@willyim/drizzle-audit 0.3.0 → 0.5.0

package/dist/src/postgres/sql.js

@@ -21,46 +21,58 @@ function assertNonEmpty(value, label) {
     }
     return value;
 }
-function buildTriggerFunctionSql(qualifiedAuditTable, qualifiedTriggerFunction, contextLiteral, options) {
-    const workspaceIdColumn = options.workspaceIdColumn?.trim();
-    const hasWorkspace = Boolean(workspaceIdColumn);
-    const workspaceContextLiteral = hasWorkspace
-        ? quoteLiteral("app." + workspaceIdColumn)
-        : "";
-    const workspaceCol = hasWorkspace ? quoteIdent(workspaceIdColumn) : "";
-    const declWorkspace = hasWorkspace ? "\n  audit_workspace TEXT;" : "";
-    const readWorkspace = hasWorkspace
-        ? `\n  audit_workspace := NULLIF(current_setting(${workspaceContextLiteral}, true), '');`
-        : "";
+/**
+ * Normalizes the context columns from the install options, de-duplicating by
+ * column name and applying defaults for `sessionKey` / `index`.
+ */
+function normalizeContextColumns(options) {
+    const resolved = [];
+    const seen = new Set();
+    for (const entry of options.contextColumns ?? []) {
+        const column = entry.column?.trim();
+        if (!column) {
+            throw new Error("contextColumns[].column must not be empty");
+        }
+        if (seen.has(column)) {
+            continue;
+        }
+        seen.add(column);
+        resolved.push({
+            column,
+            sessionKey: entry.sessionKey?.trim() || `app.${column}`,
+            index: entry.index ?? true,
+        });
+    }
+    return resolved;
+}
+function buildTriggerFunctionSql(qualifiedAuditTable, qualifiedTriggerFunction, contextLiteral, contextColumns) {
+    const declContext = contextColumns
+        .map((_, i) => `\n  audit_ctx_${i} TEXT;`)
+        .join("");
+    const readContext = contextColumns
+        .map((col, i) => `\n  audit_ctx_${i} := NULLIF(current_setting(${quoteLiteral(col.sessionKey)}, true), '');`)
+        .join("");
+    const ctxColIdents = contextColumns.map((col) => quoteIdent(col.column));
+    const ctxColPrefix = ctxColIdents.length ? `, ${ctxColIdents.join(", ")}` : "";
+    const ctxValExprs = contextColumns.map((_, i) => `audit_ctx_${i}`);
+    const ctxValPrefix = ctxValExprs.length ? `, ${ctxValExprs.join(", ")}` : "";
     const insertColsBase = "table_name, operation, row_id, user_id";
-    const insertColsInsert = hasWorkspace
-        ? `${insertColsBase}, ${workspaceCol}, new_data`
-        : `${insertColsBase}, new_data`;
-    const insertColsUpdate = hasWorkspace
-        ? `${insertColsBase}, ${workspaceCol}, old_data, new_data`
-        : `${insertColsBase}, old_data, new_data`;
-    const insertColsDelete = hasWorkspace
-        ? `${insertColsBase}, ${workspaceCol}, old_data`
-        : `${insertColsBase}, old_data`;
-    const valuesInsert = hasWorkspace
-        ? `TG_TABLE_NAME, TG_OP, current_row_id, audit_user, audit_workspace, to_jsonb(NEW)`
-        : `TG_TABLE_NAME, TG_OP, current_row_id, audit_user, to_jsonb(NEW)`;
-    const valuesUpdate = hasWorkspace
-        ? `TG_TABLE_NAME, TG_OP, current_row_id, audit_user, audit_workspace, to_jsonb(OLD), to_jsonb(NEW)`
-        : `TG_TABLE_NAME, TG_OP, current_row_id, audit_user, to_jsonb(OLD), to_jsonb(NEW)`;
-    const valuesDelete = hasWorkspace
-        ? `TG_TABLE_NAME, TG_OP, current_row_id, audit_user, audit_workspace, to_jsonb(OLD)`
-        : `TG_TABLE_NAME, TG_OP, current_row_id, audit_user, to_jsonb(OLD)`;
+    const insertColsInsert = `${insertColsBase}${ctxColPrefix}, new_data`;
+    const insertColsUpdate = `${insertColsBase}${ctxColPrefix}, old_data, new_data`;
+    const insertColsDelete = `${insertColsBase}${ctxColPrefix}, old_data`;
+    const valuesInsert = `TG_TABLE_NAME, TG_OP, current_row_id, audit_user${ctxValPrefix}, to_jsonb(NEW)`;
+    const valuesUpdate = `TG_TABLE_NAME, TG_OP, current_row_id, audit_user${ctxValPrefix}, to_jsonb(OLD), to_jsonb(NEW)`;
+    const valuesDelete = `TG_TABLE_NAME, TG_OP, current_row_id, audit_user${ctxValPrefix}, to_jsonb(OLD)`;
     return `
 CREATE OR REPLACE FUNCTION ${qualifiedTriggerFunction}()
 RETURNS TRIGGER AS $$
 DECLARE
-  audit_user TEXT;${declWorkspace}
+  audit_user TEXT;${declContext}
   row_id_column TEXT;
   current_row JSONB;
   current_row_id TEXT;
 BEGIN
-  audit_user := NULLIF(current_setting(${contextLiteral}, true), '');${readWorkspace}
+  audit_user := NULLIF(current_setting(${contextLiteral}, true), '');${readContext}
 
