@willyim/drizzle-audit 0.3.0 → 0.4.0

package/README.md

@@ -43,7 +43,7 @@ await withAuditedTransaction(db, currentUser.id, async (tx) => {
 
 Postgres triggers capture full row snapshots (`old_data`/`new_data` as JSONB) automatically.
 
-### D1/SQLite — App-Level Wrapper (recommended)
+### D1/SQLite — App-Level Wrapper
 
 For D1 and SQLite, the `withAudit` wrapper is the simplest approach. No triggers, no context tables — it intercepts operations in your JS code where you already have the user session.
 
@@ -69,15 +69,17 @@ export const auditLogs = d1AuditLogTable()
 // 3. Use in your app (e.g. React Router action)
 const audit = withAudit(db, auditLogs, { userId: session.userId })
 
-audit.insert(users, { id: "u1", name: "Ada" })
-audit.update(users, eq(users.id, "u1"), { name: "Ada Lovelace" })
-audit.delete(users, eq(users.id, "u1"))
+await audit.insert(users, { id: "u1", name: "Ada" })
+await audit.update(users, eq(users.id, "u1"), { name: "Ada Lovelace" })
+await audit.delete(users, eq(users.id, "u1"))
 
 // Non-audited access is still available
 audit.db.select().from(users).all()
 ```
 
-The wrapper auto-detects primary keys from your Drizzle table schema, captures old/new row data, and runs each operation + audit log insert in a transaction.
+The wrapper auto-detects primary keys from your Drizzle table schema and captures old/new row data. All methods return Promises and must be awaited.
+
+> **Note:** Each operation runs the data write and audit log insert as sequential statements with no transaction wrapper. This is required for D1 compatibility (D1 does not support `BEGIN`/`COMMIT` over the prepared-statement API). In the unlikely event of a failure between the two writes, one may succeed without the other. If you need atomic auditing, use the trigger-based approach instead (see below).
 
 ### D1/SQLite — Triggers
 
@@ -204,6 +206,12 @@ export function createAuditSql() {
 | `setAuditContext(db, actorId, contextKey?, options?)` | Set actor context in current transaction |
 | `withAuditedTransaction(db, actorId, callback, contextKey?, options?)` | Transaction wrapper with actor context |
 
+### `@willyim/drizzle-audit`
+
+| Export | Description |
+|---|---|
+| `computeDiff(operation, oldData, newData, options?)` | Compute field-by-field diff from old/new row data |
+
 ### `@willyim/drizzle-audit/d1`
 
 | Export | Description |
@@ -231,6 +239,43 @@ export function createAuditSql() {
 - `.delete(table, where)` — Fetch old rows, delete, audit log (per row)
 - `.db` — Raw Drizzle instance for non-audited operations
 
+## Computing Diffs
+
+The `computeDiff` utility produces field-by-field diffs from the `old_data`/`new_data` captured by audit triggers. It works with any operation type and requires no Drizzle dependency.
+
+```ts
+import { computeDiff } from "@willyim/drizzle-audit"
+
+const result = computeDiff(
+  "UPDATE",
+  { id: "u1", name: "Ada", email: "ada@example.com" },
+  { id: "u1", name: "Ada Lovelace", email: "ada@example.com" },
+)
+// {
+//   operation: "UPDATE",
+//   changes: [{ field: "name", old: "Ada", new: "Ada Lovelace" }]
+// }
+```
+
+For INSERT operations, pass `null` as `oldData` — all fields appear as additions. For DELETE, pass `null` as `newData` — all fields appear as removals.
+
+```ts
+// INSERT — every field is new
+computeDiff("INSERT", null, { id: "u1", name: "Ada" })
+
+// DELETE — every field is removed
+computeDiff("DELETE", { id: "u1", name: "Ada" }, null)
+```
+
+By default, `updated_at` and `created_at` fields are excluded. Override with `ignoreFields`:
+
+```ts
+computeDiff("UPDATE", oldData, newData, { ignoreFields: [] }) // include all fields
+computeDiff("UPDATE", oldData, newData, { ignoreFields: ["internal_note"] })
+```
+
+Nested objects are compared using deep equality. Fields are returned sorted alphabetically.
+
 ## Audit Log Schema
 
 ### Postgres

package/dist/src/d1-runtime/with-audit.d.ts

@@ -22,33 +22,36 @@ export type DrizzleSQLiteDb = {
     update: (table: any) => any;
     delete: (table: any) => any;
     select: (fields?: any) => any;
-    transaction: (cb: (tx: any) => any) => any;
 };
 export type AuditedDb<TDb extends DrizzleSQLiteDb> = {
     /**
      * Insert a row and log an INSERT audit event.
      * Returns the inserted row.
      */
-    insert: <T extends SQLiteTable>(table: T, data: InferInsertModel<T>) => InferSelectModel<T>;
+    insert: <T extends SQLiteTable>(table: T, data: InferInsertModel<T>) => Promise<InferSelectModel<T>>;
     /**
      * Update rows matching `where` and log an UPDATE audit event for each affected row.
      * Captures old_data (before) and new_data (after).
      * Returns the updated rows.
      */
-    update: <T extends SQLiteTable>(table: T, where: SQL, data: Partial<InferInsertModel<T>>) => InferSelectModel<T>[];
+    update: <T extends SQLiteTable>(table: T, where: SQL, data: Partial<InferInsertModel<T>>) => Promise<InferSelectModel<T>[]>;
     /**
      * Delete rows matching `where` and log a DELETE audit event for each affected row.
      * Captures old_data.
      * Returns the deleted rows.
      */
-    delete: <T extends SQLiteTable>(table: T, where: SQL) => InferSelectModel<T>[];
+    delete: <T extends SQLiteTable>(table: T, where: SQL) => Promise<InferSelectModel<T>[]>;
     /** Access the underlying db for non-audited operations. */
     db: TDb;
 };
 /**
  * Creates an audited wrapper around a Drizzle SQLite database.
- * Each insert/update/delete is wrapped in a transaction that atomically
- * writes to both the target table and the audit_logs table.
+ * Each insert/update/delete runs the data write and audit log insert sequentially
+ * as individual statements (no transaction). This works with both D1 (async) and
+ * better-sqlite3 (sync), but writes are best-effort: a failure between the data
+ * write and the audit insert can leave one without the other.
+ *
+ * For atomic auditing on D1, use the trigger-based approach from `@willyim/drizzle-audit/d1`.
