@willyim/drizzle-audit 0.4.0 → 0.6.0

package/README.md

@@ -120,50 +120,119 @@ sqlite.exec(createAttachD1AuditTriggersSqlWithColumns([
 ]))
 ```
 
-## Workspace / Tenant Scoping
+## Context Columns
 
-All three approaches support an optional workspace column for multi-tenant apps.
+Beyond `user_id`, you can declare arbitrary extra context columns (e.g.
+`workspace_id`, `tenant_id`, `request_id`). Each is an extra `TEXT` column on
+`audit_logs`, populated at write-time from a named runtime context value (a
+Postgres session GUC, or a `_audit_context` KV row in D1).
+
+```ts
+type AuditContextColumn = {
+  column: string      // audit table column (TEXT, nullable)
+  sessionKey?: string // Postgres GUC the trigger reads — default `app.${column}`
+                      // D1: the _audit_context key — default `${column}`
+  index?: boolean     // create an index on the column — default true
+}
+```
 
 ### Postgres
 
 ```ts
-// Install with workspace column
-createAuditInstallSql({ workspaceIdColumn: "workspace_id" })
-export const auditLogs = pgAuditLogTable({ workspaceIdColumn: "workspace_id" })
+const contextColumns = [{ column: "workspace_id" }, { column: "tenant_id" }]
 
-// Pass workspace at runtime
+createAuditInstallSql({ contextColumns })
+export const auditLogs = pgAuditLogTable({ contextColumns })
+
+// Pass context at runtime (GUC name → value)
 await withAuditedTransaction(
   db, userId, async (tx) => { /* ... */ },
   "app.user_id",
-  { workspaceId: "ws_1" },
+  { context: { "app.workspace_id": "ws_1", "app.tenant_id": "t_1" } },
 )
 ```
 
-To add workspace to an existing install, use `createAuditAddWorkspaceColumnSql()`.
+To add context columns to an existing install, use
+`createAuditAddContextColumnsSql({ contextColumns })` — it adds each column and
+regenerates the trigger over the full set. Pass the complete list of columns the
+table should have.
 
 ### D1 Runtime
 
 ```ts
 const audit = withAudit(db, auditLogs, {
   userId: "user_1",
-  workspaceId: "ws_1",
+  context: { workspace_id: "ws_1", tenant_id: "t_1" },
 })
 ```
 
 ### D1 Triggers
 
 ```ts
-createD1AuditInstallSql({ workspaceIdColumn: "workspace_id" })
-createAttachD1AuditTriggersSql(
-  [{ table: "users" }],
-  { workspaceIdColumn: "workspace_id" },
-)
+const contextColumns = [{ column: "workspace_id" }, { column: "tenant_id" }]
+
+createD1AuditInstallSql({ contextColumns })
+createAttachD1AuditTriggersSql([{ table: "users" }], { contextColumns })
 
 withD1AuditedTransaction(db, "user_1", (tx) => { /* ... */ }, {
-  workspaceId: "ws_1",
+  context: { workspace_id: "ws_1", tenant_id: "t_1" },
 })
 ```
 
+## Ambient Context (AsyncLocalStorage)
+
+The explicit `withAuditedTransaction(db, actorId, cb)` is the cross-runtime floor —
+it works everywhere and you pass the actor by hand. The opt-in
+`@willyim/drizzle-audit/context` export adds an *ambient* layer on top: establish
+"who is acting" **once** at an entry boundary (a request, a job, an engine tick),
+then open-or-reuse a single audited transaction anywhere below — the actor is read
+from the ambient store, never threaded through call signatures.
+
+```ts
+import {
+  runWithAuditContext,
+  ensureAuditedTx,
+  currentAudit,
+} from "@willyim/drizzle-audit/context"
+
+// 1. Boundary: set the ambient actor for the unit of work. Pass a thunk to
+//    resolve it LAZILY — it only runs if a write actually happens, so read-only
+//    requests never pay for it (e.g. resolving a session).
+app.use((req, next) =>
+  runWithAuditContext(
+    async () => ({
+      actorId: (await getSession(req)).userId,
+      context: { "app.workspace_id": req.workspaceId },
+    }),
+    next,
+  ),
+)
+
+// 2. Anywhere below: open-or-reuse ONE audited tx. Reads don't call this, so
+//    they never open a transaction. Reentrant — nested calls share the tx.
