        options.onError
+      );
+    } catch (error) {
+      options.onError?.(error);
+    }
+    if (actorId === void 0) {
+      return action(...args);
+    }
+    const auditContext = { actorId };
+    return (0, import_audit_core.runWithAuditContext)(auditContext, () => action(...args));
+  };
+}
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  AUDIT_ACTOR_HEADER,
+  betterAuditNext,
+  createAuditMiddleware,
+  fromBearerToken,
+  fromCookie,
+  fromHeader,
+  getAuditContext,
+  runWithAuditContext,
+  withAudit,
+  withAuditRoute
+});
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/index.ts"],"sourcesContent":["import {\n fromBearerToken,\n getAuditContext,\n runWithAuditContext,\n} from \"@usebetterdev/audit-core\";\nimport type {\n AuditContext,\n ContextExtractor,\n ValueExtractor,\n} from \"@usebetterdev/audit-core\";\nimport { headers } from \"next/headers\";\nimport { NextResponse } from \"next/server\";\nimport type { NextRequest } from \"next/server\";\n\n// ---------------------------------------------------------------------------\n// Types\n// ---------------------------------------------------------------------------\n\nexport type RouteContext = Record<string, unknown> | undefined;\n\nexport type NextMiddleware = (request: NextRequest) => Promise<NextResponse>;\n\n/**\n * Shared options across all audit wrappers.\n */\nexport interface BaseAuditOptions {\n /** Context extractor for pulling actor identity from the request. */\n extractor?: ContextExtractor;\n /** Called when an extractor throws. Defaults to silent fail-open. */\n onError?: (error: unknown) => void;\n}\n\nexport interface CreateAuditMiddlewareOptions extends BaseAuditOptions {\n /**\n * Request header name used to forward the extracted actor id to downstream\n * route handlers. Defaults to `AUDIT_ACTOR_HEADER`.\n */\n actorHeader?: string;\n}\n\nexport type WithAuditRouteOptions = BaseAuditOptions;\n\nexport type WithAuditOptions = BaseAuditOptions;\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\n/**\n * Default header name used to forward the actor id from middleware to route\n * handlers.\n *\n * Use this constant to keep the middleware and route handler in sync:\n * ```ts\n * // middleware.ts\n * export default createAuditMiddleware(); // sets AUDIT_ACTOR_HEADER\n *\n * // app/api/orders/route.ts\n * export const GET = withAuditRoute(handler, {\n * extractor: { actor: fromHeader(AUDIT_ACTOR_HEADER) },\n * });\n * ```\n */\nexport const AUDIT_ACTOR_HEADER = \"x-better-audit-actor-id\";\n\n// ---------------------------------------------------------------------------\n// Private helpers\n// ---------------------------------------------------------------------------\n\n/** Default extractor: reads `sub` from `Authorization: Bearer <jwt>` as actor. */\nconst defaultExtractor: ContextExtractor = {\n actor: fromBearerToken(\"sub\"),\n};\n\n/**\n * Runs a value extractor safely, returning undefined on error (fail open).\n */\nasync function tryExtract(\n extractor: ValueExtractor | undefined,\n request: Request,\n onError: ((error: unknown) => void) | undefined,\n): Promise<string | undefined> {\n if (!extractor) {\n return undefined;\n }\n try {\n return await extractor(request);\n } catch (error: unknown) {\n if (onError) {\n onError(error);\n }\n return undefined;\n }\n}\n\n// ---------------------------------------------------------------------------\n// createAuditMiddleware / betterAuditNext\n// ---------------------------------------------------------------------------\n\n/**\n * Creates a Next.js edge middleware function that extracts audit context from\n * the incoming request and forwards the actor id as a request header to\n * downstream route handlers.\n *\n * **Important:** Next.js middleware runs in a separate Edge Runtime execution\n * context from route handlers — AsyncLocalStorage set here does NOT propagate.\n * This middleware forwards the extracted actor id via a request header\n * (`x-better-audit-actor-id` by default). Use `withAuditRoute` in your route\n * handlers to read that header and populate ALS.\n *\n * The middleware **always** overwrites the actor header on the forwarded\n * request — when extraction fails, it is set to an empty string. This prevents\n * clients from spoofing the actor id by sending the header directly.\n *\n * The middleware is non-blocking: if context extraction fails, the request\n * proceeds with an empty actor header (fail open).