npm - @willyim/drizzle-audit - Versions diffs - 0.1.3 - Mend

@willyim/drizzle-audit 0.1.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (56) hide show

package/README.md +278 -0
package/dist/src/cli/generate-migration.d.ts +14 -0
package/dist/src/cli/generate-migration.d.ts.map +1 -0
package/dist/src/cli/generate-migration.js +118 -0
package/dist/src/cli/runner.d.ts +2 -0
package/dist/src/cli/runner.d.ts.map +1 -0
package/dist/src/cli/runner.js +23 -0
package/dist/src/d1/audit-log-schema.d.ts +181 -0
package/dist/src/d1/audit-log-schema.d.ts.map +1 -0
package/dist/src/d1/audit-log-schema.js +30 -0
package/dist/src/d1/index.d.ts +7 -0
package/dist/src/d1/index.d.ts.map +1 -0
package/dist/src/d1/index.js +3 -0
package/dist/src/d1/runtime.d.ts +44 -0
package/dist/src/d1/runtime.d.ts.map +1 -0
package/dist/src/d1/runtime.js +68 -0
package/dist/src/d1/sql.d.ts +37 -0
package/dist/src/d1/sql.d.ts.map +1 -0
package/dist/src/d1/sql.js +261 -0
package/dist/src/d1/types.d.ts +22 -0
package/dist/src/d1/types.d.ts.map +1 -0
package/dist/src/d1/types.js +1 -0
package/dist/src/d1-runtime/index.d.ts +3 -0
package/dist/src/d1-runtime/index.d.ts.map +1 -0
package/dist/src/d1-runtime/index.js +1 -0
package/dist/src/d1-runtime/with-audit.d.ts +77 -0
package/dist/src/d1-runtime/with-audit.d.ts.map +1 -0
package/dist/src/d1-runtime/with-audit.js +130 -0
package/dist/src/index.d.ts +4 -0
package/dist/src/index.d.ts.map +1 -0
package/dist/src/index.js +3 -0
package/dist/src/postgres/audit-log-schema.d.ts +140 -0
package/dist/src/postgres/audit-log-schema.d.ts.map +1 -0
package/dist/src/postgres/audit-log-schema.js +25 -0
package/dist/src/postgres/index.d.ts +6 -0
package/dist/src/postgres/index.d.ts.map +1 -0
package/dist/src/postgres/index.js +3 -0
package/dist/src/postgres/runtime.d.ts +10 -0
package/dist/src/postgres/runtime.d.ts.map +1 -0
package/dist/src/postgres/runtime.js +21 -0
package/dist/src/postgres/sql.d.ts +14 -0
package/dist/src/postgres/sql.d.ts.map +1 -0
package/dist/src/postgres/sql.js +190 -0
package/dist/src/postgres/types.d.ts +22 -0
package/dist/src/postgres/types.d.ts.map +1 -0
package/dist/src/postgres/types.js +1 -0
package/dist/test/d1-runtime.integration.test.d.ts +2 -0
package/dist/test/d1-runtime.integration.test.d.ts.map +1 -0
package/dist/test/d1-runtime.integration.test.js +222 -0
package/dist/test/d1.integration.test.d.ts +2 -0
package/dist/test/d1.integration.test.d.ts.map +1 -0
package/dist/test/d1.integration.test.js +223 -0
package/dist/test/postgres.integration.test.d.ts +2 -0
package/dist/test/postgres.integration.test.d.ts.map +1 -0
package/dist/test/postgres.integration.test.js +286 -0
package/package.json +66 -0