   row_id_column := COALESCE(NULLIF(TG_ARGV[0], ''), ${quoteLiteral(DEFAULT_ROW_ID_COLUMN)});
 
@@ -102,7 +114,7 @@ export function createAuditInstallSql(options = {}) {
     const auditTable = assertNonEmpty(options.auditTable ?? DEFAULT_AUDIT_TABLE, "auditTable");
     const contextKey = assertNonEmpty(options.contextKey ?? DEFAULT_CONTEXT_KEY, "contextKey");
     const triggerFunctionName = assertNonEmpty(options.triggerFunctionName ?? DEFAULT_TRIGGER_FUNCTION, "triggerFunctionName");
-    const workspaceIdColumn = options.workspaceIdColumn?.trim();
+    const contextColumns = normalizeContextColumns(options);
     const qualifiedAuditTable = qualifyName(auditTable, auditSchema);
     const qualifiedTriggerFunction = qualifyName(triggerFunctionName, auditSchema);
     const contextLiteral = quoteLiteral(contextKey);
@@ -112,7 +124,7 @@ export function createAuditInstallSql(options = {}) {
         "operation TEXT NOT NULL CHECK (operation IN ('INSERT', 'UPDATE', 'DELETE'))",
         "row_id TEXT",
         "user_id TEXT",
-        ...(workspaceIdColumn ? [quoteIdent(workspaceIdColumn) + " TEXT"] : []),
+        ...contextColumns.map((col) => quoteIdent(col.column) + " TEXT"),
         "old_data JSONB",
         "new_data JSONB",
         "created_at TIMESTAMPTZ NOT NULL DEFAULT now()",
@@ -121,11 +133,9 @@ export function createAuditInstallSql(options = {}) {
         `CREATE INDEX IF NOT EXISTS ${quoteIdent(`${auditTable}_table_name_idx`)} ON ${qualifiedAuditTable} (table_name);`,
         `CREATE INDEX IF NOT EXISTS ${quoteIdent(`${auditTable}_row_id_idx`)} ON ${qualifiedAuditTable} (row_id);`,
         `CREATE INDEX IF NOT EXISTS ${quoteIdent(`${auditTable}_user_id_idx`)} ON ${qualifiedAuditTable} (user_id);`,
-        ...(workspaceIdColumn
-            ? [
-                `CREATE INDEX IF NOT EXISTS ${quoteIdent(`${auditTable}_${workspaceIdColumn}_idx`)} ON ${qualifiedAuditTable} (${quoteIdent(workspaceIdColumn)});`,
-            ]
-            : []),
+        ...contextColumns
+            .filter((col) => col.index)
+            .map((col) => `CREATE INDEX IF NOT EXISTS ${quoteIdent(`${auditTable}_${col.column}_idx`)} ON ${qualifiedAuditTable} (${quoteIdent(col.column)});`),
         `CREATE INDEX IF NOT EXISTS ${quoteIdent(`${auditTable}_created_at_idx`)} ON ${qualifiedAuditTable} (created_at DESC);`,
     ];
     return [
@@ -135,7 +145,7 @@ CREATE TABLE IF NOT EXISTS ${qualifiedAuditTable} (
   ${tableColumns.join(",\n  ")}
 );`.trim(),
         ...indexStatements,
-        buildTriggerFunctionSql(qualifiedAuditTable, qualifiedTriggerFunction, contextLiteral, { workspaceIdColumn: workspaceIdColumn ?? undefined }),
+        buildTriggerFunctionSql(qualifiedAuditTable, qualifiedTriggerFunction, contextLiteral, contextColumns),
     ].join("\n\n");
 }
 export function createAttachAuditTriggerSql(target, options = {}) {
@@ -166,25 +176,37 @@ export function createAttachAuditTriggersSql(targets, options = {}) {
