palaryn 0.1.0

package/dist/tests/unit/audit-logger.test.js

@@ -0,0 +1,635 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const os = __importStar(require("os"));
+const logger_1 = require("../../src/audit/logger");
+// ---------------------------------------------------------------------------
+// Helper: create a ToolCall with sensible defaults and optional overrides
+// ---------------------------------------------------------------------------
+function createTestToolCall(overrides) {
+    return {
+        tool_call_id: 'tc-001',
+        task_id: 'task-001',
+        workspace_id: 'ws-001',
+        actor: { type: 'agent', id: 'agent-001' },
+        source: { platform: 'test' },
+        tool: { name: 'http.request', capability: 'read' },
+        args: { method: 'GET', url: 'https://example.com' },
+        ...overrides,
+    };
+}
+// ---------------------------------------------------------------------------
+// Config helpers
+// ---------------------------------------------------------------------------
+function memoryOnlyConfig() {
+    return {
+        enabled: true,
+        log_dir: '',
+        console_output: false,
+        retention_days: 30,
+    };
+}
+function disabledConfig() {
+    return {
+        enabled: false,
+        log_dir: '',
+        console_output: false,
+        retention_days: 30,
+    };
+}
+// ===========================================================================
+// Tests
+// ===========================================================================
+describe('AuditLogger', () => {
+    // -----------------------------------------------------------------------
+    // Generic log
+    // -----------------------------------------------------------------------
+    describe('log', () => {
+        let logger;
+        beforeEach(() => {
+            logger = new logger_1.AuditLogger(memoryOnlyConfig());
+        });
+        afterEach(() => {
+            logger.close();
+        });
+        it('should create an event with generated event_id and timestamp', () => {
+            const event = logger.log({
+                event_type: 'TOOL_CALL_RECEIVED',
+                tool_call_id: 'tc-001',
+                task_id: 'task-001',
+                workspace_id: 'ws-001',
+                actor_id: 'agent-001',
+                tool_name: 'http.request',
+                metadata: {},
+            });
+            expect(event.event_id).toBeDefined();
+            expect(typeof event.event_id).toBe('string');
+            expect(event.event_id.length).toBeGreaterThan(0);
+            expect(event.timestamp).toBeDefined();
+            // ISO 8601 format check
+            expect(new Date(event.timestamp).toISOString()).toBe(event.timestamp);
+        });
+        it('should store the event in internal list', () => {
+            logger.log({
+                event_type: 'TOOL_CALL_RECEIVED',
+                tool_call_id: 'tc-001',
+                task_id: 'task-001',
+                workspace_id: 'ws-001',
+                actor_id: 'agent-001',
+                tool_name: 'http.request',
+                metadata: {},
+            });
+            expect(logger.getAllEvents()).toHaveLength(1);
+        });
+        it('should preserve all fields passed to log', () => {
+            const event = logger.log({
+                event_type: 'POLICY_DECIDED',
+                tool_call_id: 'tc-999',
+                task_id: 'task-555',
+                workspace_id: 'ws-888',
+                actor_id: 'user-42',
+                tool_name: 'db.query',
+                metadata: { decision: 'ALLOW', rule_id: 'r-1', reasons: [] },
+            });
+            expect(event.event_type).toBe('POLICY_DECIDED');
+            expect(event.tool_call_id).toBe('tc-999');
+            expect(event.task_id).toBe('task-555');
+            expect(event.workspace_id).toBe('ws-888');
+            expect(event.actor_id).toBe('user-42');
+            expect(event.tool_name).toBe('db.query');
+            expect(event.metadata).toEqual({ decision: 'ALLOW', rule_id: 'r-1', reasons: [] });
+        });
+    });
+    // -----------------------------------------------------------------------
+    // Convenience loggers
+    // -----------------------------------------------------------------------
+    describe('logToolCallReceived', () => {
+        it('should create proper TOOL_CALL_RECEIVED event', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            const toolCall = createTestToolCall({
+                context: { labels: ['finance', 'sensitive'] },
+                constraints: { max_cost_usd: 0.5 },
+            });
+            const event = logger.logToolCallReceived(toolCall);
+            expect(event.event_type).toBe('TOOL_CALL_RECEIVED');
+            expect(event.tool_call_id).toBe('tc-001');
+            expect(event.task_id).toBe('task-001');
+            expect(event.workspace_id).toBe('ws-001');
+            expect(event.actor_id).toBe('agent-001');
+            expect(event.tool_name).toBe('http.request');
+            expect(event.metadata.capability).toBe('read');
+            expect(event.metadata.platform).toBe('test');
+            expect(event.metadata.has_constraints).toBe(true);
+            expect(event.metadata.labels).toEqual(['finance', 'sensitive']);
+            logger.close();
+        });
+        it('should handle missing context/constraints gracefully', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            const toolCall = createTestToolCall({ context: undefined, constraints: undefined });
+            const event = logger.logToolCallReceived(toolCall);
+            expect(event.metadata.has_constraints).toBe(false);
+            expect(event.metadata.labels).toEqual([]);
+            logger.close();
+        });
+    });
+    describe('logPolicyDecided', () => {