package/dist/src/d1-runtime/with-audit.js ADDED Viewed

@@ -0,0 +1,130 @@
+import { getTableColumns, getTableName, } from "drizzle-orm";
+function getPrimaryKeyColumn(table) {
+    const cols = getTableColumns(table);
+    const pk = Object.values(cols).find((c) => c.primary);
+    return pk ?? null;
+}
+function getRowId(row, pk) {
+    if (!pk)
+        return null;
+    const val = row[pk.name];
+    return val != null ? String(val) : null;
+}
+/**
+ * Creates an audited wrapper around a Drizzle SQLite database.
+ * Each insert/update/delete is wrapped in a transaction that atomically
+ * writes to both the target table and the audit_logs table.
+ *
+ * @param db - A Drizzle SQLite database instance (D1, better-sqlite3, libsql)
+ * @param auditTable - The Drizzle table definition for audit_logs
+ * @param context - The audit context (userId, optional workspaceId)
+ *
+ * @example
+ * import { withAudit } from "drizzle-audit/d1-runtime"
+ * import { d1AuditLogTable } from "drizzle-audit/d1"
+ *
+ * const auditLogs = d1AuditLogTable()
+ * const audited = withAudit(db, auditLogs, { userId: session.userId })
+ *
+ * // Audited insert
+ * audited.insert(users, { id: "u1", name: "Ada" })
+ *
+ * // Audited update — captures old + new data
+ * audited.update(users, eq(users.id, "u1"), { name: "Ada Lovelace" })
+ *
+ * // Audited delete — captures deleted data
+ * audited.delete(users, eq(users.id, "u1"))
+ *
+ * // Non-audited access
+ * audited.db.select().from(users).all()
+ */
+export function withAudit(db, auditTable, context) {
+    const workspaceIdColumn = (() => {
+        const cols = getTableColumns(auditTable);
+        const known = new Set([
+            "id",
+            "table_name",
+            "operation",
+            "row_id",
+            "user_id",
+            "old_data",
+            "new_data",
+            "created_at",
+        ]);
+        const extra = Object.keys(cols).find((k) => !known.has(k));
+        return extra ?? null;
+    })();
+    function buildAuditRow(tableName, operation, rowId, oldData, newData) {
+        return {
+            table_name: tableName,
+            operation,
+            row_id: rowId,
+            user_id: context.userId,
+            old_data: oldData ? JSON.stringify(oldData) : null,
+            new_data: newData ? JSON.stringify(newData) : null,
+            ...(workspaceIdColumn && context.workspaceId
+                ? { [workspaceIdColumn]: context.workspaceId }
+                : {}),
+        };
+    }
+    return {
+        db,
+        insert(table, data) {
+            const tableName = getTableName(table);
+            const pk = getPrimaryKeyColumn(table);
+            return db.transaction((tx) => {
+                const [row] = tx.insert(table).values(data).returning().all();
+                const rowId = getRowId(row, pk);
+                tx.insert(auditTable)
+                    .values(buildAuditRow(tableName, "INSERT", rowId, null, row))
+                    .run();
+                return row;
+            });
+        },
+        update(table, where, data) {
+            const tableName = getTableName(table);
+            const pk = getPrimaryKeyColumn(table);
+            return db.transaction((tx) => {
+                const oldRows = tx
+                    .select()
+                    .from(table)
+                    .where(where)
+                    .all();
+                const newRows = tx
+                    .update(table)
+                    .set(data)
+                    .where(where)
+                    .returning()
+                    .all();
+                for (let i = 0; i < newRows.length; i++) {
+                    const oldRow = oldRows[i] ?? null;
+                    const newRow = newRows[i];
+                    const rowId = getRowId(newRow, pk);
+                    tx.insert(auditTable)
+                        .values(buildAuditRow(tableName, "UPDATE", rowId, oldRow, newRow))
+                        .run();
+                }
+                return newRows;
+            });
+        },
+        delete(table, where) {
+            const tableName = getTableName(table);
+            const pk = getPrimaryKeyColumn(table);
+            return db.transaction((tx) => {
+                const oldRows = tx
+                    .select()
+                    .from(table)
+                    .where(where)
+                    .all();
+                tx.delete(table).where(where).run();
+                for (const oldRow of oldRows) {
+                    const rowId = getRowId(oldRow, pk);
+                    tx.insert(auditTable)
+                        .values(buildAuditRow(tableName, "DELETE", rowId, oldRow, null))
+                        .run();
+                }
+                return oldRows;
+            });
+        },
+    };
+}

package/dist/src/index.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+export * from "./postgres/index.js";
+export * from "./d1/index.js";
+export * from "./d1-runtime/index.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/src/index.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,qBAAqB,CAAA;AACnC,cAAc,eAAe,CAAA;AAC7B,cAAc,uBAAuB,CAAA"}

package/dist/src/index.js ADDED Viewed

@@ -0,0 +1,3 @@
+export * from "./postgres/index.js";
+export * from "./d1/index.js";
+export * from "./d1-runtime/index.js";