\n *\n * @example\n * ```ts\n * // middleware.ts\n * import { createAuditMiddleware } from \"@usebetterdev/audit-next\";\n * export default createAuditMiddleware();\n * export const config = { matcher: \"/api/:path*\" };\n *\n * // app/api/orders/route.ts\n * import { withAuditRoute, fromHeader, AUDIT_ACTOR_HEADER } from \"@usebetterdev/audit-next\";\n * export const GET = withAuditRoute(handler, {\n * extractor: { actor: fromHeader(AUDIT_ACTOR_HEADER) },\n * });\n * ```\n */\nexport function createAuditMiddleware(\n options: CreateAuditMiddlewareOptions = {},\n): NextMiddleware {\n const extractor = options.extractor ?? defaultExtractor;\n const actorHeader = options.actorHeader ?? AUDIT_ACTOR_HEADER;\n\n return async (request) => {\n const actorId = await tryExtract(\n extractor.actor,\n request,\n options.onError,\n );\n\n // Always forward with an explicit header value so clients cannot spoof\n // the actor id by sending the header directly. When extraction fails the\n // header is set to \"\" — fromHeader() treats empty values as undefined.\n const requestHeaders = new Headers(request.headers);\n requestHeaders.set(actorHeader, actorId ?? \"\");\n\n return NextResponse.next({\n request: { headers: requestHeaders },\n });\n };\n}\n\n/**\n * Convenience alias for `createAuditMiddleware`. Use as the default export\n * in `middleware.ts`.\n *\n * @example\n * ```ts\n * // middleware.ts\n * import { betterAuditNext } from \"@usebetterdev/audit-next\";\n * export default betterAuditNext();\n * ```\n */\nexport function betterAuditNext(\n options: CreateAuditMiddlewareOptions = {},\n): NextMiddleware {\n return createAuditMiddleware(options);\n}\n\n// ---------------------------------------------------------------------------\n// withAuditRoute\n// ---------------------------------------------------------------------------\n\n/**\n * Wraps a Next.js App Router route handler with audit context propagation.\n *\n * Extracts the actor identity from the incoming request (by default reads\n * `sub` from `Authorization: Bearer <jwt>`, or reads the\n * `x-better-audit-actor-id` header forwarded by `createAuditMiddleware`) and\n * runs the handler inside an AsyncLocalStorage scope so that `getAuditContext()`\n * returns the correct context within the handler.\n *\n * `NextRequest` is a Web `Request` subclass — extractors from audit-core\n * (`fromBearerToken`, `fromHeader`, `fromCookie`) work directly.\n *\n * The wrapper is non-blocking: if extraction fails, the handler runs without\n * audit context (fail open).\n *\n * @example\n * ```ts\n * // app/api/orders/route.ts — standalone (no middleware)\n * import { withAuditRoute } from \"@usebetterdev/audit-next\";\n * export const GET = withAuditRoute(handler);\n *\n * // app/api/orders/route.ts — paired with createAuditMiddleware\n * import { withAuditRoute, fromHeader, AUDIT_ACTOR_HEADER } from \"@usebetterdev/audit-next\";\n * export const GET = withAuditRoute(handler, {\n * extractor: { actor: fromHeader(AUDIT_ACTOR_HEADER) },\n * });\n * ```\n */\nexport function withAuditRoute<C extends RouteContext = RouteContext>(\n handler: (request: NextRequest, context: C) => Promise<Response>,\n options: WithAuditRouteOptions = {},\n): (request: NextRequest, context: C) => Promise<Response> {\n const extractor = options.extractor ?? defaultExtractor;\n\n return async (request, context) => {\n const actorId = await tryExtract(\n extractor.actor,\n request,\n options.onError,\n );\n\n if (actorId === undefined) {\n return handler(request, context);\n }\n\n const auditContext: AuditContext = { actorId };\n\n return runWithAuditContext(auditContext, () => handler(request, context));\n };\n}\n\n// ---------------------------------------------------------------------------\n// withAudit (server actions)\n// ---------------------------------------------------------------------------\n\n/**\n * Wraps a Next.js server action with audit context propagation.\n *\n * Server actions do not receive a `Request` object. This wrapper reads all\n * request headers via `next/headers` and constructs a synthetic `Request` to\n * run the configured extractor against, then wraps the action in an\n * AsyncLocalStorage scope so that `getAuditContext()` returns the correct\n * context within the action.\n *\n * The wrapper is non-blocking: if extraction fails (including when `headers()`\n * is unavailable), the action runs without audit context (fail open).\n *\n * @example\n * ```ts\n * // app/actions.ts\n * \"use server\";\n * import { withAudit } from \"@usebetterdev/audit-next\";\n *\n * export const createOrder = withAudit(async (formData: FormData) => {\n * // getAuditContext() returns the actor here\n * });\n * ```\n */\nexport function withAudit<TArgs extends unknown[], TResult>(\n action: (...args: TArgs) => Promise<TResult>,\n options: WithAuditOptions = {},\n): (...args: TArgs) => Promise<TResult> {\n const extractor = options.extractor ?? defaultExtractor;\n\n return async (...args) => {\n let actorId: string | undefined;\n\n try {\n const headersList = await headers();\n const syntheticRequest = new Request(\"http://localhost\", {\n headers: headersList,\n });\n actorId = await tryExtract(\n extractor.actor,\n syntheticRequest,\n options.onError,\n );\n } catch (error: unknown) {\n // headers() throws outside Next.js request context — fail open\n options.onError?.