         .join("\n\n");
 }
 /**
- * Generates SQL to add the workspace column and replace the trigger function on an
- * existing audit_logs table. Use in a new migration when adding workspace_id after
- * the initial install. Options must match your install (auditSchema, auditTable,
- * triggerFunctionName, contextKey, workspaceIdColumn).
+ * Generates SQL to add context columns and regenerate the trigger function on an
+ * existing audit_logs table. Use in a new migration when adding context columns
+ * after the initial install.
+ *
+ * Pass the FULL set of context columns the audit table should have (the trigger is
+ * a single CREATE OR REPLACE, so it must reference every column). Columns are added
+ * with `ADD COLUMN IF NOT EXISTS`, so already-present columns are left untouched.
+ * Options must match your install (auditSchema, auditTable, triggerFunctionName,
+ * contextKey).
  */
-export function createAuditAddWorkspaceColumnSql(options) {
-    const workspaceIdColumn = assertNonEmpty(options.workspaceIdColumn.trim(), "workspaceIdColumn");
+export function createAuditAddContextColumnsSql(options = {}) {
     const auditSchema = assertNonEmpty(options.auditSchema ?? DEFAULT_AUDIT_SCHEMA, "auditSchema");
     const auditTable = assertNonEmpty(options.auditTable ?? DEFAULT_AUDIT_TABLE, "auditTable");
     const contextKey = assertNonEmpty(options.contextKey ?? DEFAULT_CONTEXT_KEY, "contextKey");
     const triggerFunctionName = assertNonEmpty(options.triggerFunctionName ?? DEFAULT_TRIGGER_FUNCTION, "triggerFunctionName");
+    const contextColumns = normalizeContextColumns(options);
+    if (contextColumns.length === 0) {
+        throw new Error("createAuditAddContextColumnsSql requires at least one context column");
+    }
     const qualifiedAuditTable = qualifyName(auditTable, auditSchema);
     const qualifiedTriggerFunction = qualifyName(triggerFunctionName, auditSchema);
     const contextLiteral = quoteLiteral(contextKey);
     return [
-        `ALTER TABLE ${qualifiedAuditTable} ADD COLUMN IF NOT EXISTS ${quoteIdent(workspaceIdColumn)} TEXT;`,
-        `CREATE INDEX IF NOT EXISTS ${quoteIdent(`${auditTable}_${workspaceIdColumn}_idx`)} ON ${qualifiedAuditTable} (${quoteIdent(workspaceIdColumn)});`,
-        buildTriggerFunctionSql(qualifiedAuditTable, qualifiedTriggerFunction, contextLiteral, {
-            workspaceIdColumn,
-        }),
+        ...contextColumns.flatMap((col) => [
+            `ALTER TABLE ${qualifiedAuditTable} ADD COLUMN IF NOT EXISTS ${quoteIdent(col.column)} TEXT;`,
+            ...(col.index
+                ? [
+                    `CREATE INDEX IF NOT EXISTS ${quoteIdent(`${auditTable}_${col.column}_idx`)} ON ${qualifiedAuditTable} (${quoteIdent(col.column)});`,
+                ]
+                : []),
+        ]),
+        buildTriggerFunctionSql(qualifiedAuditTable, qualifiedTriggerFunction, contextLiteral, contextColumns),
     ].join("\n\n");
 }