package/dist/src/postgres/audit-log-schema.d.ts ADDED Viewed

@@ -0,0 +1,140 @@
+export type PgAuditLogTableOptions = {
+    /** When set (e.g. "workspace_id"), the table definition includes this optional column to match the install. */
+    workspaceIdColumn?: string;
+};
+export declare function pgAuditLogTable(options?: PgAuditLogTableOptions): import("drizzle-orm/pg-core").PgTableWithColumns<{
+    name: "audit_logs";
+    schema: undefined;
+    columns: {
+        old_data: import("drizzle-orm/pg-core").PgBuildColumn<"audit_logs", import("drizzle-orm/pg-core").PgJsonbBuilder, {
+            name: string;
+            tableName: "audit_logs";
+            dataType: "object json";
+            data: unknown;
+            driverParam: unknown;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            identity: undefined;
+            generated: undefined;
+            insertType: unknown;
+        }>;
+        new_data: import("drizzle-orm/pg-core").PgBuildColumn<"audit_logs", import("drizzle-orm/pg-core").PgJsonbBuilder, {
+            name: string;
+            tableName: "audit_logs";
+            dataType: "object json";
+            data: unknown;
+            driverParam: unknown;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            identity: undefined;
+            generated: undefined;
+            insertType: unknown;
+        }>;
+        created_at: import("drizzle-orm/pg-core").PgBuildColumn<"audit_logs", import("drizzle-orm/pg-core").SetNotNull<import("drizzle-orm/pg-core").SetHasDefault<import("drizzle-orm/pg-core").PgTimestampBuilder>>, {
+            name: string;
+            tableName: "audit_logs";
+            dataType: "object date";
+            data: Date;
+            driverParam: string;
+            notNull: true;
+            hasDefault: true;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            identity: undefined;
+            generated: undefined;
+            insertType: Date | undefined;
+        }>;
+        id: import("drizzle-orm/pg-core").PgBuildColumn<"audit_logs", import("drizzle-orm/pg-core").SetIsPrimaryKey<import("drizzle-orm/pg-core").PgBigSerial53Builder>, {
+            name: string;
+            tableName: "audit_logs";
+            dataType: "number int53";
+            data: number;
+            driverParam: number;
+            notNull: true;
+            hasDefault: true;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            identity: undefined;
+            generated: undefined;
+            insertType: number | undefined;
+        }>;
+        table_name: import("drizzle-orm/pg-core").PgBuildColumn<"audit_logs", import("drizzle-orm/pg-core").SetNotNull<import("drizzle-orm/pg-core").PgTextBuilder<undefined>>, {
+            name: string;
+            tableName: "audit_logs";
+            dataType: "string";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            identity: undefined;
+            generated: undefined;
+            insertType: string;
+        }>;
+        operation: import("drizzle-orm/pg-core").PgBuildColumn<"audit_logs", import("drizzle-orm/pg-core").SetNotNull<import("drizzle-orm/pg-core").PgTextBuilder<undefined>>, {
+            name: string;
+            tableName: "audit_logs";
+            dataType: "string";
+            data: string;
+            driverParam: string;
+            notNull: true;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            identity: undefined;
+            generated: undefined;
+            insertType: string;
+        }>;
+        row_id: import("drizzle-orm/pg-core").PgBuildColumn<"audit_logs", import("drizzle-orm/pg-core").PgTextBuilder<undefined>, {
+            name: string;
+            tableName: "audit_logs";
+            dataType: "string";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            identity: undefined;
+            generated: undefined;
+            insertType: string | null | undefined;
+        }>;
+        user_id: import("drizzle-orm/pg-core").PgBuildColumn<"audit_logs", import("drizzle-orm/pg-core").PgTextBuilder<undefined>, {
+            name: string;
+            tableName: "audit_logs";
+            dataType: "string";
+            data: string;
+            driverParam: string;
+            notNull: false;
+            hasDefault: false;
+            isPrimaryKey: false;
+            isAutoincrement: false;
+            hasRuntimeDefault: false;
+            enumValues: undefined;
+            identity: undefined;
+            generated: undefined;
+            insertType: string | null | undefined;
+        }>;
+    };
+    dialect: "pg";
+}>;
+//# sourceMappingURL=audit-log-schema.d.ts.map

package/dist/src/postgres/audit-log-schema.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"audit-log-schema.d.ts","sourceRoot":"","sources":["../../../src/postgres/audit-log-schema.ts"],"names":[],"mappings":"AASA,MAAM,MAAM,sBAAsB,GAAG;IACnC,+GAA+G;IAC/G,iBAAiB,CAAC,EAAE,MAAM,CAAA;CAC3B,CAAA;AAED,wBAAgB,eAAe,CAAC,OAAO,CAAC,EAAE,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2B/D"}