+async function archive(db, id) {
+  await ensureAuditedTx(db, async (tx) => {
+    await tx.update(items).set({ archived: true }).where(eq(items.id, id))
+  })
+}
+
+// 3. Read the actor for a domain column (inside the callback, where it's resolved).
+async function assign(db, id, to) {
+  await ensureAuditedTx(db, async (tx) => {
+    await tx.insert(assignments).values({ id, to, assignedBy: currentAudit().actorId })
+  })
+}
+```
+
+**Runtime support.** This uses *only* `AsyncLocalStorage` from `node:async_hooks`
+(not `createHook`/`executionAsyncId`/…), which is the subset Cloudflare Workers
+implements. Works on Node, Bun, and Workers — Workers needs the `nodejs_compat`
+flag and a recent compatibility date. If a target lacks ALS, the import throws
+loudly; fall back to the explicit `withAuditedTransaction`.
+
+**Guardrail.** `ensureAuditedTx` (and `currentAudit`) throw if there is no ambient
+context — a missed boundary becomes a loud failure instead of an unattributed write.
+
 ## CLI
 
 Generate a Drizzle migration with audit SQL appended:
@@ -202,10 +271,22 @@ export function createAuditSql() {
 | `createAuditInstallSql(options?)` | SQL to create the audit table, indexes, and trigger function |
 | `createAttachAuditTriggerSql(target, options?)` | SQL to attach audit trigger to one table |
 | `createAttachAuditTriggersSql(targets, options?)` | Same, for multiple tables |
-| `createAuditAddWorkspaceColumnSql(options)` | SQL to add workspace column to existing install |
+| `createAuditAddContextColumnsSql(options)` | SQL to add context columns + regenerate trigger on existing install |
 | `setAuditContext(db, actorId, contextKey?, options?)` | Set actor context in current transaction |
 | `withAuditedTransaction(db, actorId, callback, contextKey?, options?)` | Transaction wrapper with actor context |
 
+### `@willyim/drizzle-audit/context`
+
+Opt-in ambient layer (AsyncLocalStorage). See [Ambient Context](#ambient-context-asynclocalstorage).
+
+| Export | Description |
+|---|---|
+| `runWithAuditContext(audit, fn)` | Set the ambient actor for `fn` (`audit` is an `AuditContext` or a lazy thunk) |
+| `ensureAuditedTx(db, run, contextKey?)` | Open-or-reuse one audited tx; actor read from the ambient context |
+| `currentAudit()` | The resolved ambient `AuditContext` (throws if absent/unresolved) |
+| `maybeCurrentAudit()` | The resolved ambient `AuditContext`, or `null` |
+| `hasAuditContext()` | Whether an ambient context is in scope |
+
 ### `@willyim/drizzle-audit`
 
 | Export | Description |
@@ -318,6 +399,27 @@ CREATE TABLE audit_logs (
 | **Bypass risk** | Low (DB-level) | Medium (must use wrapper) | Low (DB-level) |
 | **Best for** | Postgres apps | D1/Cloudflare Workers | SQLite apps needing DB-level guarantees |
 
+## Migrating from 0.2.x → 0.3.0
+
+The `workspace_id`-specific options were removed in favor of the generic
+[Context Columns](#context-columns) API. Mechanical replacements:
+
+| Removed | Replacement |
+|---|---|
+| `pgAuditLogTable({ workspaceIdColumn: "workspace_id" })` | `pgAuditLogTable({ contextColumns: [{ column: "workspace_id" }] })` |
+| `d1AuditLogTable({ workspaceIdColumn: "workspace_id" })` | `d1AuditLogTable({ contextColumns: [{ column: "workspace_id" }] })` |
+| `createAuditInstallSql({ workspaceIdColumn: "workspace_id" })` | `createAuditInstallSql({ contextColumns: [{ column: "workspace_id" }] })` |
+| `createD1AuditInstallSql({ workspaceIdColumn })` | `createD1AuditInstallSql({ contextColumns: [{ column }] })` |
+| `createAttachD1AuditTriggersSql(targets, { workspaceIdColumn })` | `createAttachD1AuditTriggersSql(targets, { contextColumns: [{ column }] })` |
+| `createAuditAddWorkspaceColumnSql(options)` | `createAuditAddContextColumnsSql({ contextColumns: [...] })` |
+| Postgres runtime `{ workspaceId: v }` | `{ context: { "app.workspace_id": v } }` |
+| Postgres runtime `{ workspaceId: v, workspaceContextKey: "app.tenant_id" }` | `{ context: { "app.tenant_id": v } }` |
+| D1 runtime `{ workspaceId: v }` | `{ context: { workspace_id: v } }` |
+| `withAudit(db, table, { userId, workspaceId: v })` | `withAudit(db, table, { userId, context: { workspace_id: v } })` |
+
+The on-disk column name (`workspace_id`) is unchanged, so no data migration is
+needed — only call sites change.