package/dist/src/postgres/types.d.ts

@@ -5,13 +5,21 @@ export type AuditSqlExecutor = {
 export type AuditTransactionCapable<TTransaction extends AuditSqlExecutor> = {
     transaction: <TResult>(callback: (tx: TTransaction) => Promise<TResult>) => Promise<TResult>;
 };
+export type AuditContextColumn = {
+    /** Column added to the audit table (TEXT, nullable). */
+    column: string;
+    /** Session GUC the trigger reads. Default `app.${column}`. */
+    sessionKey?: string;
+    /** Create an index on the column. Default true. */
+    index?: boolean;
+};
 export type AuditInstallOptions = {
     auditSchema?: string;
     auditTable?: string;
     contextKey?: string;
     triggerFunctionName?: string;
-    /** When set (e.g. "workspace_id"), the audit table and trigger include this column; trigger reads from session variable app.${workspaceIdColumn}. */
-    workspaceIdColumn?: string;
+    /** Extra context columns added to the audit table and populated by the trigger from session GUCs. */
+    contextColumns?: AuditContextColumn[];
 };
 export type AuditTriggerTarget = {
     table: string;

package/dist/src/postgres/types.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/postgres/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,aAAa,CAAA;AAEtC,MAAM,MAAM,gBAAgB,GAAG;IAC7B,OAAO,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,OAAO,CAAC,OAAO,CAAC,CAAA;CAC1C,CAAA;AAED,MAAM,MAAM,uBAAuB,CAAC,YAAY,SAAS,gBAAgB,IAAI;IAC3E,WAAW,EAAE,CAAC,OAAO,EACnB,QAAQ,EAAE,CAAC,EAAE,EAAE,YAAY,KAAK,OAAO,CAAC,OAAO,CAAC,KAC7C,OAAO,CAAC,OAAO,CAAC,CAAA;CACtB,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,qJAAqJ;IACrJ,iBAAiB,CAAC,EAAE,MAAM,CAAA;CAC3B,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB,CAAA"}
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../../src/postgres/types.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,GAAG,EAAE,MAAM,aAAa,CAAA;AAEtC,MAAM,MAAM,gBAAgB,GAAG;IAC7B,OAAO,EAAE,CAAC,KAAK,EAAE,GAAG,KAAK,OAAO,CAAC,OAAO,CAAC,CAAA;CAC1C,CAAA;AAED,MAAM,MAAM,uBAAuB,CAAC,YAAY,SAAS,gBAAgB,IAAI;IAC3E,WAAW,EAAE,CAAC,OAAO,EACnB,QAAQ,EAAE,CAAC,EAAE,EAAE,YAAY,KAAK,OAAO,CAAC,OAAO,CAAC,KAC7C,OAAO,CAAC,OAAO,CAAC,CAAA;CACtB,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,wDAAwD;IACxD,MAAM,EAAE,MAAM,CAAA;IACd,8DAA8D;IAC9D,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,mDAAmD;IACnD,KAAK,CAAC,EAAE,OAAO,CAAA;CAChB,CAAA;AAED,MAAM,MAAM,mBAAmB,GAAG;IAChC,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,UAAU,CAAC,EAAE,MAAM,CAAA;IACnB,mBAAmB,CAAC,EAAE,MAAM,CAAA;IAC5B,qGAAqG;IACrG,cAAc,CAAC,EAAE,kBAAkB,EAAE,CAAA;CACtC,CAAA;AAED,MAAM,MAAM,kBAAkB,GAAG;IAC/B,KAAK,EAAE,MAAM,CAAA;IACb,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,WAAW,CAAC,EAAE,MAAM,CAAA;IACpB,WAAW,CAAC,EAAE,MAAM,CAAA;CACrB,CAAA"}

package/dist/test/d1-async.integration.test.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Integration tests for withAudit against a real async D1 driver (miniflare v4).
+ *
+ * These tests exercise the actual failure mode described in issue #29:
+ *   - drizzle-orm/d1 .all()/.run() return Promises, not plain values.
+ *   - drizzle-orm/d1 db.transaction() issues a raw BEGIN which D1 rejects.
+ *
+ * All tests here FAIL on the current sync implementation and must PASS after the fix.
+ *
+ * The existing sqlite.integration.test.ts covers the better-sqlite3 (sync) path.
+ */
+export {};
+//# sourceMappingURL=d1-async.integration.test.d.ts.map

package/dist/test/d1-async.integration.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"d1-async.integration.test.d.ts","sourceRoot":"","sources":["../../test/d1-async.integration.test.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;GAUG"}