package/dist/src/postgres/audit-log-schema.js ADDED Viewed

@@ -0,0 +1,25 @@
+import { bigserial, index, jsonb, pgTable, text, timestamp, } from "drizzle-orm/pg-core";
+export function pgAuditLogTable(options) {
+    const workspaceIdColumn = options?.workspaceIdColumn?.trim();
+    const columns = {
+        id: bigserial("id", { mode: "number" }).primaryKey(),
+        table_name: text("table_name").notNull(),
+        operation: text("operation").notNull(),
+        row_id: text("row_id"),
+        user_id: text("user_id"),
+        ...(workspaceIdColumn
+            ? { [workspaceIdColumn]: text(workspaceIdColumn) }
+            : {}),
+        old_data: jsonb("old_data"),
+        new_data: jsonb("new_data"),
+        created_at: timestamp("created_at", { withTimezone: true })
+            .defaultNow()
+            .notNull(),
+    };
+    return pgTable("audit_logs", columns, (table) => [
+        index("audit_logs_table_name_idx").on(table.table_name),
+        index("audit_logs_row_id_idx").on(table.row_id),
+        index("audit_logs_user_id_idx").on(table.user_id),
+        index("audit_logs_created_at_idx").on(table.created_at),
+    ]);
+}

package/dist/src/postgres/index.d.ts ADDED Viewed

@@ -0,0 +1,6 @@
+export { pgAuditLogTable } from "./audit-log-schema.js";
+export type { PgAuditLogTableOptions } from "./audit-log-schema.js";
+export { createAttachAuditTriggerSql, createAttachAuditTriggersSql, createAuditAddWorkspaceColumnSql, createAuditInstallSql, } from "./sql.js";
+export { setAuditContext, withAuditedTransaction } from "./runtime.js";
+export type { AuditInstallOptions, AuditSqlExecutor, AuditTransactionCapable, AuditTriggerTarget, } from "./types.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/src/postgres/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/postgres/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,MAAM,uBAAuB,CAAA;AACvD,YAAY,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAA;AACnE,OAAO,EACL,2BAA2B,EAC3B,4BAA4B,EAC5B,gCAAgC,EAChC,qBAAqB,GACtB,MAAM,UAAU,CAAA;AACjB,OAAO,EAAE,eAAe,EAAE,sBAAsB,EAAE,MAAM,cAAc,CAAA;AAEtE,YAAY,EACV,mBAAmB,EACnB,gBAAgB,EAChB,uBAAuB,EACvB,kBAAkB,GACnB,MAAM,YAAY,CAAA"}

package/dist/src/postgres/index.js ADDED Viewed

@@ -0,0 +1,3 @@
+export { pgAuditLogTable } from "./audit-log-schema.js";
+export { createAttachAuditTriggerSql, createAttachAuditTriggersSql, createAuditAddWorkspaceColumnSql, createAuditInstallSql, } from "./sql.js";
+export { setAuditContext, withAuditedTransaction } from "./runtime.js";

package/dist/src/postgres/runtime.d.ts ADDED Viewed

@@ -0,0 +1,10 @@
+import type { AuditSqlExecutor, AuditTransactionCapable } from "./types.js";
+export declare function setAuditContext(db: AuditSqlExecutor, actorId: string, contextKey?: string, options?: {
+    workspaceId?: string;
+    workspaceContextKey?: string;
+}): Promise<void>;
+export declare function withAuditedTransaction<TTransaction extends AuditSqlExecutor, TResult>(db: AuditTransactionCapable<TTransaction>, actorId: string, callback: (tx: TTransaction) => Promise<TResult> | TResult, contextKey?: string, options?: {
+    workspaceId?: string;
+    workspaceContextKey?: string;
+}): Promise<TResult>;
+//# sourceMappingURL=runtime.d.ts.map