+
 ## License
 
 MIT

package/dist/src/context/index.d.ts

@@ -0,0 +1,42 @@
+import type { AuditSqlExecutor, AuditTransactionCapable } from "../postgres/types.js";
+/** Opaque to the library: an actor string + the GUC map written for the tx. */
+export type AuditContext = {
+    /** Value written to the actor GUC (default `app.user_id`). */
+    actorId: string;
+    /** Extra session GUCs (full GUC name → value), e.g. `app.workspace_id`. */
+    context?: Record<string, string>;
+};
+/**
+ * How the ambient actor is resolved. Pass a plain `AuditContext` to resolve it
+ * eagerly, or a thunk to resolve it LAZILY — the thunk runs only when the first
+ * audited write actually happens, so read-only units of work never pay for it
+ * (e.g. resolving a session on a request that only reads).
+ */
+export type AuditContextInput = AuditContext | (() => AuditContext | Promise<AuditContext>);
+/**
+ * Establish the ambient audit actor for the duration of `fn`. No transaction is
+ * opened here — `ensureAuditedTx` opens one lazily on the first write below.
+ */
+export declare function runWithAuditContext<T>(audit: AuditContextInput, fn: () => T): T;
+/** The ambient audit context if one is set AND already resolved, else null. */
+export declare function maybeCurrentAudit(): AuditContext | null;
+/**
+ * The ambient audit context. Throws if no context is set, or if it is set but
+ * not yet resolved (a lazy resolver that has not run). It is always resolved
+ * inside an `ensureAuditedTx` callback, which is the intended place to read it
+ * (e.g. to stamp a domain "createdBy" column from the actor).
+ */
+export declare function currentAudit(): AuditContext;
+/** True if an ambient audit context is in scope (resolved or not). */
+export declare function hasAuditContext(): boolean;
+/**
+ * THE primitive: ensure this unit of work runs inside ONE audited transaction,
+ * reusing an already-open one if present (reentrant). The actor is read from the
+ * ambient context (resolving it on first use). Reads should never call this, so
+ * they never open a transaction.
+ *
+ * Throws if called with no ambient audit context — the guardrail that turns a
+ * missed boundary into a loud failure instead of an unattributed write.
+ */
+export declare function ensureAuditedTx<TTransaction extends AuditSqlExecutor, TResult>(db: AuditTransactionCapable<TTransaction>, run: (tx: TTransaction) => Promise<TResult> | TResult, contextKey?: string): Promise<TResult>;
+//# sourceMappingURL=index.d.ts.map

package/dist/src/context/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/context/index.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,gBAAgB,EAChB,uBAAuB,EACxB,MAAM,sBAAsB,CAAA;AA+B7B,+EAA+E;AAC/E,MAAM,MAAM,YAAY,GAAG;IACzB,8DAA8D;IAC9D,OAAO,EAAE,MAAM,CAAA;IACf,2EAA2E;IAC3E,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACjC,CAAA;AAED;;;;;GAKG;AACH,MAAM,MAAM,iBAAiB,GACzB,YAAY,GACZ,CAAC,MAAM,YAAY,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC,CAAA;AAYhD;;;GAGG;AACH,wBAAgB,mBAAmB,CAAC,CAAC,EACnC,KAAK,EAAE,iBAAiB,EACxB,EAAE,EAAE,MAAM,CAAC,GACV,CAAC,CAIH;AAED,+EAA+E;AAC/E,wBAAgB,iBAAiB,IAAI,YAAY,GAAG,IAAI,CAEvD;AAED;;;;;GAKG;AACH,wBAAgB,YAAY,IAAI,YAAY,CAc3C;AAED,sEAAsE;AACtE,wBAAgB,eAAe,IAAI,OAAO,CAEzC;AAED;;;;;;;;GAQG;AACH,wBAAsB,eAAe,CACnC,YAAY,SAAS,gBAAgB,EACrC,OAAO,EAEP,EAAE,EAAE,uBAAuB,CAAC,YAAY,CAAC,EACzC,GAAG,EAAE,CAAC,EAAE,EAAE,YAAY,KAAK,OAAO,CAAC,OAAO,CAAC,GAAG,OAAO,EACrD,UAAU,SAAgB,GACzB,OAAO,CAAC,OAAO,CAAC,CAyBlB"}

package/dist/src/context/index.js

@@ -0,0 +1,94 @@
+import { AsyncLocalStorage } from "node:async_hooks";
+import { setAuditContext } from "../postgres/runtime.js";
+// ─────────────────────────────────────────────────────────────────────────────
+// Ambient audit context (opt-in).