(error);\n }\n\n if (actorId === undefined) {\n return action(...args);\n }\n\n const auditContext: AuditContext = { actorId };\n\n return runWithAuditContext(auditContext, () => action(...args));\n };\n}\n\n// ---------------------------------------------------------------------------\n// Re-exports\n// ---------------------------------------------------------------------------\n\nexport type { AuditContext, ContextExtractor, ValueExtractor };\nexport { fromBearerToken, fromCookie, fromHeader, getAuditContext, runWithAuditContext } from \"@usebetterdev/audit-core\";\n"],"mappings":";;;;;;;;;;;;;;;;;;;;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA;AAAA,wBAIO;AAMP,qBAAwB;AACxB,oBAA6B;AA2R7B,IAAAA,qBAA8F;AAvOvF,IAAM,qBAAqB;AAOlC,IAAM,mBAAqC;AAAA,EACzC,WAAO,mCAAgB,KAAK;AAC9B;AAKA,eAAe,WACb,WACA,SACA,SAC6B;AAC7B,MAAI,CAAC,WAAW;AACd,WAAO;AAAA,EACT;AACA,MAAI;AACF,WAAO,MAAM,UAAU,OAAO;AAAA,EAChC,SAAS,OAAgB;AACvB,QAAI,SAAS;AACX,cAAQ,KAAK;AAAA,IACf;AACA,WAAO;AAAA,EACT;AACF;AAsCO,SAAS,sBACd,UAAwC,CAAC,GACzB;AAChB,QAAM,YAAY,QAAQ,aAAa;AACvC,QAAM,cAAc,QAAQ,eAAe;AAE3C,SAAO,OAAO,YAAY;AACxB,UAAM,UAAU,MAAM;AAAA,MACpB,UAAU;AAAA,MACV;AAAA,MACA,QAAQ;AAAA,IACV;AAKA,UAAM,iBAAiB,IAAI,QAAQ,QAAQ,OAAO;AAClD,mBAAe,IAAI,aAAa,WAAW,EAAE;AAE7C,WAAO,2BAAa,KAAK;AAAA,MACvB,SAAS,EAAE,SAAS,eAAe;AAAA,IACrC,CAAC;AAAA,EACH;AACF;AAaO,SAAS,gBACd,UAAwC,CAAC,GACzB;AAChB,SAAO,sBAAsB,OAAO;AACtC;AAkCO,SAAS,eACd,SACA,UAAiC,CAAC,GACuB;AACzD,QAAM,YAAY,QAAQ,aAAa;AAEvC,SAAO,OAAO,SAAS,YAAY;AACjC,UAAM,UAAU,MAAM;AAAA,MACpB,UAAU;AAAA,MACV;AAAA,MACA,QAAQ;AAAA,IACV;AAEA,QAAI,YAAY,QAAW;AACzB,aAAO,QAAQ,SAAS,OAAO;AAAA,IACjC;AAEA,UAAM,eAA6B,EAAE,QAAQ;AAE7C,eAAO,uCAAoB,cAAc,MAAM,QAAQ,SAAS,OAAO,CAAC;AAAA,EAC1E;AACF;AA6BO,SAAS,UACd,QACA,UAA4B,CAAC,GACS;AACtC,QAAM,YAAY,QAAQ,aAAa;AAEvC,SAAO,UAAU,SAAS;AACxB,QAAI;AAEJ,QAAI;AACF,YAAM,cAAc,UAAM,wBAAQ;AAClC,YAAM,mBAAmB,IAAI,QAAQ,oBAAoB;AAAA,QACvD,SAAS;AAAA,MACX,CAAC;AACD,gBAAU,MAAM;AAAA,QACd,UAAU;AAAA,QACV;AAAA,QACA,QAAQ;AAAA,MACV;AAAA,IACF,SAAS,OAAgB;AAEvB,cAAQ,UAAU,KAAK;AAAA,IACzB;AAEA,QAAI,YAAY,QAAW;AACzB,aAAO,OAAO,GAAG,IAAI;AAAA,IACvB;AAEA,UAAM,eAA6B,EAAE,QAAQ;AAE7C,eAAO,uCAAoB,cAAc,MAAM,OAAO,GAAG,IAAI,CAAC;AAAA,EAChE;AACF;","names":["import_audit_core"]}

package/dist/index.d.cts ADDED Viewed

@@ -0,0 +1,140 @@
+import { ContextExtractor } from '@usebetterdev/audit-core';
+export { AuditContext, ContextExtractor, ValueExtractor, fromBearerToken, fromCookie, fromHeader, getAuditContext, runWithAuditContext } from '@usebetterdev/audit-core';
+import { NextRequest, NextResponse } from 'next/server';
+type RouteContext = Record<string, unknown> | undefined;
+type NextMiddleware = (request: NextRequest) => Promise<NextResponse>;
+/**
+ * Shared options across all audit wrappers.
+ */
+interface BaseAuditOptions {
+    /** Context extractor for pulling actor identity from the request. */
+    extractor?: ContextExtractor;
+    /** Called when an extractor throws. Defaults to silent fail-open. */
+    onError?: (error: unknown) => void;
+}
+interface CreateAuditMiddlewareOptions extends BaseAuditOptions {
+    /**
+     * Request header name used to forward the extracted actor id to downstream
+     * route handlers. Defaults to `AUDIT_ACTOR_HEADER`.
+     */
+    actorHeader?: string;
+}
+type WithAuditRouteOptions = BaseAuditOptions;
+type WithAuditOptions = BaseAuditOptions;
+/**
+ * Default header name used to forward the actor id from middleware to route
+ * handlers.
+ *
+ * Use this constant to keep the middleware and route handler in sync:
+ * ```ts
+ * // middleware.ts
+ * export default createAuditMiddleware(); // sets AUDIT_ACTOR_HEADER
+ *
+ * // app/api/orders/route.ts
+ * export const GET = withAuditRoute(handler, {
+ *   extractor: { actor: fromHeader(AUDIT_ACTOR_HEADER) },
+ * });
+ * ```
+ */
+declare const AUDIT_ACTOR_HEADER = "x-better-audit-actor-id";
+/**
+ * Creates a Next.js edge middleware function that extracts audit context from
+ * the incoming request and forwards the actor id as a request header to
+ * downstream route handlers.
+ *
+ * **Important:** Next.js middleware runs in a separate Edge Runtime execution
+ * context from route handlers — AsyncLocalStorage set here does NOT propagate.
+ * This middleware forwards the extracted actor id via a request header
+ * (`x-better-audit-actor-id` by default). Use `withAuditRoute` in your route
+ * handlers to read that header and populate ALS.
+ *
+ * The middleware **always** overwrites the actor header on the forwarded
+ * request — when extraction fails, it is set to an empty string. This prevents
+ * clients from spoofing the actor id by sending the header directly.
+ *
+ * The middleware is non-blocking: if context extraction fails, the request
+ * proceeds with an empty actor header (fail open).