package/dist/src/postgres/runtime.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"runtime.d.ts","sourceRoot":"","sources":["../../../src/postgres/runtime.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EACV,gBAAgB,EAChB,uBAAuB,EACxB,MAAM,YAAY,CAAA;AAQnB,wBAAsB,eAAe,CACnC,EAAE,EAAE,gBAAgB,EACpB,OAAO,EAAE,MAAM,EACf,UAAU,SAAgB,EAC1B,OAAO,CAAC,EAAE;IAAE,WAAW,CAAC,EAAE,MAAM,CAAC;IAAC,mBAAmB,CAAC,EAAE,MAAM,CAAA;CAAE,iBAajE;AAED,wBAAsB,sBAAsB,CAC1C,YAAY,SAAS,gBAAgB,EACrC,OAAO,EAEP,EAAE,EAAE,uBAAuB,CAAC,YAAY,CAAC,EACzC,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,CAAC,EAAE,EAAE,YAAY,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,EAC1D,UAAU,SAAgB,EAC1B,OAAO,CAAC,EAAE;IAAE,WAAW,CAAC,EAAE,MAAM,CAAC;IAAC,mBAAmB,CAAC,EAAE,MAAM,CAAA;CAAE,oBAQjE"}

package/dist/src/postgres/runtime.js ADDED Viewed

@@ -0,0 +1,21 @@
+import { sql } from "drizzle-orm";
+function assertActorId(actorId) {
+    if (actorId.trim().length === 0) {
+        throw new Error("actorId must not be empty");
+    }
+}
+export async function setAuditContext(db, actorId, contextKey = "app.user_id", options) {
+    assertActorId(actorId);
+    await db.execute(sql `select set_config(${contextKey}, ${actorId}, true) as audit_context`);
+    if (options?.workspaceId !== undefined && options.workspaceId !== "") {
+        const wsKey = options.workspaceContextKey ?? "app.workspace_id";
+        await db.execute(sql `select set_config(${wsKey}, ${options.workspaceId}, true) as workspace_context`);
+    }
+}
+export async function withAuditedTransaction(db, actorId, callback, contextKey = "app.user_id", options) {
+    assertActorId(actorId);
+    return db.transaction(async (tx) => {
+        await setAuditContext(tx, actorId, contextKey, options);
+        return await callback(tx);
+    });
+}

package/dist/src/postgres/sql.d.ts ADDED Viewed

@@ -0,0 +1,14 @@
+import type { AuditInstallOptions, AuditTriggerTarget } from "./types.js";
+export declare function createAuditInstallSql(options?: AuditInstallOptions): string;
+export declare function createAttachAuditTriggerSql(target: AuditTriggerTarget, options?: AuditInstallOptions): string;
+export declare function createAttachAuditTriggersSql(targets: AuditTriggerTarget[], options?: AuditInstallOptions): string;
+/**
+ * Generates SQL to add the workspace column and replace the trigger function on an
+ * existing audit_logs table. Use in a new migration when adding workspace_id after
+ * the initial install. Options must match your install (auditSchema, auditTable,
+ * triggerFunctionName, contextKey, workspaceIdColumn).
+ */
+export declare function createAuditAddWorkspaceColumnSql(options: AuditInstallOptions & {
+    workspaceIdColumn: string;
+}): string;
+//# sourceMappingURL=sql.d.ts.map

package/dist/src/postgres/sql.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sql.d.ts","sourceRoot":"","sources":["../../../src/postgres/sql.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,mBAAmB,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAA;AAqHzE,wBAAgB,qBAAqB,CAAC,OAAO,GAAE,mBAAwB,UA6DtE;AAED,wBAAgB,2BAA2B,CACzC,MAAM,EAAE,kBAAkB,EAC1B,OAAO,GAAE,mBAAwB,UAiClC;AAED,wBAAgB,4BAA4B,CAC1C,OAAO,EAAE,kBAAkB,EAAE,EAC7B,OAAO,GAAE,mBAAwB,UASlC;AAED;;;;;GAKG;AACH,wBAAgB,gCAAgC,CAC9C,OAAO,EAAE,mBAAmB,GAAG;IAAE,iBAAiB,EAAE,MAAM,CAAA;CAAE,UAkC7D"}