+//
+// The explicit `withAuditedTransaction(db, actorId, cb)` from the main entry is
+// the cross-runtime floor: it works everywhere and takes the actor by hand. This
+// module adds an *ambient* layer on top of it, built on `AsyncLocalStorage`:
+//
+//   - establish "who is acting" ONCE at an entry boundary (a request, a job, an
+//     engine tick) with `runWithAuditContext`, then
+//   - open-or-reuse a single audited transaction anywhere below with
+//     `ensureAuditedTx` — the actor is read from the ambient store, never
+//     threaded through call signatures.
+//
+// Runtime support: this uses ONLY `AsyncLocalStorage` from `node:async_hooks`
+// (not `createHook`/`executionAsyncId`/…), which is the subset Cloudflare
+// Workers implements. It works on Node, Bun, and Workers (Workers needs the
+// `nodejs_compat` flag + a recent compatibility date). If a target lacks ALS,
+// fall back to the explicit `withAuditedTransaction` path.
+// ─────────────────────────────────────────────────────────────────────────────
+if (typeof AsyncLocalStorage === "undefined") {
+    throw new Error("@willyim/drizzle-audit/context requires AsyncLocalStorage from node:async_hooks. " +
+        "On Cloudflare Workers enable the `nodejs_compat` flag (with a recent compatibility " +
+        "date). On other runtimes use the explicit withAuditedTransaction(db, actorId, cb) " +
+        "from @willyim/drizzle-audit/postgres instead.");
+}
+const als = new AsyncLocalStorage();
+/**
+ * Establish the ambient audit actor for the duration of `fn`. No transaction is
+ * opened here — `ensureAuditedTx` opens one lazily on the first write below.
+ */
+export function runWithAuditContext(audit, fn) {
+    const resolve = typeof audit === "function" ? audit : () => audit;
+    const resolved = typeof audit === "function" ? null : audit;
+    return als.run({ resolve, resolved, tx: null }, fn);
+}
+/** The ambient audit context if one is set AND already resolved, else null. */
+export function maybeCurrentAudit() {
+    return als.getStore()?.resolved ?? null;
+}
+/**
+ * The ambient audit context. Throws if no context is set, or if it is set but
+ * not yet resolved (a lazy resolver that has not run). It is always resolved
+ * inside an `ensureAuditedTx` callback, which is the intended place to read it
+ * (e.g. to stamp a domain "createdBy" column from the actor).
+ */
+export function currentAudit() {
+    const cell = als.getStore();
+    if (!cell) {
+        throw new Error("no ambient audit context — wrap the unit of work in runWithAuditContext(...)");
+    }
+    if (!cell.resolved) {
+        throw new Error("ambient audit context not resolved yet — read currentAudit() inside an " +
+            "ensureAuditedTx callback, or pass an eager AuditContext to runWithAuditContext");
+    }
+    return cell.resolved;
+}
+/** True if an ambient audit context is in scope (resolved or not). */
+export function hasAuditContext() {
+    return als.getStore() !== undefined;
+}
+/**
+ * THE primitive: ensure this unit of work runs inside ONE audited transaction,
+ * reusing an already-open one if present (reentrant). The actor is read from the
+ * ambient context (resolving it on first use). Reads should never call this, so
+ * they never open a transaction.
+ *
+ * Throws if called with no ambient audit context — the guardrail that turns a
+ * missed boundary into a loud failure instead of an unattributed write.
+ */
+export async function ensureAuditedTx(db, run, contextKey = "app.user_id") {
+    const cell = als.getStore();
+    if (!cell) {
+        throw new Error("audited write outside an audit context — wrap the unit of work in " +
+            "runWithAuditContext(...) (or use the explicit withAuditedTransaction)");
+    }
+    // Reentrant: a tx is already open in this context — reuse it.