  *
  * @param db - A Drizzle SQLite database instance (D1, better-sqlite3, libsql)
  * @param auditTable - The Drizzle table definition for audit_logs
@@ -62,13 +65,13 @@ export type AuditedDb<TDb extends DrizzleSQLiteDb> = {
  * const audited = withAudit(db, auditLogs, { userId: session.userId })
  *
  * // Audited insert
- * audited.insert(users, { id: "u1", name: "Ada" })
+ * await audited.insert(users, { id: "u1", name: "Ada" })
  *
  * // Audited update — captures old + new data
- * audited.update(users, eq(users.id, "u1"), { name: "Ada Lovelace" })
+ * await audited.update(users, eq(users.id, "u1"), { name: "Ada Lovelace" })
  *
  * // Audited delete — captures deleted data
- * audited.delete(users, eq(users.id, "u1"))
+ * await audited.delete(users, eq(users.id, "u1"))
  *
  * // Non-audited access
  * audited.db.select().from(users).all()

package/dist/src/d1-runtime/with-audit.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"with-audit.d.ts","sourceRoot":"","sources":["../../../src/d1-runtime/with-audit.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EACrB,KAAK,GAAG,EACT,MAAM,aAAa,CAAA;AACpB,OAAO,KAAK,EAAgB,WAAW,EAAE,MAAM,yBAAyB,CAAA;AAIxE,MAAM,MAAM,YAAY,GAAG;IACzB,MAAM,EAAE,MAAM,CAAA;IACd,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;IACjB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB,CAAA;AAED;;;GAGG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B,MAAM,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,GAAG,CAAA;IAC3B,MAAM,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,GAAG,CAAA;IAC3B,MAAM,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,GAAG,CAAA;IAC3B,MAAM,EAAE,CAAC,MAAM,CAAC,EAAE,GAAG,KAAK,GAAG,CAAA;IAC7B,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,GAAG,KAAK,GAAG,KAAK,GAAG,CAAA;CAC3C,CAAA;AAgBD,MAAM,MAAM,SAAS,CAAC,GAAG,SAAS,eAAe,IAAI;IACnD;;;OAGG;IACH,MAAM,EAAE,CAAC,CAAC,SAAS,WAAW,EAC5B,KAAK,EAAE,CAAC,EACR,IAAI,EAAE,gBAAgB,CAAC,CAAC,CAAC,KACtB,gBAAgB,CAAC,CAAC,CAAC,CAAA;IAExB;;;;OAIG;IACH,MAAM,EAAE,CAAC,CAAC,SAAS,WAAW,EAC5B,KAAK,EAAE,CAAC,EACR,KAAK,EAAE,GAAG,EACV,IAAI,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,KAC/B,gBAAgB,CAAC,CAAC,CAAC,EAAE,CAAA;IAE1B;;;;OAIG;IACH,MAAM,EAAE,CAAC,CAAC,SAAS,WAAW,EAC5B,KAAK,EAAE,CAAC,EACR,KAAK,EAAE,GAAG,KACP,gBAAgB,CAAC,CAAC,CAAC,EAAE,CAAA;IAE1B,2DAA2D;IAC3D,EAAE,EAAE,GAAG,CAAA;CACR,CAAA;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2BG;AACH,wBAAgB,SAAS,CAAC,GAAG,SAAS,eAAe,EACnD,EAAE,EAAE,GAAG,EACP,UAAU,EAAE,WAAW,EACvB,OAAO,EAAE,YAAY,GACpB,SAAS,CAAC,GAAG,CAAC,CAoHhB"}
+{"version":3,"file":"with-audit.d.ts","sourceRoot":"","sources":["../../../src/d1-runtime/with-audit.ts"],"names":[],"mappings":"AAAA,OAAO,EAGL,KAAK,gBAAgB,EACrB,KAAK,gBAAgB,EACrB,KAAK,GAAG,EACT,MAAM,aAAa,CAAA;AACpB,OAAO,KAAK,EAAgB,WAAW,EAAE,MAAM,yBAAyB,CAAA;AAIxE,MAAM,MAAM,YAAY,GAAG;IACzB,MAAM,EAAE,MAAM,CAAA;IACd,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC,UAAU,EAAE,MAAM,CAAA;IAClB,SAAS,EAAE,MAAM,CAAA;IACjB,MAAM,EAAE,MAAM,GAAG,IAAI,CAAA;IACrB,OAAO,EAAE,MAAM,CAAA;IACf,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAA;IACvB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAA;CACvB,CAAA;AAED;;;GAGG;AACH,MAAM,MAAM,eAAe,GAAG;IAC5B,MAAM,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,GAAG,CAAA;IAC3B,MAAM,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,GAAG,CAAA;IAC3B,MAAM,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,GAAG,CAAA;IAC3B,MAAM,EAAE,CAAC,MAAM,CAAC,EAAE,GAAG,KAAK,GAAG,CAAA;CAC9B,CAAA;AAgBD,MAAM,MAAM,SAAS,CAAC,GAAG,SAAS,eAAe,IAAI;IACnD;;;OAGG;IACH,MAAM,EAAE,CAAC,CAAC,SAAS,WAAW,EAC5B,KAAK,EAAE,CAAC,EACR,IAAI,EAAE,gBAAgB,CAAC,CAAC,CAAC,KACtB,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAA;IAEjC;;;;OAIG;IACH,MAAM,EAAE,CAAC,CAAC,SAAS,WAAW,EAC5B,KAAK,EAAE,CAAC,EACR,KAAK,EAAE,GAAG,EACV,IAAI,EAAE,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,CAAC,KAC/B,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,CAAC,CAAA;IAEnC;;;;OAIG;IACH,MAAM,EAAE,CAAC,CAAC,SAAS,WAAW,EAC5B,KAAK,EAAE,CAAC,EACR,KAAK,EAAE,GAAG,KACP,OAAO,CAAC,gBAAgB,CAAC,CAAC,CAAC,EAAE,CAAC,CAAA;IAEnC,2DAA2D;IAC3D,EAAE,EAAE,GAAG,CAAA;CACR,CAAA;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,wBAAgB,SAAS,CAAC,GAAG,SAAS,eAAe,EACnD,EAAE,EAAE,GAAG,EACP,UAAU,EAAE,WAAW,EACvB,OAAO,EAAE,YAAY,GACpB,SAAS,CAAC,GAAG,CAAC,CA8FhB"}

package/dist/src/d1-runtime/with-audit.js

@@ -12,8 +12,12 @@ function getRowId(row, pk) {
 }
 /**
  * Creates an audited wrapper around a Drizzle SQLite database.
- * Each insert/update/delete is wrapped in a transaction that atomically
- * writes to both the target table and the audit_logs table.