+ *
+ * @example
+ * ```ts
+ * // middleware.ts
+ * import { createAuditMiddleware } from "@usebetterdev/audit-next";
+ * export default createAuditMiddleware();
+ * export const config = { matcher: "/api/:path*" };
+ *
+ * // app/api/orders/route.ts
+ * import { withAuditRoute, fromHeader, AUDIT_ACTOR_HEADER } from "@usebetterdev/audit-next";
+ * export const GET = withAuditRoute(handler, {
+ *   extractor: { actor: fromHeader(AUDIT_ACTOR_HEADER) },
+ * });
+ * ```
+ */
+declare function createAuditMiddleware(options?: CreateAuditMiddlewareOptions): NextMiddleware;
+/**
+ * Convenience alias for `createAuditMiddleware`. Use as the default export
+ * in `middleware.ts`.
+ *
+ * @example
+ * ```ts
+ * // middleware.ts
+ * import { betterAuditNext } from "@usebetterdev/audit-next";
+ * export default betterAuditNext();
+ * ```
+ */
+declare function betterAuditNext(options?: CreateAuditMiddlewareOptions): NextMiddleware;
+/**
+ * Wraps a Next.js App Router route handler with audit context propagation.
+ *
+ * Extracts the actor identity from the incoming request (by default reads
+ * `sub` from `Authorization: Bearer <jwt>`, or reads the
+ * `x-better-audit-actor-id` header forwarded by `createAuditMiddleware`) and
+ * runs the handler inside an AsyncLocalStorage scope so that `getAuditContext()`
+ * returns the correct context within the handler.
+ *
+ * `NextRequest` is a Web `Request` subclass — extractors from audit-core
+ * (`fromBearerToken`, `fromHeader`, `fromCookie`) work directly.
+ *
+ * The wrapper is non-blocking: if extraction fails, the handler runs without
+ * audit context (fail open).
+ *
+ * @example
+ * ```ts
+ * // app/api/orders/route.ts — standalone (no middleware)
+ * import { withAuditRoute } from "@usebetterdev/audit-next";
+ * export const GET = withAuditRoute(handler);
+ *
+ * // app/api/orders/route.ts — paired with createAuditMiddleware
+ * import { withAuditRoute, fromHeader, AUDIT_ACTOR_HEADER } from "@usebetterdev/audit-next";
+ * export const GET = withAuditRoute(handler, {
+ *   extractor: { actor: fromHeader(AUDIT_ACTOR_HEADER) },
+ * });
+ * ```
+ */
+declare function withAuditRoute<C extends RouteContext = RouteContext>(handler: (request: NextRequest, context: C) => Promise<Response>, options?: WithAuditRouteOptions): (request: NextRequest, context: C) => Promise<Response>;
+/**
+ * Wraps a Next.js server action with audit context propagation.
+ *
+ * Server actions do not receive a `Request` object. This wrapper reads all
+ * request headers via `next/headers` and constructs a synthetic `Request` to
+ * run the configured extractor against, then wraps the action in an
+ * AsyncLocalStorage scope so that `getAuditContext()` returns the correct
+ * context within the action.
+ *
+ * The wrapper is non-blocking: if extraction fails (including when `headers()`
+ * is unavailable), the action runs without audit context (fail open).
+ *
+ * @example
+ * ```ts
+ * // app/actions.ts
+ * "use server";
+ * import { withAudit } from "@usebetterdev/audit-next";
+ *
+ * export const createOrder = withAudit(async (formData: FormData) => {
+ *   // getAuditContext() returns the actor here
+ * });
+ * ```
+ */
+declare function withAudit<TArgs extends unknown[], TResult>(action: (...args: TArgs) => Promise<TResult>, options?: WithAuditOptions): (...args: TArgs) => Promise<TResult>;
+export { AUDIT_ACTOR_HEADER, type BaseAuditOptions, type CreateAuditMiddlewareOptions, type NextMiddleware, type RouteContext, type WithAuditOptions, type WithAuditRouteOptions, betterAuditNext, createAuditMiddleware, withAudit, withAuditRoute };

package/dist/index.d.ts ADDED Viewed

@@ -0,0 +1,140 @@
+import { ContextExtractor } from '@usebetterdev/audit-core';
+export { AuditContext, ContextExtractor, ValueExtractor, fromBearerToken, fromCookie, fromHeader, getAuditContext, runWithAuditContext } from '@usebetterdev/audit-core';
+import { NextRequest, NextResponse } from 'next/server';
+type RouteContext = Record<string, unknown> | undefined;
+type NextMiddleware = (request: NextRequest) => Promise<NextResponse>;
+/**
+ * Shared options across all audit wrappers.
+ */
+interface BaseAuditOptions {
+    /** Context extractor for pulling actor identity from the request. */
+    extractor?: ContextExtractor;
+    /** Called when an extractor throws. Defaults to silent fail-open. */
+    onError?: (error: unknown) => void;
+}
+interface CreateAuditMiddlewareOptions extends BaseAuditOptions {
+    /**
+     * Request header name used to forward the extracted actor id to downstream
+     * route handlers. Defaults to `AUDIT_ACTOR_HEADER`.
+     */
+    actorHeader?: string;
+}
+type WithAuditRouteOptions = BaseAuditOptions;
+type WithAuditOptions = BaseAuditOptions;
+/**
+ * Default header name used to forward the actor id from middleware to route
+ * handlers.
+ *
+ * Use this constant to keep the middleware and route handler in sync:
+ * ```ts
+ * // middleware.ts
+ * export default createAuditMiddleware(); // sets AUDIT_ACTOR_HEADER
+ *
+ * // app/api/orders/route.ts
+ * export const GET = withAuditRoute(handler, {
+ *   extractor: { actor: fromHeader(AUDIT_ACTOR_HEADER) },
+ * });
+ * ```
+ */
+declare const AUDIT_ACTOR_HEADER = "x-better-audit-actor-id";
+/**
+ * Creates a Next.js edge middleware function that extracts audit context from
+ * the incoming request and forwards the actor id as a request header to
+ * downstream route handlers.