package/dist/test/d1-async.integration.test.js

@@ -0,0 +1,159 @@
+/**
+ * Integration tests for withAudit against a real async D1 driver (miniflare v4).
+ *
+ * These tests exercise the actual failure mode described in issue #29:
+ *   - drizzle-orm/d1 .all()/.run() return Promises, not plain values.
+ *   - drizzle-orm/d1 db.transaction() issues a raw BEGIN which D1 rejects.
+ *
+ * All tests here FAIL on the current sync implementation and must PASS after the fix.
+ *
+ * The existing sqlite.integration.test.ts covers the better-sqlite3 (sync) path.
+ */
+import assert from "node:assert/strict";
+import { after, before, test } from "node:test";
+import { asc, eq, isNull } from "drizzle-orm";
+import { drizzle } from "drizzle-orm/d1";
+import { integer, sqliteTable, text } from "drizzle-orm/sqlite-core";
+import { Miniflare } from "miniflare";
+import { d1AuditLogTable } from "../src/d1/index.js";
+import { withAudit } from "../src/d1-runtime/index.js";
+const users = sqliteTable("users", {
+    id: text("id").primaryKey(),
+    name: text("name").notNull(),
+    email: text("email"),
+});
+const invoices = sqliteTable("invoices", {
+    invoice_id: text("invoice_id").primaryKey(),
+    amount: integer("amount").notNull(),
+    status: text("status").notNull().default("pending"),
+});
+const auditLogs = d1AuditLogTable();
+let mf;
+before(async () => {
+    mf = new Miniflare({
+        modules: true,
+        script: `export default { fetch() { return new Response("ok") } }`,
+        d1Databases: { DB: "drizzle-audit-test" },
+    });
+});
+after(async () => {
+    await mf.dispose();
+});
+async function setupDb() {
+    const d1 = await mf.getD1Database("DB");
+    // D1 exec() treats each newline as a statement separator — use prepare().run() for DDL
+    for (const sql of [
+        "DROP TABLE IF EXISTS audit_logs",
+        "DROP TABLE IF EXISTS users",
+        "DROP TABLE IF EXISTS invoices",
+        "CREATE TABLE audit_logs (id INTEGER PRIMARY KEY AUTOINCREMENT, table_name TEXT NOT NULL, operation TEXT NOT NULL, row_id TEXT, user_id TEXT, old_data TEXT, new_data TEXT, created_at TEXT NOT NULL DEFAULT (datetime('now')))",
+        "CREATE TABLE users (id TEXT PRIMARY KEY, name TEXT NOT NULL, email TEXT)",
+        "CREATE TABLE invoices (invoice_id TEXT PRIMARY KEY, amount INTEGER NOT NULL, status TEXT NOT NULL DEFAULT 'pending')",
+    ]) {
+        await d1.prepare(sql).run();
+    }
+    return drizzle(d1, { schema: { auditLogs, users, invoices } });
+}
+test("withAudit insert logs audit row with new_data (real D1)", async () => {
+    const db = await setupDb();
+    const audited = withAudit(db, auditLogs, { userId: "user_1" });
+    const row = await audited.insert(users, { id: "u1", name: "Ada", email: "ada@example.com" });
+    assert.equal(row.id, "u1");
+    assert.equal(row.name, "Ada");
+    const logs = await db.select().from(auditLogs).all();
+    assert.equal(logs.length, 1);
+    assert.equal(logs[0]?.table_name, "users");
+    assert.equal(logs[0]?.operation, "INSERT");
+    assert.equal(logs[0]?.row_id, "u1");
+    assert.equal(logs[0]?.user_id, "user_1");
+    assert.equal(logs[0]?.old_data, null);
+    assert.deepEqual(JSON.parse(logs[0]?.new_data), {
+        id: "u1",
+        name: "Ada",
+        email: "ada@example.com",
+    });
+});
+test("withAudit update captures old and new data (real D1)", async () => {
+    const db = await setupDb();
+    await db.insert(users).values({ id: "u1", name: "Ada", email: "ada@example.com" });
+    const audited = withAudit(db, auditLogs, { userId: "user_2" });
+    const rows = await audited.update(users, eq(users.id, "u1"), { name: "Ada Lovelace" });