package/dist/src/postgres/sql.js ADDED Viewed

@@ -0,0 +1,190 @@
+const DEFAULT_AUDIT_SCHEMA = "public";
+const DEFAULT_AUDIT_TABLE = "audit_logs";
+const DEFAULT_CONTEXT_KEY = "app.user_id";
+const DEFAULT_TRIGGER_FUNCTION = "drizzle_audit_trigger";
+const DEFAULT_ROW_ID_COLUMN = "id";
+function quoteIdent(value) {
+    return `"${value.replaceAll('"', '""')}"`;
+}
+function quoteLiteral(value) {
+    return `'${value.replaceAll("'", "''")}'`;
+}
+function qualifyName(name, schema) {
+    if (!schema) {
+        return quoteIdent(name);
+    }
+    return `${quoteIdent(schema)}.${quoteIdent(name)}`;
+}
+function assertNonEmpty(value, label) {
+    if (value.trim().length === 0) {
+        throw new Error(`${label} must not be empty`);
+    }
+    return value;
+}
+function buildTriggerFunctionSql(qualifiedAuditTable, qualifiedTriggerFunction, contextLiteral, options) {
+    const workspaceIdColumn = options.workspaceIdColumn?.trim();
+    const hasWorkspace = Boolean(workspaceIdColumn);
+    const workspaceContextLiteral = hasWorkspace
+        ? quoteLiteral("app." + workspaceIdColumn)
+        : "";
+    const workspaceCol = hasWorkspace ? quoteIdent(workspaceIdColumn) : "";
+    const declWorkspace = hasWorkspace ? "\n  audit_workspace TEXT;" : "";
+    const readWorkspace = hasWorkspace
+        ? `\n  audit_workspace := NULLIF(current_setting(${workspaceContextLiteral}, true), '');`
+        : "";
+    const insertColsBase = "table_name, operation, row_id, user_id";
+    const insertColsInsert = hasWorkspace
+        ? `${insertColsBase}, ${workspaceCol}, new_data`
+        : `${insertColsBase}, new_data`;
+    const insertColsUpdate = hasWorkspace
+        ? `${insertColsBase}, ${workspaceCol}, old_data, new_data`
+        : `${insertColsBase}, old_data, new_data`;
+    const insertColsDelete = hasWorkspace
+        ? `${insertColsBase}, ${workspaceCol}, old_data`
+        : `${insertColsBase}, old_data`;
+    const valuesInsert = hasWorkspace
+        ? `TG_TABLE_NAME, TG_OP, current_row_id, audit_user, audit_workspace, to_jsonb(NEW)`
+        : `TG_TABLE_NAME, TG_OP, current_row_id, audit_user, to_jsonb(NEW)`;
+    const valuesUpdate = hasWorkspace
+        ? `TG_TABLE_NAME, TG_OP, current_row_id, audit_user, audit_workspace, to_jsonb(OLD), to_jsonb(NEW)`
+        : `TG_TABLE_NAME, TG_OP, current_row_id, audit_user, to_jsonb(OLD), to_jsonb(NEW)`;
+    const valuesDelete = hasWorkspace
+        ? `TG_TABLE_NAME, TG_OP, current_row_id, audit_user, audit_workspace, to_jsonb(OLD)`
+        : `TG_TABLE_NAME, TG_OP, current_row_id, audit_user, to_jsonb(OLD)`;
+    return `
+CREATE OR REPLACE FUNCTION ${qualifiedTriggerFunction}()
+RETURNS TRIGGER AS $$
+DECLARE
+  audit_user TEXT;${declWorkspace}
+  row_id_column TEXT;
+  current_row JSONB;
+  current_row_id TEXT;
+BEGIN
+  audit_user := NULLIF(current_setting(${contextLiteral}, true), '');${readWorkspace}
+  row_id_column := COALESCE(NULLIF(TG_ARGV[0], ''), ${quoteLiteral(DEFAULT_ROW_ID_COLUMN)});
+  IF TG_OP = 'DELETE' THEN
+    current_row := to_jsonb(OLD);
+  ELSE
+    current_row := to_jsonb(NEW);
+  END IF;
+  IF NOT (current_row ? row_id_column) THEN
+    RAISE EXCEPTION 'Missing row id column "%" on audited table %.%.',
+      row_id_column,
+      TG_TABLE_SCHEMA,
+      TG_TABLE_NAME;
+  END IF;
+  current_row_id := current_row ->> row_id_column;
+  IF TG_OP = 'INSERT' THEN
+    INSERT INTO ${qualifiedAuditTable} (${insertColsInsert})
+    VALUES (${valuesInsert});
+    RETURN NEW;
+  END IF;
+  IF TG_OP = 'UPDATE' THEN
+    INSERT INTO ${qualifiedAuditTable} (${insertColsUpdate})
+    VALUES (${valuesUpdate});
+    RETURN NEW;
+  END IF;
+  INSERT INTO ${qualifiedAuditTable} (${insertColsDelete})
+  VALUES (${valuesDelete});
+  RETURN OLD;
+END;
+$$ LANGUAGE plpgsql;`.trim();
+}
+export function createAuditInstallSql(options = {}) {
+    const auditSchema = assertNonEmpty(options.auditSchema ?? DEFAULT_AUDIT_SCHEMA, "auditSchema");
+    const auditTable = assertNonEmpty(options.auditTable ?? DEFAULT_AUDIT_TABLE, "auditTable");
+    const contextKey = assertNonEmpty(options.contextKey ?? DEFAULT_CONTEXT_KEY, "contextKey");
+    const triggerFunctionName = assertNonEmpty(options.triggerFunctionName ?? DEFAULT_TRIGGER_FUNCTION, "triggerFunctionName");
+    const workspaceIdColumn = options.workspaceIdColumn?.trim();
+    const qualifiedAuditTable = qualifyName(auditTable, auditSchema);
+    const qualifiedTriggerFunction = qualifyName(triggerFunctionName, auditSchema);
+    const contextLiteral = quoteLiteral(contextKey);