+ *
+ * **Important:** Next.js middleware runs in a separate Edge Runtime execution
+ * context from route handlers — AsyncLocalStorage set here does NOT propagate.
+ * This middleware forwards the extracted actor id via a request header
+ * (`x-better-audit-actor-id` by default). Use `withAuditRoute` in your route
+ * handlers to read that header and populate ALS.
+ *
+ * The middleware **always** overwrites the actor header on the forwarded
+ * request — when extraction fails, it is set to an empty string. This prevents
+ * clients from spoofing the actor id by sending the header directly.
+ *
+ * The middleware is non-blocking: if context extraction fails, the request
+ * proceeds with an empty actor header (fail open).
+ *
+ * @example
+ * ```ts
+ * // middleware.ts
+ * import { createAuditMiddleware } from "@usebetterdev/audit-next";
+ * export default createAuditMiddleware();
+ * export const config = { matcher: "/api/:path*" };
+ *
+ * // app/api/orders/route.ts
+ * import { withAuditRoute, fromHeader, AUDIT_ACTOR_HEADER } from "@usebetterdev/audit-next";
+ * export const GET = withAuditRoute(handler, {
+ *   extractor: { actor: fromHeader(AUDIT_ACTOR_HEADER) },
+ * });
+ * ```
+ */
+declare function createAuditMiddleware(options?: CreateAuditMiddlewareOptions): NextMiddleware;
+/**
+ * Convenience alias for `createAuditMiddleware`. Use as the default export
+ * in `middleware.ts`.
+ *
+ * @example
+ * ```ts
+ * // middleware.ts
+ * import { betterAuditNext } from "@usebetterdev/audit-next";
+ * export default betterAuditNext();
+ * ```
+ */
+declare function betterAuditNext(options?: CreateAuditMiddlewareOptions): NextMiddleware;
+/**
+ * Wraps a Next.js App Router route handler with audit context propagation.
+ *
+ * Extracts the actor identity from the incoming request (by default reads
+ * `sub` from `Authorization: Bearer <jwt>`, or reads the
+ * `x-better-audit-actor-id` header forwarded by `createAuditMiddleware`) and
+ * runs the handler inside an AsyncLocalStorage scope so that `getAuditContext()`
+ * returns the correct context within the handler.
+ *
+ * `NextRequest` is a Web `Request` subclass — extractors from audit-core
+ * (`fromBearerToken`, `fromHeader`, `fromCookie`) work directly.
+ *
+ * The wrapper is non-blocking: if extraction fails, the handler runs without
+ * audit context (fail open).
+ *
+ * @example
+ * ```ts
+ * // app/api/orders/route.ts — standalone (no middleware)
+ * import { withAuditRoute } from "@usebetterdev/audit-next";
+ * export const GET = withAuditRoute(handler);
+ *
+ * // app/api/orders/route.ts — paired with createAuditMiddleware
+ * import { withAuditRoute, fromHeader, AUDIT_ACTOR_HEADER } from "@usebetterdev/audit-next";
+ * export const GET = withAuditRoute(handler, {
+ *   extractor: { actor: fromHeader(AUDIT_ACTOR_HEADER) },
+ * });
+ * ```
+ */
+declare function withAuditRoute<C extends RouteContext = RouteContext>(handler: (request: NextRequest, context: C) => Promise<Response>, options?: WithAuditRouteOptions): (request: NextRequest, context: C) => Promise<Response>;
+/**
+ * Wraps a Next.js server action with audit context propagation.
+ *
+ * Server actions do not receive a `Request` object. This wrapper reads all
+ * request headers via `next/headers` and constructs a synthetic `Request` to
+ * run the configured extractor against, then wraps the action in an
+ * AsyncLocalStorage scope so that `getAuditContext()` returns the correct
+ * context within the action.
+ *
+ * The wrapper is non-blocking: if extraction fails (including when `headers()`
+ * is unavailable), the action runs without audit context (fail open).
+ *
+ * @example
+ * ```ts
+ * // app/actions.ts
+ * "use server";
+ * import { withAudit } from "@usebetterdev/audit-next";
+ *
+ * export const createOrder = withAudit(async (formData: FormData) => {
+ *   // getAuditContext() returns the actor here
+ * });
+ * ```
+ */
+declare function withAudit<TArgs extends unknown[], TResult>(action: (...args: TArgs) => Promise<TResult>, options?: WithAuditOptions): (...args: TArgs) => Promise<TResult>;
+export { AUDIT_ACTOR_HEADER, type BaseAuditOptions, type CreateAuditMiddlewareOptions, type NextMiddleware, type RouteContext, type WithAuditOptions, type WithAuditRouteOptions, betterAuditNext, createAuditMiddleware, withAudit, withAuditRoute };

package/dist/index.js ADDED Viewed

@@ -0,0 +1,96 @@
+// src/index.ts
+import {
+  fromBearerToken,
+  runWithAuditContext
+} from "@usebetterdev/audit-core";
+import { headers } from "next/headers";
+import { NextResponse } from "next/server";
+import { fromBearerToken as fromBearerToken2, fromCookie, fromHeader, getAuditContext as getAuditContext2, runWithAuditContext as runWithAuditContext2 } from "@usebetterdev/audit-core";
+var AUDIT_ACTOR_HEADER = "x-better-audit-actor-id";
+var defaultExtractor = {
+  actor: fromBearerToken("sub")
+};
+async function tryExtract(extractor, request, onError) {