+ * Each insert/update/delete runs the data write and audit log insert sequentially
+ * as individual statements (no transaction). This works with both D1 (async) and
+ * better-sqlite3 (sync), but writes are best-effort: a failure between the data
+ * write and the audit insert can leave one without the other.
+ *
+ * For atomic auditing on D1, use the trigger-based approach from `@willyim/drizzle-audit/d1`.
  *
  * @param db - A Drizzle SQLite database instance (D1, better-sqlite3, libsql)
  * @param auditTable - The Drizzle table definition for audit_logs
@@ -27,13 +31,13 @@ function getRowId(row, pk) {
  * const audited = withAudit(db, auditLogs, { userId: session.userId })
  *
  * // Audited insert
- * audited.insert(users, { id: "u1", name: "Ada" })
+ * await audited.insert(users, { id: "u1", name: "Ada" })
  *
  * // Audited update — captures old + new data
- * audited.update(users, eq(users.id, "u1"), { name: "Ada Lovelace" })
+ * await audited.update(users, eq(users.id, "u1"), { name: "Ada Lovelace" })
  *
  * // Audited delete — captures deleted data
- * audited.delete(users, eq(users.id, "u1"))
+ * await audited.delete(users, eq(users.id, "u1"))
  *
  * // Non-audited access
  * audited.db.select().from(users).all()
@@ -69,62 +73,46 @@ export function withAudit(db, auditTable, context) {
     }
     return {
         db,
-        insert(table, data) {
+        async insert(table, data) {
             const tableName = getTableName(table);
             const pk = getPrimaryKeyColumn(table);
-            return db.transaction((tx) => {
-                const [row] = tx.insert(table).values(data).returning().all();
-                const rowId = getRowId(row, pk);
-                tx.insert(auditTable)
-                    .values(buildAuditRow(tableName, "INSERT", rowId, null, row))
-                    .run();
-                return row;
-            });
+            const [row] = await db.insert(table).values(data).returning().all();
+            const rowId = getRowId(row, pk);
+            await db
+                .insert(auditTable)
+                .values(buildAuditRow(tableName, "INSERT", rowId, null, row))
+                .run();
+            return row;
         },
-        update(table, where, data) {
+        async update(table, where, data) {
             const tableName = getTableName(table);
             const pk = getPrimaryKeyColumn(table);
-            return db.transaction((tx) => {
-                const oldRows = tx
-                    .select()
-                    .from(table)
-                    .where(where)
-                    .all();
-                const newRows = tx
-                    .update(table)
-                    .set(data)
-                    .where(where)
-                    .returning()
-                    .all();
-                for (let i = 0; i < newRows.length; i++) {
-                    const oldRow = oldRows[i] ?? null;
-                    const newRow = newRows[i];
-                    const rowId = getRowId(newRow, pk);
-                    tx.insert(auditTable)
-                        .values(buildAuditRow(tableName, "UPDATE", rowId, oldRow, newRow))
-                        .run();
-                }
-                return newRows;
-            });
+            const oldRows = await db.select().from(table).where(where).all();
+            const newRows = await db.update(table).set(data).where(where).returning().all();
+            for (let i = 0; i < newRows.length; i++) {
+                const oldRow = oldRows[i] ?? null;
+                const newRow = newRows[i];
+                const rowId = getRowId(newRow, pk);
+                await db
+                    .insert(auditTable)
+                    .values(buildAuditRow(tableName, "UPDATE", rowId, oldRow, newRow))
+                    .run();
+            }
+            return newRows;
         },
-        delete(table, where) {
+        async delete(table, where) {
             const tableName = getTableName(table);
             const pk = getPrimaryKeyColumn(table);
-            return db.transaction((tx) => {
-                const oldRows = tx
-                    .select()
-                    .from(table)
-                    .where(where)
-                    .all();
-                tx.delete(table).where(where).run();
-                for (const oldRow of oldRows) {
-                    const rowId = getRowId(oldRow, pk);
-                    tx.insert(auditTable)
-                        .values(buildAuditRow(tableName, "DELETE", rowId, oldRow, null))
-                        .run();
-                }
-                return oldRows;
-            });
+            const oldRows = await db.select().from(table).where(where).all();
+            await db.delete(table).where(where).run();
+            for (const oldRow of oldRows) {
+                const rowId = getRowId(oldRow, pk);
+                await db
+                    .insert(auditTable)
+                    .values(buildAuditRow(tableName, "DELETE", rowId, oldRow, null))
+                    .run();
+            }
+            return oldRows;
         },
     };
 }

package/dist/src/postgres/audit-log-schema.d.ts

@@ -20,7 +20,6 @@ export declare function pgAuditLogTable(options?: PgAuditLogTableOptions): impor
             enumValues: undefined;
             identity: undefined;
             generated: undefined;
-            insertType: unknown;
         }>;
         new_data: import("drizzle-orm/pg-core").PgBuildColumn<"audit_logs", import("drizzle-orm/pg-core").PgJsonbBuilder, {
             name: string;
@@ -36,7 +35,6 @@ export declare function pgAuditLogTable(options?: PgAuditLogTableOptions): impor
             enumValues: undefined;
             identity: undefined;
             generated: undefined;
-            insertType: unknown;
         }>;