+    if (cell.tx)
+        return run(cell.tx);
+    const audit = cell.resolved ?? (cell.resolved = await cell.resolve());
+    return db.transaction(async (tx) => {
+        await setAuditContext(tx, audit.actorId, contextKey, {
+            context: audit.context,
+        });
+        cell.tx = tx;
+        try {
+            return await run(tx);
+        }
+        finally {
+            cell.tx = null;
+        }
+    });
+}

package/dist/src/d1/audit-log-schema.d.ts

@@ -1,6 +1,7 @@
+import type { AuditContextColumn } from "./types.js";
 export type D1AuditLogTableOptions = {
-    /** When set (e.g. "workspace_id"), the table definition includes this optional column. */
-    workspaceIdColumn?: string;
+    /** Extra context columns to include in the table definition, matching the install. */
+    contextColumns?: AuditContextColumn[];
 };
 export declare function d1AuditLogTable(options?: D1AuditLogTableOptions): import("drizzle-orm/sqlite-core").SQLiteTableWithColumns<{
     name: "audit_logs";

package/dist/src/d1/audit-log-schema.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"audit-log-schema.d.ts","sourceRoot":"","sources":["../../../src/d1/audit-log-schema.ts"],"names":[],"mappings":"AAOA,MAAM,MAAM,sBAAsB,GAAG;IACnC,0FAA0F;IAC1F,iBAAiB,CAAC,EAAE,MAAM,CAAA;CAC3B,CAAA;AAED,wBAAgB,eAAe,CAAC,OAAO,CAAC,EAAE,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyB/D;AAED,wBAAgB,mBAAmB,CAAC,OAAO,CAAC,EAAE;IAAE,YAAY,CAAC,EAAE,MAAM,CAAA;CAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAMtE"}
+{"version":3,"file":"audit-log-schema.d.ts","sourceRoot":"","sources":["../../../src/d1/audit-log-schema.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAA;AAEpD,MAAM,MAAM,sBAAsB,GAAG;IACnC,sFAAsF;IACtF,cAAc,CAAC,EAAE,kBAAkB,EAAE,CAAA;CACtC,CAAA;AAiBD,wBAAgB,eAAe,CAAC,OAAO,CAAC,EAAE,sBAAsB;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuB/D;AAED,wBAAgB,mBAAmB,CAAC,OAAO,CAAC,EAAE;IAAE,YAAY,CAAC,EAAE,MAAM,CAAA;CAAE;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAMtE"}

package/dist/src/d1/audit-log-schema.js

@@ -1,15 +1,25 @@
 import { index, integer, sqliteTable, text, } from "drizzle-orm/sqlite-core";
+function resolveColumns(options) {
+    const columns = [];
+    const seen = new Set();
+    for (const entry of options?.contextColumns ?? []) {
+        const column = entry.column?.trim();
+        if (column && !seen.has(column)) {
+            seen.add(column);
+            columns.push(column);
+        }
+    }
+    return columns;
+}
 export function d1AuditLogTable(options) {
-    const workspaceIdColumn = options?.workspaceIdColumn?.trim();
+    const contextColumns = resolveColumns(options);
     const columns = {
         id: integer("id").primaryKey({ autoIncrement: true }),
         table_name: text("table_name").notNull(),
         operation: text("operation").notNull(),
         row_id: text("row_id"),
         user_id: text("user_id"),
-        ...(workspaceIdColumn
-            ? { [workspaceIdColumn]: text(workspaceIdColumn) }
-            : {}),
+        ...Object.fromEntries(contextColumns.map((c) => [c, text(c)])),
         old_data: text("old_data"),
         new_data: text("new_data"),
         created_at: text("created_at").notNull().default("(datetime('now'))"),

package/dist/src/d1/index.d.ts

@@ -3,5 +3,6 @@ export type { D1AuditLogTableOptions } from "./audit-log-schema.js";