+  if (!extractor) {
+    return void 0;
+  }
+  try {
+    return await extractor(request);
+  } catch (error) {
+    if (onError) {
+      onError(error);
+    }
+    return void 0;
+  }
+}
+function createAuditMiddleware(options = {}) {
+  const extractor = options.extractor ?? defaultExtractor;
+  const actorHeader = options.actorHeader ?? AUDIT_ACTOR_HEADER;
+  return async (request) => {
+    const actorId = await tryExtract(
+      extractor.actor,
+      request,
+      options.onError
+    );
+    const requestHeaders = new Headers(request.headers);
+    requestHeaders.set(actorHeader, actorId ?? "");
+    return NextResponse.next({
+      request: { headers: requestHeaders }
+    });
+  };
+}
+function betterAuditNext(options = {}) {
+  return createAuditMiddleware(options);
+}
+function withAuditRoute(handler, options = {}) {
+  const extractor = options.extractor ?? defaultExtractor;
+  return async (request, context) => {
+    const actorId = await tryExtract(
+      extractor.actor,
+      request,
+      options.onError
+    );
+    if (actorId === void 0) {
+      return handler(request, context);
+    }
+    const auditContext = { actorId };
+    return runWithAuditContext(auditContext, () => handler(request, context));
+  };
+}
+function withAudit(action, options = {}) {
+  const extractor = options.extractor ?? defaultExtractor;
+  return async (...args) => {
+    let actorId;
+    try {
+      const headersList = await headers();
+      const syntheticRequest = new Request("http://localhost", {
+        headers: headersList
+      });
+      actorId = await tryExtract(
+        extractor.actor,
+        syntheticRequest,
+        options.onError
+      );
+    } catch (error) {
+      options.onError?.(error);
+    }
+    if (actorId === void 0) {
+      return action(...args);
+    }
+    const auditContext = { actorId };
+    return runWithAuditContext(auditContext, () => action(...args));
+  };
+}
+export {
+  AUDIT_ACTOR_HEADER,
+  betterAuditNext,
+  createAuditMiddleware,
+  fromBearerToken2 as fromBearerToken,
+  fromCookie,
+  fromHeader,
+  getAuditContext2 as getAuditContext,
+  runWithAuditContext2 as runWithAuditContext,
+  withAudit,
+  withAuditRoute
+};
+//# sourceMappingURL=index.js.map

package/dist/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"sources":["../src/index.ts"],"sourcesContent":["import {\n fromBearerToken,\n getAuditContext,\n runWithAuditContext,\n} from \"@usebetterdev/audit-core\";\nimport type {\n AuditContext,\n ContextExtractor,\n ValueExtractor,\n} from \"@usebetterdev/audit-core\";\nimport { headers } from \"next/headers\";\nimport { NextResponse } from \"next/server\";\nimport type { NextRequest } from \"next/server\";\n\n// ---------------------------------------------------------------------------\n// Types\n// ---------------------------------------------------------------------------\n\nexport type RouteContext = Record<string, unknown> | undefined;\n\nexport type NextMiddleware = (request: NextRequest) => Promise<NextResponse>;\n\n/**\n * Shared options across all audit wrappers.\n */\nexport interface BaseAuditOptions {\n /** Context extractor for pulling actor identity from the request. */\n extractor?: ContextExtractor;\n /** Called when an extractor throws. Defaults to silent fail-open. */\n onError?: (error: unknown) => void;\n}\n\nexport interface CreateAuditMiddlewareOptions extends BaseAuditOptions {\n /**\n * Request header name used to forward the extracted actor id to downstream\n * route handlers. Defaults to `AUDIT_ACTOR_HEADER`.\n */\n actorHeader?: string;\n}\n\nexport type WithAuditRouteOptions = BaseAuditOptions;\n\nexport type WithAuditOptions = BaseAuditOptions;\n\n// ---------------------------------------------------------------------------\n// Constants\n// ---------------------------------------------------------------------------\n\n/**\n * Default header name used to forward the actor id from middleware to route\n * handlers.\n *\n * Use this constant to keep the middleware and route handler in sync:\n * ```ts\n * // middleware.ts\n * export default createAuditMiddleware(); // sets AUDIT_ACTOR_HEADER\n *\n * // app/api/orders/route.ts\n * export const GET = withAuditRoute(handler, {\n * extractor: { actor: fromHeader(AUDIT_ACTOR_HEADER) },\n * });\n * ```\n */\nexport const AUDIT_ACTOR_HEADER = \"x-better-audit-actor-id\";\n\n// ---------------------------------------------------------------------------\n// Private helpers\n// ---------------------------------------------------------------------------\n\n/** Default extractor: reads `sub` from `Authorization: Bearer <jwt>` as actor. */\nconst defaultExtractor: ContextExtractor = {\n actor: fromBearerToken(\"sub\"),\n};\n\n/**\n * Runs a value extractor safely, returning undefined on error (fail open).