+    const tableColumns = [
+        "id BIGSERIAL PRIMARY KEY",
+        "table_name TEXT NOT NULL",
+        "operation TEXT NOT NULL CHECK (operation IN ('INSERT', 'UPDATE', 'DELETE'))",
+        "row_id TEXT",
+        "user_id TEXT",
+        ...(workspaceIdColumn ? [quoteIdent(workspaceIdColumn) + " TEXT"] : []),
+        "old_data JSONB",
+        "new_data JSONB",
+        "created_at TIMESTAMPTZ NOT NULL DEFAULT now()",
+    ];
+    const indexStatements = [
+        `CREATE INDEX IF NOT EXISTS ${quoteIdent(`${auditTable}_table_name_idx`)} ON ${qualifiedAuditTable} (table_name);`,
+        `CREATE INDEX IF NOT EXISTS ${quoteIdent(`${auditTable}_row_id_idx`)} ON ${qualifiedAuditTable} (row_id);`,
+        `CREATE INDEX IF NOT EXISTS ${quoteIdent(`${auditTable}_user_id_idx`)} ON ${qualifiedAuditTable} (user_id);`,
+        ...(workspaceIdColumn
+            ? [
+                `CREATE INDEX IF NOT EXISTS ${quoteIdent(`${auditTable}_${workspaceIdColumn}_idx`)} ON ${qualifiedAuditTable} (${quoteIdent(workspaceIdColumn)});`,
+            ]
+            : []),
+        `CREATE INDEX IF NOT EXISTS ${quoteIdent(`${auditTable}_created_at_idx`)} ON ${qualifiedAuditTable} (created_at DESC);`,
+    ];
+    return [
+        `CREATE SCHEMA IF NOT EXISTS ${quoteIdent(auditSchema)};`,
+        `
+CREATE TABLE IF NOT EXISTS ${qualifiedAuditTable} (
+  ${tableColumns.join(",\n  ")}
+);`.trim(),
+        ...indexStatements,
+        buildTriggerFunctionSql(qualifiedAuditTable, qualifiedTriggerFunction, contextLiteral, { workspaceIdColumn: workspaceIdColumn ?? undefined }),
+    ].join("\n\n");
+}
+export function createAttachAuditTriggerSql(target, options = {}) {
+    const table = assertNonEmpty(target.table, "table");
+    const schema = target.schema?.trim() || undefined;
+    const rowIdColumn = assertNonEmpty(target.rowIdColumn ?? DEFAULT_ROW_ID_COLUMN, "rowIdColumn");
+    const triggerName = assertNonEmpty(target.triggerName ?? `${table}_audit`, "triggerName");
+    const auditSchema = assertNonEmpty(options.auditSchema ?? DEFAULT_AUDIT_SCHEMA, "auditSchema");
+    const triggerFunctionName = assertNonEmpty(options.triggerFunctionName ?? DEFAULT_TRIGGER_FUNCTION, "triggerFunctionName");
+    const qualifiedTable = qualifyName(table, schema);
+    const qualifiedTriggerFunction = qualifyName(triggerFunctionName, auditSchema);
+    return `
+DROP TRIGGER IF EXISTS ${quoteIdent(triggerName)} ON ${qualifiedTable};
+CREATE TRIGGER ${quoteIdent(triggerName)}
+AFTER INSERT OR UPDATE OR DELETE
+ON ${qualifiedTable}
+FOR EACH ROW
+EXECUTE FUNCTION ${qualifiedTriggerFunction}(${quoteLiteral(rowIdColumn)});
+`.trim();
+}
+export function createAttachAuditTriggersSql(targets, options = {}) {
+    if (targets.length === 0) {
+        throw new Error("targets must contain at least one audited table");
+    }
+    return targets
+        .map((target) => createAttachAuditTriggerSql(target, options))
+        .join("\n\n");
+}
+/**
+ * Generates SQL to add the workspace column and replace the trigger function on an
+ * existing audit_logs table. Use in a new migration when adding workspace_id after
+ * the initial install. Options must match your install (auditSchema, auditTable,
+ * triggerFunctionName, contextKey, workspaceIdColumn).
+ */
+export function createAuditAddWorkspaceColumnSql(options) {
+    const workspaceIdColumn = assertNonEmpty(options.workspaceIdColumn.trim(), "workspaceIdColumn");
+    const auditSchema = assertNonEmpty(options.auditSchema ?? DEFAULT_AUDIT_SCHEMA, "auditSchema");
+    const auditTable = assertNonEmpty(options.auditTable ?? DEFAULT_AUDIT_TABLE, "auditTable");
+    const contextKey = assertNonEmpty(options.contextKey ?? DEFAULT_CONTEXT_KEY, "contextKey");
+    const triggerFunctionName = assertNonEmpty(options.triggerFunctionName ?? DEFAULT_TRIGGER_FUNCTION, "triggerFunctionName");
+    const qualifiedAuditTable = qualifyName(auditTable, auditSchema);
+    const qualifiedTriggerFunction = qualifyName(triggerFunctionName, auditSchema);
+    const contextLiteral = quoteLiteral(contextKey);
+    return [
+        `ALTER TABLE ${qualifiedAuditTable} ADD COLUMN IF NOT EXISTS ${quoteIdent(workspaceIdColumn)} TEXT;`,
+        `CREATE INDEX IF NOT EXISTS ${quoteIdent(`${auditTable}_${workspaceIdColumn}_idx`)} ON ${qualifiedAuditTable} (${quoteIdent(workspaceIdColumn)});`,
+        buildTriggerFunctionSql(qualifiedAuditTable, qualifiedTriggerFunction, contextLiteral, {
+            workspaceIdColumn,
+        }),
+    ].join("\n\n");
+}