 export { createAttachD1AuditTriggerSql, createAttachD1AuditTriggersSql, createAttachD1AuditTriggerSqlWithColumns, createAttachD1AuditTriggersSqlWithColumns, createD1AuditInstallSql, } from "./sql.js";
 export type { D1AuditTriggerTargetWithColumns } from "./sql.js";
 export { clearD1AuditContext, setD1AuditContext, withD1AuditedTransaction, } from "./runtime.js";
-export type { D1AuditInstallOptions, D1AuditSqlExecutor, D1AuditTriggerTarget, } from "./types.js";
+export type { D1AuditContextOptions } from "./runtime.js";
+export type { AuditContextColumn, D1AuditInstallOptions, D1AuditSqlExecutor, D1AuditTriggerTarget, } from "./types.js";
 //# sourceMappingURL=index.d.ts.map

package/dist/src/d1/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/d1/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAA;AAC5E,YAAY,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAA;AACnE,OAAO,EACL,6BAA6B,EAC7B,8BAA8B,EAC9B,wCAAwC,EACxC,yCAAyC,EACzC,uBAAuB,GACxB,MAAM,UAAU,CAAA;AACjB,YAAY,EAAE,+BAA+B,EAAE,MAAM,UAAU,CAAA;AAC/D,OAAO,EACL,mBAAmB,EACnB,iBAAiB,EACjB,wBAAwB,GACzB,MAAM,cAAc,CAAA;AAErB,YAAY,EACV,qBAAqB,EACrB,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,YAAY,CAAA"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../src/d1/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,eAAe,EAAE,mBAAmB,EAAE,MAAM,uBAAuB,CAAA;AAC5E,YAAY,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAA;AACnE,OAAO,EACL,6BAA6B,EAC7B,8BAA8B,EAC9B,wCAAwC,EACxC,yCAAyC,EACzC,uBAAuB,GACxB,MAAM,UAAU,CAAA;AACjB,YAAY,EAAE,+BAA+B,EAAE,MAAM,UAAU,CAAA;AAC/D,OAAO,EACL,mBAAmB,EACnB,iBAAiB,EACjB,wBAAwB,GACzB,MAAM,cAAc,CAAA;AACrB,YAAY,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAA;AAEzD,YAAY,EACV,kBAAkB,EAClB,qBAAqB,EACrB,kBAAkB,EAClB,oBAAoB,GACrB,MAAM,YAAY,CAAA"}

package/dist/src/d1/runtime.d.ts

@@ -1,4 +1,9 @@
 import type { D1AuditSqlExecutor } from "./types.js";
+export type D1AuditContextOptions = {
+    /** Map of context key → value written as KV rows the triggers read. */
+    context?: Record<string, string>;
+    contextTable?: string;
+};
 /**
  * Sets the audit context for the current transaction by writing to the
  * _audit_context table. Must be called inside a transaction before any
@@ -6,17 +11,15 @@ import type { D1AuditSqlExecutor } from "./types.js";
  *
  * D1/SQLite has no session variables, so triggers read context from this table.
  */
-export declare function setD1AuditContext(db: D1AuditSqlExecutor, actorId: string, options?: {
-    workspaceId?: string;
-    contextTable?: string;
-}): Promise<unknown> | undefined;
+export declare function setD1AuditContext(db: D1AuditSqlExecutor, actorId: string, options?: D1AuditContextOptions): Promise<unknown> | undefined;
 /**
  * Clears the audit context after a transaction completes.
  * Called automatically by withD1AuditedTransaction.
+ *
+ * Clears `user_id` plus any keys set via `context` so the next transaction
+ * starts clean.
  */
-export declare function clearD1AuditContext(db: D1AuditSqlExecutor, options?: {
-    contextTable?: string;
-}): unknown;
+export declare function clearD1AuditContext(db: D1AuditSqlExecutor, options?: D1AuditContextOptions): unknown;
 /**
  * Wraps a Drizzle SQLite transaction with audit context. Sets the actor
  * before the callback and clears the context after (success or failure).