+    assert.equal(rows.length, 1);
+    assert.equal(rows[0]?.name, "Ada Lovelace");
+    const logs = await db.select().from(auditLogs).all();
+    assert.equal(logs.length, 1);
+    assert.equal(logs[0]?.operation, "UPDATE");
+    assert.equal(logs[0]?.row_id, "u1");
+    assert.equal(logs[0]?.user_id, "user_2");
+    const oldData = JSON.parse(logs[0]?.old_data);
+    assert.equal(oldData.name, "Ada");
+    assert.equal(oldData.email, "ada@example.com");
+    const newData = JSON.parse(logs[0]?.new_data);
+    assert.equal(newData.name, "Ada Lovelace");
+    assert.equal(newData.email, "ada@example.com");
+});
+test("withAudit delete captures old data (real D1)", async () => {
+    const db = await setupDb();
+    await db.insert(users).values({ id: "u1", name: "Ada" });
+    const audited = withAudit(db, auditLogs, { userId: "user_3" });
+    const deleted = await audited.delete(users, eq(users.id, "u1"));
+    assert.equal(deleted.length, 1);
+    assert.equal(deleted[0]?.id, "u1");
+    const remaining = await db.select().from(users).all();
+    assert.equal(remaining.length, 0);
+    const logs = await db.select().from(auditLogs).all();
+    assert.equal(logs.length, 1);
+    assert.equal(logs[0]?.operation, "DELETE");
+    assert.equal(logs[0]?.row_id, "u1");
+    assert.equal(logs[0]?.user_id, "user_3");
+    assert.deepEqual(JSON.parse(logs[0]?.old_data), {
+        id: "u1",
+        name: "Ada",
+        email: null,
+    });
+    assert.equal(logs[0]?.new_data, null);
+});
+test("withAudit works with custom primary key column (real D1)", async () => {
+    const db = await setupDb();
+    const audited = withAudit(db, auditLogs, { userId: "user_1" });
+    await audited.insert(invoices, { invoice_id: "inv_1", amount: 100 });
+    await audited.update(invoices, eq(invoices.invoice_id, "inv_1"), { amount: 200 });
+    await audited.delete(invoices, eq(invoices.invoice_id, "inv_1"));
+    const logs = await db.select().from(auditLogs).orderBy(asc(auditLogs.id)).all();
+    assert.equal(logs.length, 3);
+    assert.equal(logs[0]?.table_name, "invoices");
+    assert.equal(logs[0]?.row_id, "inv_1");
+    assert.equal(logs[1]?.operation, "UPDATE");
+    assert.equal(logs[1]?.row_id, "inv_1");
+    assert.equal(JSON.parse(logs[1]?.old_data).amount, 100);
+    assert.equal(JSON.parse(logs[1]?.new_data).amount, 200);
+    assert.equal(logs[2]?.operation, "DELETE");
+    assert.equal(logs[2]?.row_id, "inv_1");
+});
+test("withAudit handles multi-row update (real D1)", async () => {
+    const db = await setupDb();
+    await db.insert(users).values([
+        { id: "u1", name: "Ada" },
+        { id: "u2", name: "Bob" },
+        { id: "u3", name: "Carol" },
+    ]);
+    const audited = withAudit(db, auditLogs, { userId: "admin" });
+    const rows = await audited.update(users, isNull(users.email), { email: "bulk@example.com" });
+    assert.equal(rows.length, 3);
+    const logs = await db.select().from(auditLogs).orderBy(asc(auditLogs.id)).all();
+    assert.equal(logs.length, 3);
+    for (const log of logs) {
+        assert.equal(log.operation, "UPDATE");
+        assert.equal(log.user_id, "admin");
+        assert.equal(JSON.parse(log.new_data).email, "bulk@example.com");
+    }
+});
+test("withAudit.db gives access to raw db for non-audited ops (real D1)", async () => {
+    const db = await setupDb();
+    const audited = withAudit(db, auditLogs, { userId: "user_1" });
+    await audited.db.insert(users).values({ id: "u1", name: "Ada" });
+    const logs = await db.select().from(auditLogs).all();
+    assert.equal(logs.length, 0);
+    const rows = await db.select().from(users).all();
+    assert.equal(rows.length, 1);
+});