package/dist/src/postgres/types.d.ts ADDED Viewed

@@ -0,0 +1,22 @@
+import type { SQL } from "drizzle-orm";
+export type AuditSqlExecutor = {
+    execute: (query: SQL) => Promise<unknown>;
+};
+export type AuditTransactionCapable<TTransaction extends AuditSqlExecutor> = {
+    transaction: <TResult>(callback: (tx: TTransaction) => Promise<TResult>) => Promise<TResult>;
+};
+export type AuditInstallOptions = {
+    auditSchema?: string;
+    auditTable?: string;
+    contextKey?: string;
+    triggerFunctionName?: string;
+    /** When set (e.g. "workspace_id"), the audit table and trigger include this column; trigger reads from session variable app.${workspaceIdColumn}. */
+    workspaceIdColumn?: string;
+};
+export type AuditTriggerTarget = {
+    table: string;
+    schema?: string;
+    rowIdColumn?: string;
+    triggerName?: string;
+};
+//# sourceMappingURL=types.d.ts.map

package/dist/src/postgres/types.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/postgres/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,aAAa,CAAA;AAEtC,MAAM,MAAM,gBAAgB,GAAG;IAC7B,OAAO,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,OAAO,CAAC,OAAO,CAAC,CAAA;CAC1C,CAAA;AAED,MAAM,MAAM,uBAAuB,CAAC,YAAY,SAAS,gBAAgB,IAAI;IAC3E,WAAW,EAAE,CAAC,OAAO,EACnB,QAAQ,EAAE,CAAC,EAAE,EAAE,YAAY,KAAK,OAAO,CAAC,OAAO,CAAC,KAC7C,OAAO,CAAC,OAAO,CAAC,CAAA;CACtB,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,qJAAqJ;IACrJ,iBAAiB,CAAC,EAAE,MAAM,CAAA;CAC3B,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB,CAAA"}

package/dist/src/postgres/types.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ export {};

package/dist/test/d1-runtime.integration.test.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=d1-runtime.integration.test.d.ts.map

package/dist/test/d1-runtime.integration.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"d1-runtime.integration.test.d.ts","sourceRoot":"","sources":["../../test/d1-runtime.integration.test.ts"],"names":[],"mappings":""}