@@ -37,8 +40,5 @@ export declare function clearD1AuditContext(db: D1AuditSqlExecutor, options?: {
  */
 export declare function withD1AuditedTransaction<TDb extends D1AuditSqlExecutor, TResult>(db: TDb & {
     transaction: (cb: (tx: any) => TResult) => TResult;
-}, actorId: string, callback: (tx: TDb) => TResult, options?: {
-    workspaceId?: string;
-    contextTable?: string;
-}): TResult;
+}, actorId: string, callback: (tx: TDb) => TResult, options?: D1AuditContextOptions): TResult;
 //# sourceMappingURL=runtime.d.ts.map

package/dist/src/d1/runtime.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"runtime.d.ts","sourceRoot":"","sources":["../../../src/d1/runtime.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAA;AAUpD;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAC/B,EAAE,EAAE,kBAAkB,EACtB,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE;IAAE,WAAW,CAAC,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAA;CAAE,gCAyB1D;AAED;;;GAGG;AACH,wBAAgB,mBAAmB,CACjC,EAAE,EAAE,kBAAkB,EACtB,OAAO,CAAC,EAAE;IAAE,YAAY,CAAC,EAAE,MAAM,CAAA;CAAE,WAMpC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,wBAAwB,CAAC,GAAG,SAAS,kBAAkB,EAAE,OAAO,EAC9E,EAAE,EAAE,GAAG,GAAG;IAAE,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,GAAG,KAAK,OAAO,KAAK,OAAO,CAAA;CAAE,EAChE,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,CAAC,EAAE,EAAE,GAAG,KAAK,OAAO,EAC9B,OAAO,CAAC,EAAE;IAAE,WAAW,CAAC,EAAE,MAAM,CAAC;IAAC,YAAY,CAAC,EAAE,MAAM,CAAA;CAAE,GACxD,OAAO,CAWT"}
+{"version":3,"file":"runtime.d.ts","sourceRoot":"","sources":["../../../src/d1/runtime.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,kBAAkB,EAAE,MAAM,YAAY,CAAA;AAUpD,MAAM,MAAM,qBAAqB,GAAG;IAClC,uEAAuE;IACvE,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;IAChC,YAAY,CAAC,EAAE,MAAM,CAAA;CACtB,CAAA;AAkBD;;;;;;GAMG;AACH,wBAAgB,iBAAiB,CAC/B,EAAE,EAAE,kBAAkB,EACtB,OAAO,EAAE,MAAM,EACf,OAAO,CAAC,EAAE,qBAAqB,gCAwBhC;AAED;;;;;;GAMG;AACH,wBAAgB,mBAAmB,CACjC,EAAE,EAAE,kBAAkB,EACtB,OAAO,CAAC,EAAE,qBAAqB,WAYhC;AAED;;;;;;;;;;;;;;;;;GAiBG;AACH,wBAAgB,wBAAwB,CAAC,GAAG,SAAS,kBAAkB,EAAE,OAAO,EAC9E,EAAE,EAAE,GAAG,GAAG;IAAE,WAAW,EAAE,CAAC,EAAE,EAAE,CAAC,EAAE,EAAE,GAAG,KAAK,OAAO,KAAK,OAAO,CAAA;CAAE,EAChE,OAAO,EAAE,MAAM,EACf,QAAQ,EAAE,CAAC,EAAE,EAAE,GAAG,KAAK,OAAO,EAC9B,OAAO,CAAC,EAAE,qBAAqB,GAC9B,OAAO,CAWT"}

package/dist/src/d1/runtime.js

@@ -5,6 +5,19 @@ function assertActorId(actorId) {
         throw new Error("actorId must not be empty");
     }
 }
+/**
+ * Builds the KV map (key → value) to write. Empty/undefined values are dropped
+ * so the corresponding column stays NULL.
+ */
+function resolveContext(options) {
+    const context = {};
+    for (const [key, value] of Object.entries(options?.context ?? {})) {
+        if (value !== undefined && value !== "") {
+            context[key] = value;
+        }
+    }
+    return context;
+}
 /**
  * Sets the audit context for the current transaction by writing to the
  * _audit_context table. Must be called inside a transaction before any
@@ -15,26 +28,30 @@ function assertActorId(actorId) {
 export function setD1AuditContext(db, actorId, options) {
     assertActorId(actorId);
     const table = options?.contextTable ?? DEFAULT_CONTEXT_TABLE;
-    const result = db.run(sql `INSERT OR REPLACE INTO ${sql.identifier(table)} (key, value) VALUES ('user_id', ${actorId})`);
+    const context = resolveContext(options);
+    const writeKv = (key, value) => db.run(sql `INSERT OR REPLACE INTO ${sql.identifier(table)} (key, value) VALUES (${key}, ${value})`);
+    const result = writeKv("user_id", actorId);
     // Handle async drivers (D1) by chaining if result is a Promise
     if (result && typeof result.then === "function") {
-        return result.then(() => {
-            if (options?.workspaceId !== undefined && options.workspaceId !== "") {
-                return db.run(sql `INSERT OR REPLACE INTO ${sql.identifier(table)} (key, value) VALUES ('workspace_id', ${options.workspaceId})`);
-            }
-        });
+        return Object.entries(context).reduce((prev, [key, value]) => prev.then(() => writeKv(key, value)), result);
     }
-    if (options?.workspaceId !== undefined && options.workspaceId !== "") {
-        db.run(sql `INSERT OR REPLACE INTO ${sql.identifier(table)} (key, value) VALUES ('workspace_id', ${options.workspaceId})`);
+    for (const [key, value] of Object.entries(context)) {
+        writeKv(key, value);
     }
 }
 /**
  * Clears the audit context after a transaction completes.