         created_at: import("drizzle-orm/pg-core").PgBuildColumn<"audit_logs", import("drizzle-orm/pg-core").SetNotNull<import("drizzle-orm/pg-core").SetHasDefault<import("drizzle-orm/pg-core").PgTimestampBuilder>>, {
             name: string;
@@ -52,7 +50,6 @@ export declare function pgAuditLogTable(options?: PgAuditLogTableOptions): impor
             enumValues: undefined;
             identity: undefined;
             generated: undefined;
-            insertType: Date | undefined;
         }>;
         id: import("drizzle-orm/pg-core").PgBuildColumn<"audit_logs", import("drizzle-orm/pg-core").SetIsPrimaryKey<import("drizzle-orm/pg-core").PgBigSerial53Builder>, {
             name: string;
@@ -68,9 +65,8 @@ export declare function pgAuditLogTable(options?: PgAuditLogTableOptions): impor
             enumValues: undefined;
             identity: undefined;
             generated: undefined;
-            insertType: number | undefined;
         }>;
-        table_name: import("drizzle-orm/pg-core").PgBuildColumn<"audit_logs", import("drizzle-orm/pg-core").SetNotNull<import("drizzle-orm/pg-core").PgTextBuilder<undefined>>, {
+        table_name: import("drizzle-orm/pg-core").PgBuildColumn<"audit_logs", import("drizzle-orm/pg-core").SetNotNull<import("drizzle-orm/pg-core").PgTextBuilder<[string, ...string[]]>>, {
             name: string;
             tableName: "audit_logs";
             dataType: "string";
@@ -84,9 +80,8 @@ export declare function pgAuditLogTable(options?: PgAuditLogTableOptions): impor
             enumValues: undefined;
             identity: undefined;
             generated: undefined;
-            insertType: string;
         }>;
-        operation: import("drizzle-orm/pg-core").PgBuildColumn<"audit_logs", import("drizzle-orm/pg-core").SetNotNull<import("drizzle-orm/pg-core").PgTextBuilder<undefined>>, {
+        operation: import("drizzle-orm/pg-core").PgBuildColumn<"audit_logs", import("drizzle-orm/pg-core").SetNotNull<import("drizzle-orm/pg-core").PgTextBuilder<[string, ...string[]]>>, {
             name: string;
             tableName: "audit_logs";
             dataType: "string";
@@ -100,9 +95,8 @@ export declare function pgAuditLogTable(options?: PgAuditLogTableOptions): impor
             enumValues: undefined;
             identity: undefined;
             generated: undefined;
-            insertType: string;
         }>;
-        row_id: import("drizzle-orm/pg-core").PgBuildColumn<"audit_logs", import("drizzle-orm/pg-core").PgTextBuilder<undefined>, {
+        row_id: import("drizzle-orm/pg-core").PgBuildColumn<"audit_logs", import("drizzle-orm/pg-core").PgTextBuilder<[string, ...string[]]>, {
             name: string;
             tableName: "audit_logs";
             dataType: "string";
@@ -116,9 +110,8 @@ export declare function pgAuditLogTable(options?: PgAuditLogTableOptions): impor
             enumValues: undefined;
             identity: undefined;
             generated: undefined;
-            insertType: string | null | undefined;
         }>;
-        user_id: import("drizzle-orm/pg-core").PgBuildColumn<"audit_logs", import("drizzle-orm/pg-core").PgTextBuilder<undefined>, {
+        user_id: import("drizzle-orm/pg-core").PgBuildColumn<"audit_logs", import("drizzle-orm/pg-core").PgTextBuilder<[string, ...string[]]>, {
             name: string;
             tableName: "audit_logs";
             dataType: "string";
@@ -132,7 +125,6 @@ export declare function pgAuditLogTable(options?: PgAuditLogTableOptions): impor
             enumValues: undefined;
             identity: undefined;
             generated: undefined;
-            insertType: string | null | undefined;
         }>;
     };
     dialect: "pg";

package/dist/src/postgres/audit-log-schema.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"audit-log-schema.d.ts","sourceRoot":"","sources":["../../../src/postgres/audit-log-schema.ts"],"names":[],"mappings":"AASA,MAAM,MAAM,sBAAsB,GAAG;IACnC,+GAA+G;IAC/G,iBAAiB,CAAC,EAAE,MAAM,CAAA;CAC3B,CAAA;AAED,wBAAgB,eAAe,CAAC,OAAO,CAAC,EAAE,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2B/D"}
+{"version":3,"file":"audit-log-schema.d.ts","sourceRoot":"","sources":["../../../src/postgres/audit-log-schema.ts"],"names":[],"mappings":"AASA,MAAM,MAAM,sBAAsB,GAAG;IACnC,+GAA+G;IAC/G,iBAAiB,CAAC,EAAE,MAAM,CAAA;CAC3B,CAAA;AAED,wBAAgB,eAAe,CAAC,OAAO,CAAC,EAAE,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2B/D"}

package/dist/test/d1-async.integration.test.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Integration tests for withAudit against a real async D1 driver (miniflare v4).
+ *
+ * These tests exercise the actual failure mode described in issue #29:
+ *   - drizzle-orm/d1 .all()/.run() return Promises, not plain values.
+ *   - drizzle-orm/d1 db.transaction() issues a raw BEGIN which D1 rejects.
+ *
+ * All tests here FAIL on the current sync implementation and must PASS after the fix.
+ *
+ * The existing sqlite.integration.test.ts covers the better-sqlite3 (sync) path.
+ */
+export {};
+//# sourceMappingURL=d1-async.integration.test.d.ts.map

package/dist/test/d1-async.integration.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"d1-async.integration.test.d.ts","sourceRoot":"","sources":["../../test/d1-async.integration.test.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG"}

package/dist/test/d1-async.integration.test.js

@@ -0,0 +1,159 @@
+/**
+ * Integration tests for withAudit against a real async D1 driver (miniflare v4).
+ *
+ * These tests exercise the actual failure mode described in issue #29:
+ *   - drizzle-orm/d1 .all()/.run() return Promises, not plain values.
+ *   - drizzle-orm/d1 db.transaction() issues a raw BEGIN which D1 rejects.
+ *
+ * All tests here FAIL on the current sync implementation and must PASS after the fix.
+ *
+ * The existing sqlite.integration.test.ts covers the better-sqlite3 (sync) path.