package/dist/test/d1.integration.test.js

@@ -122,20 +122,22 @@ test("d1 column-aware triggers capture full row data", () => {
 });
 test("d1 workspace_id column and context are stored when enabled", () => {
     const sqlite = new Database(":memory:");
-    const auditLogsWithWorkspace = d1AuditLogTable({ workspaceIdColumn: "workspace_id" });
+    const auditLogsWithWorkspace = d1AuditLogTable({
+        contextColumns: [{ column: "workspace_id" }],
+    });
     const db = drizzle({ client: sqlite, schema: { auditLogs: auditLogsWithWorkspace, auditContext, users } });
     try {
-        sqlite.exec(createD1AuditInstallSql({ workspaceIdColumn: "workspace_id" }));
+        sqlite.exec(createD1AuditInstallSql({ contextColumns: [{ column: "workspace_id" }] }));
         sqlite.exec(`
       CREATE TABLE users (
         id TEXT PRIMARY KEY,
         name TEXT NOT NULL
       );
     `);
-        sqlite.exec(createAttachD1AuditTriggersSql([{ table: "users" }], { workspaceIdColumn: "workspace_id" }));
+        sqlite.exec(createAttachD1AuditTriggersSql([{ table: "users" }], { contextColumns: [{ column: "workspace_id" }] }));
         withD1AuditedTransaction(db, "user_1", (tx) => {
             tx.insert(users).values({ id: "u1", name: "Alice" }).run();
-        }, { workspaceId: "ws_1" });
+        }, { context: { workspace_id: "ws_1" } });
         const logs = db.select().from(auditLogsWithWorkspace).all();
         assert.equal(logs.length, 1);
         assert.equal(logs[0]?.user_id, "user_1");
@@ -157,6 +159,71 @@ test("d1 workspace_id column and context are stored when enabled", () => {
         sqlite.close();
     }
 });
+test("d1 generic contextColumns populate and stay NULL without context", () => {
+    const sqlite = new Database(":memory:");
+    const contextColumns = [
+        { column: "workspace_id" },
+        { column: "tenant_id" },
+        { column: "request_id" },
+    ];
+    const auditLogsWithCtx = d1AuditLogTable({ contextColumns });
+    const db = drizzle({
+        client: sqlite,
+        schema: { auditLogs: auditLogsWithCtx, auditContext, users },
+    });
+    try {
+        sqlite.exec(createD1AuditInstallSql({ contextColumns }));
+        sqlite.exec(`
+      CREATE TABLE users (
+        id TEXT PRIMARY KEY,
+        name TEXT NOT NULL
+      );
+    `);
+        sqlite.exec(createAttachD1AuditTriggersSql([{ table: "users" }], { contextColumns }));
+        withD1AuditedTransaction(db, "user_1", (tx) => {
+            tx.insert(users).values({ id: "u1", name: "Alice" }).run();
+            tx.update(users).set({ name: "Alice Updated" }).where(eq(users.id, "u1")).run();
+            tx.delete(users).where(eq(users.id, "u1")).run();
+        }, {
+            context: {
+                workspace_id: "ws_1",
+                tenant_id: "tenant_1",
+                request_id: "req_1",
+            },
+        });
+        const logs = db
+            .select()
+            .from(auditLogsWithCtx)
+            .orderBy(asc(auditLogsWithCtx.id))
+            .all();
+        assert.equal(logs.length, 3);
+        for (const log of logs) {
+            const row = log;
+            assert.equal(row.user_id, "user_1");
+            assert.equal(row.workspace_id, "ws_1");
+            assert.equal(row.tenant_id, "tenant_1");
+            assert.equal(row.request_id, "req_1");
+        }
+        assert.equal(logs[0]?.operation, "INSERT");
+        assert.equal(logs[1]?.operation, "UPDATE");
+        assert.equal(logs[2]?.operation, "DELETE");
+        // No context: all context columns NULL.
+        db.insert(users).values({ id: "u2", name: "No Context" }).run();
+        const all = db
+            .select()
+            .from(auditLogsWithCtx)
+            .orderBy(asc(auditLogsWithCtx.id))
+            .all();
+        const last = all[all.length - 1];
+        assert.equal(last.user_id, null);
+        assert.equal(last.workspace_id, null);
+        assert.equal(last.tenant_id, null);
+        assert.equal(last.request_id, null);
+    }
+    finally {
+        sqlite.close();
+    }
+});
 test("d1 writes without audit context produce rows with user_id = NULL", () => {
     const { db, sqlite } = setupDb();
     try {

package/dist/test/sqlite.integration.test.d.ts

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=sqlite.integration.test.d.ts.map

package/dist/test/sqlite.integration.test.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sqlite.integration.test.d.ts","sourceRoot":"","sources":["../../test/sqlite.integration.test.ts"],"names":[],"mappings":""}