  * Called automatically by withD1AuditedTransaction.
+ *
+ * Clears `user_id` plus any keys set via `context` so the next transaction
+ * starts clean.
  */
 export function clearD1AuditContext(db, options) {
     const table = options?.contextTable ?? DEFAULT_CONTEXT_TABLE;
-    return db.run(sql `DELETE FROM ${sql.identifier(table)} WHERE key IN ('user_id', 'workspace_id')`);
+    const keys = ["user_id", ...Object.keys(options?.context ?? {})];
+    const uniqueKeys = [...new Set(keys)];
+    const keyList = sql.join(uniqueKeys.map((k) => sql `${k}`), sql `, `);
+    return db.run(sql `DELETE FROM ${sql.identifier(table)} WHERE key IN (${keyList})`);
 }
 /**
  * Wraps a Drizzle SQLite transaction with audit context. Sets the actor

package/dist/src/d1/sql.d.ts

@@ -2,8 +2,8 @@ import type { D1AuditInstallOptions, D1AuditTriggerTarget } from "./types.js";
 /**
  * Generates SQL to install the audit_logs table and _audit_context table.
  *
- * The _audit_context table stores user_id (and optionally workspace_id) for
- * the current transaction. Since D1/SQLite has no session variables, triggers
+ * The _audit_context table stores user_id (and any configured context columns)
+ * for the current transaction. Since D1/SQLite has no session variables, triggers
  * read context from this table instead.
  */
 export declare function createD1AuditInstallSql(options?: D1AuditInstallOptions): string;

package/dist/src/d1/sql.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"sql.d.ts","sourceRoot":"","sources":["../../../src/d1/sql.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,qBAAqB,EAAE,oBAAoB,EAAE,MAAM,YAAY,CAAA;AAqB7E;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,OAAO,GAAE,qBAA0B,UA6C1E;AAoHD;;;;;;GAMG;AACH,wBAAgB,6BAA6B,CAC3C,MAAM,EAAE,oBAAoB,EAC5B,OAAO,GAAE,qBAA0B,UAOpC;AAED,wBAAgB,8BAA8B,CAC5C,OAAO,EAAE,oBAAoB,EAAE,EAC/B,OAAO,GAAE,qBAA0B,UAQpC;AAID,MAAM,MAAM,+BAA+B,GAAG,oBAAoB,GAAG;IACnE,kEAAkE;IAClE,OAAO,EAAE,MAAM,EAAE,CAAA;CAClB,CAAA;AA4HD;;;;;;;;;;;GAWG;AACH,wBAAgB,wCAAwC,CACtD,MAAM,EAAE,+BAA+B,EACvC,OAAO,GAAE,qBAA0B,UAUpC;AAED,wBAAgB,yCAAyC,CACvD,OAAO,EAAE,+BAA+B,EAAE,EAC1C,OAAO,GAAE,qBAA0B,UAQpC"}
+{"version":3,"file":"sql.d.ts","sourceRoot":"","sources":["../../../src/d1/sql.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAEV,qBAAqB,EACrB,oBAAoB,EACrB,MAAM,YAAY,CAAA;AAyEnB;;;;;;GAMG;AACH,wBAAgB,uBAAuB,CAAC,OAAO,GAAE,qBAA0B,UA8C1E;AAoHD;;;;;;GAMG;AACH,wBAAgB,6BAA6B,CAC3C,MAAM,EAAE,oBAAoB,EAC5B,OAAO,GAAE,qBAA0B,UAOpC;AAED,wBAAgB,8BAA8B,CAC5C,OAAO,EAAE,oBAAoB,EAAE,EAC/B,OAAO,GAAE,qBAA0B,UAQpC;AAID,MAAM,MAAM,+BAA+B,GAAG,oBAAoB,GAAG;IACnE,kEAAkE;IAClE,OAAO,EAAE,MAAM,EAAE,CAAA;CAClB,CAAA;AA4HD;;;;;;;;;;;GAWG;AACH,wBAAgB,wCAAwC,CACtD,MAAM,EAAE,+BAA+B,EACvC,OAAO,GAAE,qBAA0B,UAUpC;AAED,wBAAgB,yCAAyC,CACvD,OAAO,EAAE,+BAA+B,EAAE,EAC1C,OAAO,GAAE,qBAA0B,UAQpC"}