+ */
+import assert from "node:assert/strict";
+import { after, before, test } from "node:test";
+import { asc, eq, isNull } from "drizzle-orm";
+import { drizzle } from "drizzle-orm/d1";
+import { integer, sqliteTable, text } from "drizzle-orm/sqlite-core";
+import { Miniflare } from "miniflare";
+import { d1AuditLogTable } from "../src/d1/index.js";
+import { withAudit } from "../src/d1-runtime/index.js";
+const users = sqliteTable("users", {
+    id: text("id").primaryKey(),
+    name: text("name").notNull(),
+    email: text("email"),
+});
+const invoices = sqliteTable("invoices", {
+    invoice_id: text("invoice_id").primaryKey(),
+    amount: integer("amount").notNull(),
+    status: text("status").notNull().default("pending"),
+});
+const auditLogs = d1AuditLogTable();
+let mf;
+before(async () => {
+    mf = new Miniflare({
+        modules: true,
+        script: `export default { fetch() { return new Response("ok") } }`,
+        d1Databases: { DB: "drizzle-audit-test" },
+    });
+});
+after(async () => {
+    await mf.dispose();
+});
+async function setupDb() {
+    const d1 = await mf.getD1Database("DB");
+    // D1 exec() treats each newline as a statement separator — use prepare().run() for DDL
+    for (const sql of [
+        "DROP TABLE IF EXISTS audit_logs",
+        "DROP TABLE IF EXISTS users",
+        "DROP TABLE IF EXISTS invoices",
+        "CREATE TABLE audit_logs (id INTEGER PRIMARY KEY AUTOINCREMENT, table_name TEXT NOT NULL, operation TEXT NOT NULL, row_id TEXT, user_id TEXT, old_data TEXT, new_data TEXT, created_at TEXT NOT NULL DEFAULT (datetime('now')))",
+        "CREATE TABLE users (id TEXT PRIMARY KEY, name TEXT NOT NULL, email TEXT)",
+        "CREATE TABLE invoices (invoice_id TEXT PRIMARY KEY, amount INTEGER NOT NULL, status TEXT NOT NULL DEFAULT 'pending')",
+    ]) {
+        await d1.prepare(sql).run();
+    }
+    return drizzle(d1, { schema: { auditLogs, users, invoices } });
+}
+test("withAudit insert logs audit row with new_data (real D1)", async () => {
+    const db = await setupDb();
+    const audited = withAudit(db, auditLogs, { userId: "user_1" });
+    const row = await audited.insert(users, { id: "u1", name: "Ada", email: "ada@example.com" });
+    assert.equal(row.id, "u1");
+    assert.equal(row.name, "Ada");
+    const logs = await db.select().from(auditLogs).all();
+    assert.equal(logs.length, 1);
+    assert.equal(logs[0]?.table_name, "users");
+    assert.equal(logs[0]?.operation, "INSERT");
+    assert.equal(logs[0]?.row_id, "u1");
+    assert.equal(logs[0]?.user_id, "user_1");
+    assert.equal(logs[0]?.old_data, null);
+    assert.deepEqual(JSON.parse(logs[0]?.new_data), {
+        id: "u1",
+        name: "Ada",
+        email: "ada@example.com",
+    });
+});
+test("withAudit update captures old and new data (real D1)", async () => {
+    const db = await setupDb();
+    await db.insert(users).values({ id: "u1", name: "Ada", email: "ada@example.com" });
+    const audited = withAudit(db, auditLogs, { userId: "user_2" });
+    const rows = await audited.update(users, eq(users.id, "u1"), { name: "Ada Lovelace" });
+    assert.equal(rows.length, 1);
+    assert.equal(rows[0]?.name, "Ada Lovelace");
+    const logs = await db.select().from(auditLogs).all();
+    assert.equal(logs.length, 1);
+    assert.equal(logs[0]?.operation, "UPDATE");
+    assert.equal(logs[0]?.row_id, "u1");
+    assert.equal(logs[0]?.user_id, "user_2");
+    const oldData = JSON.parse(logs[0]?.old_data);
+    assert.equal(oldData.name, "Ada");
+    assert.equal(oldData.email, "ada@example.com");
+    const newData = JSON.parse(logs[0]?.new_data);
+    assert.equal(newData.name, "Ada Lovelace");
+    assert.equal(newData.email, "ada@example.com");
+});
+test("withAudit delete captures old data (real D1)", async () => {
+    const db = await setupDb();
+    await db.insert(users).values({ id: "u1", name: "Ada" });
+    const audited = withAudit(db, auditLogs, { userId: "user_3" });
+    const deleted = await audited.delete(users, eq(users.id, "u1"));
+    assert.equal(deleted.length, 1);
+    assert.equal(deleted[0]?.id, "u1");
+    const remaining = await db.select().from(users).all();
+    assert.equal(remaining.length, 0);
+    const logs = await db.select().from(auditLogs).all();
+    assert.equal(logs.length, 1);
+    assert.equal(logs[0]?.operation, "DELETE");
+    assert.equal(logs[0]?.row_id, "u1");
+    assert.equal(logs[0]?.user_id, "user_3");
+    assert.deepEqual(JSON.parse(logs[0]?.old_data), {
+        id: "u1",
+        name: "Ada",
+        email: null,
+    });
+    assert.equal(logs[0]?.new_data, null);
+});
+test("withAudit works with custom primary key column (real D1)", async () => {
+    const db = await setupDb();
+    const audited = withAudit(db, auditLogs, { userId: "user_1" });
+    await audited.insert(invoices, { invoice_id: "inv_1", amount: 100 });
+    await audited.update(invoices, eq(invoices.invoice_id, "inv_1"), { amount: 200 });
+    await audited.delete(invoices, eq(invoices.invoice_id, "inv_1"));
+    const logs = await db.select().from(auditLogs).orderBy(asc(auditLogs.id)).all();
+    assert.equal(logs.length, 3);
+    assert.equal(logs[0]?.table_name, "invoices");
+    assert.equal(logs[0]?.row_id, "inv_1");
+    assert.equal(logs[1]?.operation, "UPDATE");
+    assert.equal(logs[1]?.row_id, "inv_1");
+    assert.equal(JSON.parse(logs[1]?.old_data).amount, 100);
+    assert.equal(JSON.parse(logs[1]?.new_data).amount, 200);
+    assert.equal(logs[2]?.operation, "DELETE");
+    assert.equal(logs[2]?.row_id, "inv_1");
+});
+test("withAudit handles multi-row update (real D1)", async () => {
+    const db = await setupDb();
+    await db.insert(users).values([
+        { id: "u1", name: "Ada" },
+        { id: "u2", name: "Bob" },
+        { id: "u3", name: "Carol" },
+    ]);
+    const audited = withAudit(db, auditLogs, { userId: "admin" });
+    const rows = await audited.update(users, isNull(users.email), { email: "bulk@example.com" });
+    assert.equal(rows.length, 3);
+    const logs = await db.select().from(auditLogs).orderBy(asc(auditLogs.id)).all();
+    assert.equal(logs.length, 3);
+    for (const log of logs) {
+        assert.equal(log.operation, "UPDATE");
+        assert.equal(log.user_id, "admin");
+        assert.equal(JSON.parse(log.new_data).email, "bulk@example.com");
+    }
+});
+test("withAudit.db gives access to raw db for non-audited ops (real D1)", async () => {
+    const db = await setupDb();
+    const audited = withAudit(db, auditLogs, { userId: "user_1" });