\n */\nasync function tryExtract(\n extractor: ValueExtractor | undefined,\n request: Request,\n onError: ((error: unknown) => void) | undefined,\n): Promise<string | undefined> {\n if (!extractor) {\n return undefined;\n }\n try {\n return await extractor(request);\n } catch (error: unknown) {\n if (onError) {\n onError(error);\n }\n return undefined;\n }\n}\n\n// ---------------------------------------------------------------------------\n// createAuditMiddleware / betterAuditNext\n// ---------------------------------------------------------------------------\n\n/**\n * Creates a Next.js edge middleware function that extracts audit context from\n * the incoming request and forwards the actor id as a request header to\n * downstream route handlers.\n *\n * **Important:** Next.js middleware runs in a separate Edge Runtime execution\n * context from route handlers — AsyncLocalStorage set here does NOT propagate.\n * This middleware forwards the extracted actor id via a request header\n * (`x-better-audit-actor-id` by default). Use `withAuditRoute` in your route\n * handlers to read that header and populate ALS.\n *\n * The middleware **always** overwrites the actor header on the forwarded\n * request — when extraction fails, it is set to an empty string. This prevents\n * clients from spoofing the actor id by sending the header directly.\n *\n * The middleware is non-blocking: if context extraction fails, the request\n * proceeds with an empty actor header (fail open).\n *\n * @example\n * ```ts\n * // middleware.ts\n * import { createAuditMiddleware } from \"@usebetterdev/audit-next\";\n * export default createAuditMiddleware();\n * export const config = { matcher: \"/api/:path*\" };\n *\n * // app/api/orders/route.ts\n * import { withAuditRoute, fromHeader, AUDIT_ACTOR_HEADER } from \"@usebetterdev/audit-next\";\n * export const GET = withAuditRoute(handler, {\n * extractor: { actor: fromHeader(AUDIT_ACTOR_HEADER) },\n * });\n * ```\n */\nexport function createAuditMiddleware(\n options: CreateAuditMiddlewareOptions = {},\n): NextMiddleware {\n const extractor = options.extractor ?? defaultExtractor;\n const actorHeader = options.actorHeader ?? AUDIT_ACTOR_HEADER;\n\n return async (request) => {\n const actorId = await tryExtract(\n extractor.actor,\n request,\n options.onError,\n );\n\n // Always forward with an explicit header value so clients cannot spoof\n // the actor id by sending the header directly. When extraction fails the\n // header is set to \"\" — fromHeader() treats empty values as undefined.\n const requestHeaders = new Headers(request.headers);\n requestHeaders.set(actorHeader, actorId ?? \"\");\n\n return NextResponse.next({\n request: { headers: requestHeaders },\n });\n };\n}\n\n/**\n * Convenience alias for `createAuditMiddleware`. Use as the default export\n * in `middleware.ts`.\n *\n * @example\n * ```ts\n * // middleware.ts\n * import { betterAuditNext } from \"@usebetterdev/audit-next\";\n * export default betterAuditNext();\n * ```\n */\nexport function betterAuditNext(\n options: CreateAuditMiddlewareOptions = {},\n): NextMiddleware {\n return createAuditMiddleware(options);\n}\n\n// ---------------------------------------------------------------------------\n// withAuditRoute\n// ---------------------------------------------------------------------------\n\n/**\n * Wraps a Next.js App Router route handler with audit context propagation.\n *\n * Extracts the actor identity from the incoming request (by default reads\n * `sub` from `Authorization: Bearer <jwt>`, or reads the\n * `x-better-audit-actor-id` header forwarded by `createAuditMiddleware`) and\n * runs the handler inside an AsyncLocalStorage scope so that `getAuditContext()`\n * returns the correct context within the handler.\n *\n * `NextRequest` is a Web `Request` subclass — extractors from audit-core\n * (`fromBearerToken`, `fromHeader`, `fromCookie`) work directly.\n *\n * The wrapper is non-blocking: if extraction fails, the handler runs without\n * audit context (fail open).\n *\n * @example\n * ```ts\n * // app/api/orders/route.ts — standalone (no middleware)\n * import { withAuditRoute } from \"@usebetterdev/audit-next\";\n * export const GET = withAuditRoute(handler);\n *\n * // app/api/orders/route.ts — paired with createAuditMiddleware\n * import { withAuditRoute, fromHeader, AUDIT_ACTOR_HEADER } from \"@usebetterdev/audit-next\";\n * export const GET = withAuditRoute(handler, {\n * extractor: { actor: fromHeader(AUDIT_ACTOR_HEADER) },\n * });\n * ```\n */\nexport function withAuditRoute<C extends RouteContext = RouteContext>(\n handler: (request: NextRequest, context: C) => Promise<Response>,\n options: WithAuditRouteOptions = {},\n): (request: NextRequest, context: C) => Promise<Response> {\n const extractor = options.extractor ?? defaultExtractor;\n\n return async (request, context) => {\n const actorId = await tryExtract(\n extractor.actor,\n request,\n options.onError,\n );\n\n if (actorId === undefined) {\n return handler(request, context);\n }\n\n const auditContext: AuditContext = { actorId };\n\n return runWithAuditContext(auditContext, () => handler(request, context));\n };\n}\n\n// ---------------------------------------------------------------------------\n// withAudit (server actions)\n// ---------------------------------------------------------------------------\n\n/**\n * Wraps a Next.js server action with audit context propagation.