+    await audited.db.insert(users).values({ id: "u1", name: "Ada" });
+    const logs = await db.select().from(auditLogs).all();
+    assert.equal(logs.length, 0);
+    const rows = await db.select().from(users).all();
+    assert.equal(rows.length, 1);
+});

package/dist/test/sqlite.integration.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=sqlite.integration.test.d.ts.map

package/dist/test/sqlite.integration.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sqlite.integration.test.d.ts","sourceRoot":"","sources":["../../test/sqlite.integration.test.ts"],"names":[],"mappings":""}

package/dist/test/{d1-runtime.integration.test.js → sqlite.integration.test.js}

@@ -3,7 +3,7 @@ import test from "node:test";
 import Database from "better-sqlite3";
 import { asc, eq, isNull } from "drizzle-orm";
 import { drizzle } from "drizzle-orm/better-sqlite3";
-import { sqliteTable, text, integer } from "drizzle-orm/sqlite-core";
+import { integer, sqliteTable, text } from "drizzle-orm/sqlite-core";
 import { d1AuditLogTable } from "../src/d1/index.js";
 import { withAudit } from "../src/d1-runtime/index.js";
 const users = sqliteTable("users", {
@@ -44,11 +44,11 @@ function setupDb() {
   `);
     return { db, sqlite };
 }
-test("withAudit insert logs audit row with new_data", () => {
+test("withAudit insert logs audit row with new_data", async () => {
     const { db, sqlite } = setupDb();
     try {
         const audited = withAudit(db, auditLogs, { userId: "user_1" });
-        const row = audited.insert(users, { id: "u1", name: "Ada", email: "ada@example.com" });
+        const row = await audited.insert(users, { id: "u1", name: "Ada", email: "ada@example.com" });
         assert.equal(row.id, "u1");
         assert.equal(row.name, "Ada");
         const logs = db.select().from(auditLogs).all();
@@ -68,13 +68,12 @@ test("withAudit insert logs audit row with new_data", () => {
         sqlite.close();
     }
 });
-test("withAudit update captures old and new data", () => {
+test("withAudit update captures old and new data", async () => {
     const { db, sqlite } = setupDb();
     try {
-        // Seed a row
         db.insert(users).values({ id: "u1", name: "Ada", email: "ada@example.com" }).run();
         const audited = withAudit(db, auditLogs, { userId: "user_2" });
-        const rows = audited.update(users, eq(users.id, "u1"), { name: "Ada Lovelace" });
+        const rows = await audited.update(users, eq(users.id, "u1"), { name: "Ada Lovelace" });
         assert.equal(rows.length, 1);
         assert.equal(rows[0]?.name, "Ada Lovelace");
         const logs = db.select().from(auditLogs).all();
@@ -93,18 +92,16 @@ test("withAudit update captures old and new data", () => {
         sqlite.close();
     }
 });
-test("withAudit delete captures old data", () => {
+test("withAudit delete captures old data", async () => {
     const { db, sqlite } = setupDb();
     try {
         db.insert(users).values({ id: "u1", name: "Ada" }).run();
         const audited = withAudit(db, auditLogs, { userId: "user_3" });
-        const deleted = audited.delete(users, eq(users.id, "u1"));
+        const deleted = await audited.delete(users, eq(users.id, "u1"));
         assert.equal(deleted.length, 1);
         assert.equal(deleted[0]?.id, "u1");
-        // Verify row is gone
         const remaining = db.select().from(users).all();
         assert.equal(remaining.length, 0);
-        // Verify audit log
         const logs = db.select().from(auditLogs).all();
         assert.equal(logs.length, 1);
         assert.equal(logs[0]?.operation, "DELETE");
@@ -121,13 +118,13 @@ test("withAudit delete captures old data", () => {
         sqlite.close();
     }
 });
-test("withAudit works with custom primary key column", () => {
+test("withAudit works with custom primary key column", async () => {
     const { db, sqlite } = setupDb();
     try {
         const audited = withAudit(db, auditLogs, { userId: "user_1" });
-        audited.insert(invoices, { invoice_id: "inv_1", amount: 100 });
-        audited.update(invoices, eq(invoices.invoice_id, "inv_1"), { amount: 200 });
-        audited.delete(invoices, eq(invoices.invoice_id, "inv_1"));
+        await audited.insert(invoices, { invoice_id: "inv_1", amount: 100 });
+        await audited.update(invoices, eq(invoices.invoice_id, "inv_1"), { amount: 200 });
+        await audited.delete(invoices, eq(invoices.invoice_id, "inv_1"));
         const logs = db.select().from(auditLogs).orderBy(asc(auditLogs.id)).all();
         assert.equal(logs.length, 3);
         assert.equal(logs[0]?.table_name, "invoices");
@@ -143,7 +140,7 @@ test("withAudit works with custom primary key column", () => {
         sqlite.close();
     }
 });
-test("withAudit handles multi-row update", () => {
+test("withAudit handles multi-row update", async () => {
     const { db, sqlite } = setupDb();
     try {
         db.insert(users).values([
@@ -152,23 +149,21 @@ test("withAudit handles multi-row update", () => {
             { id: "u3", name: "Carol" },
         ]).run();
         const audited = withAudit(db, auditLogs, { userId: "admin" });
-        // Update all users (no where = all rows, but let's use a broader condition)
-        const rows = audited.update(users, isNull(users.email), { email: "bulk@example.com" });
+        const rows = await audited.update(users, isNull(users.email), { email: "bulk@example.com" });
         assert.equal(rows.length, 3);
         const logs = db.select().from(auditLogs).orderBy(asc(auditLogs.id)).all();
         assert.equal(logs.length, 3);
         for (const log of logs) {
             assert.equal(log.operation, "UPDATE");
             assert.equal(log.user_id, "admin");
-            const newData = JSON.parse(log.new_data);
-            assert.equal(newData.email, "bulk@example.com");
+            assert.equal(JSON.parse(log.new_data).email, "bulk@example.com");
         }
     }
     finally {
         sqlite.close();
     }
 });
-test("withAudit with workspace_id", () => {
+test("withAudit with workspace_id", async () => {
     const sqlite = new Database(":memory:");
     const auditLogsWithWs = d1AuditLogTable({ workspaceIdColumn: "workspace_id" });
     const db = drizzle({ client: sqlite, schema: { auditLogs: auditLogsWithWs, users } });
@@ -195,7 +190,7 @@ test("withAudit with workspace_id", () => {
             userId: "user_1",
             workspaceId: "ws_1",
         });
-        audited.insert(users, { id: "u1", name: "Ada" });
+        await audited.insert(users, { id: "u1", name: "Ada" });
         const logs = db.select().from(auditLogsWithWs).all();
         assert.equal(logs.length, 1);
         assert.equal(logs[0]?.user_id, "user_1");
@@ -205,11 +200,10 @@ test("withAudit with workspace_id", () => {
         sqlite.close();
     }
 });
-test("withAudit.db gives access to raw db for non-audited ops", () => {
+test("withAudit.db gives access to raw db for non-audited ops", async () => {
     const { db, sqlite } = setupDb();
     try {
         const audited = withAudit(db, auditLogs, { userId: "user_1" });
-        // Direct insert — no audit
         audited.db.insert(users).values({ id: "u1", name: "Ada" }).run();
         const logs = db.select().from(auditLogs).all();
         assert.equal(logs.length, 0);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@willyim/drizzle-audit",
-  "version": "0.3.0",
+  "version": "0.4.0",
   "description": "Lightweight audit logging for Drizzle ORM using database triggers (Postgres + D1/SQLite)",
   "type": "module",
   "main": "./dist/src/index.js",
@@ -53,6 +53,7 @@
   "devDependencies": {
     "@types/node": "^22.19.7",
     "drizzle-orm": "^1.0.0-beta.15-859cf75",
+    "miniflare": "^4.20260410.0",
     "typescript": "^5.9.3"
   },
   "publishConfig": {

package/dist/test/d1-runtime.integration.test.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=d1-runtime.integration.test.d.ts.map

package/dist/test/d1-runtime.integration.test.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"d1-runtime.integration.test.d.ts","sourceRoot":"","sources":["../../test/d1-runtime.integration.test.ts"],"names":[],"mappings":""}

package/dist/test/postgres.integration.test.d.ts

@@ -1,2 +0,0 @@
-export {};
-//# sourceMappingURL=postgres.integration.test.d.ts.map

package/dist/test/postgres.integration.test.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"postgres.integration.test.d.ts","sourceRoot":"","sources":["../../test/postgres.integration.test.ts"],"names":[],"mappings":""}

package/dist/test/postgres.integration.test.js

@@ -1,286 +0,0 @@
-import assert from "node:assert/strict";
-import test from "node:test";
-import { PGlite } from "@electric-sql/pglite";
-import { asc, eq } from "drizzle-orm";
-import { drizzle } from "drizzle-orm/pglite";
-import { integer, pgTable, text } from "drizzle-orm/pg-core";
-import { createAttachAuditTriggersSql, createAuditInstallSql, pgAuditLogTable, withAuditedTransaction, } from "../src/postgres/index.js";
-const users = pgTable("users", {
-    id: text("id").primaryKey(),
-    name: text("name").notNull(),
-});
-const invoices = pgTable("invoices", {
-    invoice_id: text("invoice_id").primaryKey(),
-    amount: integer("amount").notNull(),
-});
-const auditLogs = pgAuditLogTable();
-test("postgres auditing works end to end", async () => {
-    const client = new PGlite();
-    const db = drizzle({
-        client,
-        schema: {
-            auditLogs,
-            users,
-            invoices,
-        },
-    });
-    try {
-        await client.exec(createAuditInstallSql());
-        await client.exec(`
-      CREATE TABLE users (
-        id TEXT PRIMARY KEY,
-        name TEXT NOT NULL
-      );
-
-      CREATE TABLE invoices (
-        invoice_id TEXT PRIMARY KEY,
-        amount INTEGER NOT NULL
-      );
-    `);
-        await client.exec(createAttachAuditTriggersSql([
-            { table: "users" },
-            { table: "invoices", rowIdColumn: "invoice_id" },
-        ]));
-        // Insert without audit context should succeed with user_id = NULL
-        await db.insert(users).values({ id: "user_0", name: "No Context" });
-        const existingUsers = await db.select().from(users);
-        assert.equal(existingUsers.length, 1);
-        const noContextLogs = await db.select().from(auditLogs).orderBy(asc(auditLogs.id));
-        assert.equal(noContextLogs.length, 1);
-        assert.equal(noContextLogs[0]?.user_id, null);
-        assert.equal(noContextLogs[0]?.table_name, "users");
-        assert.equal(noContextLogs[0]?.operation, "INSERT");
-        await withAuditedTransaction(db, "user_123", async (tx) => {
-            await tx.insert(users).values({ id: "user_1", name: "Ada" });
-            await tx
-                .update(users)
-                .set({ name: "Ada Lovelace" })
-                .where(eq(users.id, "user_1"));
-            await tx.insert(invoices).values({ invoice_id: "inv_1", amount: 42 });
-            await tx.delete(users).where(eq(users.id, "user_1"));
-        });
-        const logs = await db
-            .select()
-            .from(auditLogs)
-            .orderBy(asc(auditLogs.id));
-        assert.equal(logs.length, 5);
-        assert.equal(logs[1]?.table_name, "users");
-        assert.equal(logs[1]?.operation, "INSERT");
-        assert.equal(logs[1]?.row_id, "user_1");
-        assert.equal(logs[1]?.user_id, "user_123");
-        assert.deepEqual(logs[1]?.new_data, { id: "user_1", name: "Ada" });
-        assert.equal(logs[2]?.table_name, "users");
-        assert.equal(logs[2]?.operation, "UPDATE");
-        assert.equal(logs[2]?.row_id, "user_1");
-        assert.deepEqual(logs[2]?.old_data, { id: "user_1", name: "Ada" });
-        assert.deepEqual(logs[2]?.new_data, {
-            id: "user_1",
-            name: "Ada Lovelace",
-        });
-        assert.equal(logs[3]?.table_name, "invoices");
-        assert.equal(logs[3]?.operation, "INSERT");
-        assert.equal(logs[3]?.row_id, "inv_1");
-        assert.deepEqual(logs[3]?.new_data, {
-            invoice_id: "inv_1",
-            amount: 42,
-        });
-        assert.equal(logs[4]?.table_name, "users");
-        assert.equal(logs[4]?.operation, "DELETE");
-        assert.equal(logs[4]?.row_id, "user_1");
-        assert.deepEqual(logs[4]?.old_data, {
-            id: "user_1",
-            name: "Ada Lovelace",
-        });
-    }
-    finally {
-        await client.close();
-    }
-});
-test("migration SQL bundle installs and enforces audit context", async () => {
-    const client = new PGlite();
-    const db = drizzle({
-        client,
-        schema: {
-            auditLogs,
-            users,
-            invoices,
-        },
-    });
-    try {
-        await client.exec(`
-      CREATE TABLE users (
-        id TEXT PRIMARY KEY,
-        name TEXT NOT NULL
-      );
-
-      CREATE TABLE invoices (
-        invoice_id TEXT PRIMARY KEY,
-        amount INTEGER NOT NULL
-      );
-    `);
-        const migrationBundle = [
-            createAuditInstallSql(),
-            createAttachAuditTriggersSql([