\n *\n * Server actions do not receive a `Request` object. This wrapper reads all\n * request headers via `next/headers` and constructs a synthetic `Request` to\n * run the configured extractor against, then wraps the action in an\n * AsyncLocalStorage scope so that `getAuditContext()` returns the correct\n * context within the action.\n *\n * The wrapper is non-blocking: if extraction fails (including when `headers()`\n * is unavailable), the action runs without audit context (fail open).\n *\n * @example\n * ```ts\n * // app/actions.ts\n * \"use server\";\n * import { withAudit } from \"@usebetterdev/audit-next\";\n *\n * export const createOrder = withAudit(async (formData: FormData) => {\n * // getAuditContext() returns the actor here\n * });\n * ```\n */\nexport function withAudit<TArgs extends unknown[], TResult>(\n action: (...args: TArgs) => Promise<TResult>,\n options: WithAuditOptions = {},\n): (...args: TArgs) => Promise<TResult> {\n const extractor = options.extractor ?? defaultExtractor;\n\n return async (...args) => {\n let actorId: string | undefined;\n\n try {\n const headersList = await headers();\n const syntheticRequest = new Request(\"http://localhost\", {\n headers: headersList,\n });\n actorId = await tryExtract(\n extractor.actor,\n syntheticRequest,\n options.onError,\n );\n } catch (error: unknown) {\n // headers() throws outside Next.js request context — fail open\n options.onError?.(error);\n }\n\n if (actorId === undefined) {\n return action(...args);\n }\n\n const auditContext: AuditContext = { actorId };\n\n return runWithAuditContext(auditContext, () => action(...args));\n };\n}\n\n// ---------------------------------------------------------------------------\n// Re-exports\n// ---------------------------------------------------------------------------\n\nexport type { AuditContext, ContextExtractor, ValueExtractor };\nexport { fromBearerToken, fromCookie, fromHeader, getAuditContext, runWithAuditContext } from \"@usebetterdev/audit-core\";\n"],"mappings":";AAAA;AAAA,EACE;AAAA,EAEA;AAAA,OACK;AAMP,SAAS,eAAe;AACxB,SAAS,oBAAoB;AA2R7B,SAAS,mBAAAA,kBAAiB,YAAY,YAAY,mBAAAC,kBAAiB,uBAAAC,4BAA2B;AAvOvF,IAAM,qBAAqB;AAOlC,IAAM,mBAAqC;AAAA,EACzC,OAAO,gBAAgB,KAAK;AAC9B;AAKA,eAAe,WACb,WACA,SACA,SAC6B;AAC7B,MAAI,CAAC,WAAW;AACd,WAAO;AAAA,EACT;AACA,MAAI;AACF,WAAO,MAAM,UAAU,OAAO;AAAA,EAChC,SAAS,OAAgB;AACvB,QAAI,SAAS;AACX,cAAQ,KAAK;AAAA,IACf;AACA,WAAO;AAAA,EACT;AACF;AAsCO,SAAS,sBACd,UAAwC,CAAC,GACzB;AAChB,QAAM,YAAY,QAAQ,aAAa;AACvC,QAAM,cAAc,QAAQ,eAAe;AAE3C,SAAO,OAAO,YAAY;AACxB,UAAM,UAAU,MAAM;AAAA,MACpB,UAAU;AAAA,MACV;AAAA,MACA,QAAQ;AAAA,IACV;AAKA,UAAM,iBAAiB,IAAI,QAAQ,QAAQ,OAAO;AAClD,mBAAe,IAAI,aAAa,WAAW,EAAE;AAE7C,WAAO,aAAa,KAAK;AAAA,MACvB,SAAS,EAAE,SAAS,eAAe;AAAA,IACrC,CAAC;AAAA,EACH;AACF;AAaO,SAAS,gBACd,UAAwC,CAAC,GACzB;AAChB,SAAO,sBAAsB,OAAO;AACtC;AAkCO,SAAS,eACd,SACA,UAAiC,CAAC,GACuB;AACzD,QAAM,YAAY,QAAQ,aAAa;AAEvC,SAAO,OAAO,SAAS,YAAY;AACjC,UAAM,UAAU,MAAM;AAAA,MACpB,UAAU;AAAA,MACV;AAAA,MACA,QAAQ;AAAA,IACV;AAEA,QAAI,YAAY,QAAW;AACzB,aAAO,QAAQ,SAAS,OAAO;AAAA,IACjC;AAEA,UAAM,eAA6B,EAAE,QAAQ;AAE7C,WAAO,oBAAoB,cAAc,MAAM,QAAQ,SAAS,OAAO,CAAC;AAAA,EAC1E;AACF;AA6BO,SAAS,UACd,QACA,UAA4B,CAAC,GACS;AACtC,QAAM,YAAY,QAAQ,aAAa;AAEvC,SAAO,UAAU,SAAS;AACxB,QAAI;AAEJ,QAAI;AACF,YAAM,cAAc,MAAM,QAAQ;AAClC,YAAM,mBAAmB,IAAI,QAAQ,oBAAoB;AAAA,QACvD,SAAS;AAAA,MACX,CAAC;AACD,gBAAU,MAAM;AAAA,QACd,UAAU;AAAA,QACV;AAAA,QACA,QAAQ;AAAA,MACV;AAAA,IACF,SAAS,OAAgB;AAEvB,cAAQ,UAAU,KAAK;AAAA,IACzB;AAEA,QAAI,YAAY,QAAW;AACzB,aAAO,OAAO,GAAG,IAAI;AAAA,IACvB;AAEA,UAAM,eAA6B,EAAE,QAAQ;AAE7C,WAAO,oBAAoB,cAAc,MAAM,OAAO,GAAG,IAAI,CAAC;AAAA,EAChE;AACF;","names":["fromBearerToken","getAuditContext","runWithAuditContext"]}

package/package.json ADDED Viewed

@@ -0,0 +1,49 @@
+{
+  "name": "@usebetterdev/audit-next",
+  "version": "0.6.0",
+  "repository": "github:usebetter-dev/usebetter",
+  "bugs": "https://github.com/usebetter-dev/usebetter/issues",
+  "homepage": "https://github.com/usebetter-dev/usebetter#readme",
+  "publishConfig": {
+    "access": "public",
+    "registry": "https://registry.npmjs.org/"
+  },
+  "type": "module",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "tsup",
+    "build:types": "tsc --build tsconfig.build.json",
+    "lint": "oxlint",
+    "test": "vitest run",
+    "typecheck": "tsc --noEmit"
+  },
+  "dependencies": {
+    "@usebetterdev/audit-core": "workspace:*"
+  },
+  "peerDependencies": {
+    "next": ">=14.0.0"
+  },
+  "devDependencies": {
+    "@types/node": "^22.10.0",
+    "next": "^15.5.2",
+    "tsup": "^8.3.5",
+    "typescript": "~5.7.2",
+    "vitest": "^2.1.6"
+  },
+  "engines": {
+    "node": ">=22"
+  }
+}