-                { table: "users" },
-                { table: "invoices", rowIdColumn: "invoice_id" },
-            ]),
-        ].join("\n\n");
-        await client.exec(migrationBundle);
-        // Insert without audit context should succeed with user_id = NULL
-        await db.insert(users).values({ id: "u_no_ctx", name: "No Context" });
-        const noCtxLogs = await db.select().from(auditLogs);
-        assert.equal(noCtxLogs.length, 1);
-        assert.equal(noCtxLogs[0]?.user_id, null);
-        assert.equal(noCtxLogs[0]?.operation, "INSERT");
-        await withAuditedTransaction(db, "system:test", async (tx) => {
-            await tx.insert(users).values({ id: "u", name: "With Context" });
-        });
-        const logs = await db.select().from(auditLogs).orderBy(asc(auditLogs.id));
-        assert.equal(logs.length, 2);
-        assert.equal(logs[1]?.table_name, "users");
-        assert.equal(logs[1]?.operation, "INSERT");
-        assert.equal(logs[1]?.user_id, "system:test");
-    }
-    finally {
-        await client.close();
-    }
-});
-test("writes without audit context produce audit rows with user_id = NULL", async () => {
-    const client = new PGlite();
-    const db = drizzle({
-        client,
-        schema: {
-            auditLogs,
-            users,
-        },
-    });
-    try {
-        await client.exec(createAuditInstallSql());
-        await client.exec(`
-      CREATE TABLE users (
-        id TEXT PRIMARY KEY,
-        name TEXT NOT NULL
-      );
-    `);
-        await client.exec(createAttachAuditTriggersSql([{ table: "users" }]));
-        // INSERT without audit context
-        await db.insert(users).values({ id: "u1", name: "Alice" });
-        // UPDATE without audit context
-        await db.update(users).set({ name: "Alice Updated" }).where(eq(users.id, "u1"));
-        // DELETE without audit context
-        await db.delete(users).where(eq(users.id, "u1"));
-        const logs = await db.select().from(auditLogs).orderBy(asc(auditLogs.id));
-        assert.equal(logs.length, 3);
-        assert.equal(logs[0]?.operation, "INSERT");
-        assert.equal(logs[0]?.user_id, null);
-        assert.equal(logs[0]?.row_id, "u1");
-        assert.deepEqual(logs[0]?.new_data, { id: "u1", name: "Alice" });
-        assert.equal(logs[1]?.operation, "UPDATE");
-        assert.equal(logs[1]?.user_id, null);
-        assert.deepEqual(logs[1]?.old_data, { id: "u1", name: "Alice" });
-        assert.deepEqual(logs[1]?.new_data, { id: "u1", name: "Alice Updated" });
-        assert.equal(logs[2]?.operation, "DELETE");
-        assert.equal(logs[2]?.user_id, null);
-        assert.deepEqual(logs[2]?.old_data, { id: "u1", name: "Alice Updated" });
-    }
-    finally {
-        await client.close();
-    }
-});
-test("workspace_id column and context are stored when enabled", async () => {
-    const client = new PGlite();
-    const auditLogsWithWorkspace = pgAuditLogTable({ workspaceIdColumn: "workspace_id" });
-    const db = drizzle({
-        client,
-        schema: {
-            auditLogs: auditLogsWithWorkspace,
-            users,
-            invoices,
-        },
-    });
-    try {
-        await client.exec(createAuditInstallSql({ workspaceIdColumn: "workspace_id" }));
-        await client.exec(`
-      CREATE TABLE users (
-        id TEXT PRIMARY KEY,
-        name TEXT NOT NULL
-      );
-    `);
-        await client.exec(createAttachAuditTriggersSql([{ table: "users" }]));
-        await withAuditedTransaction(db, "user_1", async (tx) => {
-            await tx.insert(users).values({ id: "u1", name: "Alice" });
-        }, "app.user_id", { workspaceId: "ws_1" });
-        const logs = await db.select().from(auditLogsWithWorkspace);
-        assert.equal(logs.length, 1);
-        assert.equal(logs[0]?.user_id, "user_1");
-        assert.equal(logs[0].workspace_id, "ws_1");
-        await withAuditedTransaction(db, "user_2", async (tx) => {
-            await tx.insert(users).values({ id: "u2", name: "Bob" });
-        });
-        const logs2 = await db.select().from(auditLogsWithWorkspace).orderBy(asc(auditLogsWithWorkspace.id));
-        assert.equal(logs2.length, 2);
-        assert.equal(logs2[1]?.user_id, "user_2");
-        assert.equal(logs2[1].workspace_id, null);
-    }
-    finally {
-        await client.close();
-    }
-});
-test("custom workspace column name uses matching context key", async () => {
-    const client = new PGlite();
-    const auditLogsWithTenant = pgAuditLogTable({ workspaceIdColumn: "tenant_id" });
-    const db = drizzle({
-        client,
-        schema: {
-            auditLogs: auditLogsWithTenant,
-            users,
-        },
-    });
-    try {
-        await client.exec(createAuditInstallSql({ workspaceIdColumn: "tenant_id" }));
-        await client.exec(`
-      CREATE TABLE users (
-        id TEXT PRIMARY KEY,
-        name TEXT NOT NULL
-      );
-    `);
-        await client.exec(createAttachAuditTriggersSql([{ table: "users" }]));
-        // Use workspaceContextKey matching the trigger's "app.tenant_id"
-        await withAuditedTransaction(db, "user_1", async (tx) => {
-            await tx.insert(users).values({ id: "u1", name: "Alice" });
-        }, "app.user_id", { workspaceId: "tenant_abc", workspaceContextKey: "app.tenant_id" });
-        const logs = await db.select().from(auditLogsWithTenant);
-        assert.equal(logs.length, 1);
-        assert.equal(logs[0]?.user_id, "user_1");
-        assert.equal(logs[0].tenant_id, "tenant_abc");
-    }
-    finally {
-        await client.close();
-    }
-});
-test("custom context key for user_id works", async () => {
-    const client = new PGlite();
-    const db = drizzle({
-        client,
-        schema: { auditLogs, users },
-    });
-    try {
-        await client.exec(createAuditInstallSql({ contextKey: "myapp.actor" }));
-        await client.exec(`
-      CREATE TABLE users (
-        id TEXT PRIMARY KEY,
-        name TEXT NOT NULL
-      );
-    `);
-        await client.exec(createAttachAuditTriggersSql([{ table: "users" }], { contextKey: "myapp.actor" }));
-        await withAuditedTransaction(db, "custom_user", async (tx) => {
-            await tx.insert(users).values({ id: "u1", name: "Alice" });
-        }, "myapp.actor");
-        const logs = await db.select().from(auditLogs).orderBy(asc(auditLogs.id));
-        assert.equal(logs.length, 1);
-        assert.equal(logs[0]?.user_id, "custom_user");
-    }
-    finally {
-        await client.close();
-    }
-});