+        it('should create proper POLICY_DECIDED event', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            const toolCall = createTestToolCall();
+            const event = logger.logPolicyDecided(toolCall, 'ALLOW', 'rule-001', ['domain in allowlist']);
+            expect(event.event_type).toBe('POLICY_DECIDED');
+            expect(event.tool_call_id).toBe('tc-001');
+            expect(event.metadata.decision).toBe('ALLOW');
+            expect(event.metadata.rule_id).toBe('rule-001');
+            expect(event.metadata.reasons).toEqual(['domain in allowlist']);
+            logger.close();
+        });
+    });
+    describe('logDLPScanned', () => {
+        it('should create proper DLP_SCANNED event', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            const toolCall = createTestToolCall();
+            const event = logger.logDLPScanned(toolCall, ['AWS_KEY', 'email'], 'high', 2);
+            expect(event.event_type).toBe('DLP_SCANNED');
+            expect(event.metadata.detected).toEqual(['AWS_KEY', 'email']);
+            expect(event.metadata.severity).toBe('high');
+            expect(event.metadata.redaction_count).toBe(2);
+            expect(event.metadata.findings_count).toBe(2);
+            logger.close();
+        });
+        it('should set findings_count to zero when no detections', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            const toolCall = createTestToolCall();
+            const event = logger.logDLPScanned(toolCall, [], 'low', 0);
+            expect(event.metadata.detected).toEqual([]);
+            expect(event.metadata.findings_count).toBe(0);
+            expect(event.metadata.redaction_count).toBe(0);
+            logger.close();
+        });
+    });
+    describe('logBudgetChecked', () => {
+        it('should create proper BUDGET_CHECKED event', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            const toolCall = createTestToolCall();
+            const event = logger.logBudgetChecked(toolCall, 0.01, 0.50, 1.50);
+            expect(event.event_type).toBe('BUDGET_CHECKED');
+            expect(event.metadata.estimated_cost).toBe(0.01);
+            expect(event.metadata.spent_to_date).toBe(0.50);
+            expect(event.metadata.remaining).toBe(1.50);
+            expect(event.metadata.would_exceed).toBe(false);
+            logger.close();
+        });
+        it('should set would_exceed to true when estimated exceeds remaining', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            const toolCall = createTestToolCall();
+            const event = logger.logBudgetChecked(toolCall, 2.0, 0.50, 1.50);
+            expect(event.metadata.would_exceed).toBe(true);
+            logger.close();
+        });
+    });
+    describe('logToolExecuted', () => {
+        it('should create proper TOOL_EXECUTED event', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            const toolCall = createTestToolCall();
+            const event = logger.logToolExecuted(toolCall, 'success', 150, 200);
+            expect(event.event_type).toBe('TOOL_EXECUTED');
+            expect(event.metadata.status).toBe('success');
+            expect(event.metadata.duration_ms).toBe(150);
+            expect(event.metadata.http_status).toBe(200);
+            logger.close();
+        });
+        it('should omit http_status when not provided', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            const toolCall = createTestToolCall();
+            const event = logger.logToolExecuted(toolCall, 'success', 100);
+            expect(event.metadata.status).toBe('success');
+            expect(event.metadata).not.toHaveProperty('http_status');
+            logger.close();
+        });
+    });
+    describe('logToolResultReturned', () => {
+        it('should create proper TOOL_RESULT_RETURNED event', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            const toolCall = createTestToolCall();
+            const event = logger.logToolResultReturned(toolCall, 'ok', 250);
+            expect(event.event_type).toBe('TOOL_RESULT_RETURNED');
+            expect(event.metadata.status).toBe('ok');
+            expect(event.metadata.duration_ms).toBe(250);
+            logger.close();
+        });
+    });
+    describe('logApprovalRequested', () => {
+        it('should create proper APPROVAL_REQUESTED event', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            const toolCall = createTestToolCall();
+            const event = logger.logApprovalRequested(toolCall, 'workspace', 'write to production db', 600);
+            expect(event.event_type).toBe('APPROVAL_REQUESTED');
+            expect(event.metadata.scope).toBe('workspace');
+            expect(event.metadata.reason).toBe('write to production db');
+            expect(event.metadata.ttl_seconds).toBe(600);
+            expect(event.metadata.expires_at).toBeDefined();
+            // expires_at should be roughly 600 seconds from now
+            const expiresAt = new Date(event.metadata.expires_at).getTime();
+            const expectedMin = Date.now() + 590 * 1000;
+            const expectedMax = Date.now() + 610 * 1000;
+            expect(expiresAt).toBeGreaterThanOrEqual(expectedMin);
+            expect(expiresAt).toBeLessThanOrEqual(expectedMax);
+            logger.close();
+        });
+    });
+    describe('logApprovalApproved', () => {
+        it('should create proper APPROVAL_APPROVED event', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            const toolCall = createTestToolCall();
+            const event = logger.logApprovalApproved(toolCall, 'admin-007');
+            expect(event.event_type).toBe('APPROVAL_APPROVED');
+            expect(event.metadata.approver_id).toBe('admin-007');
+            logger.close();
+        });
+    });
+    describe('logIncident', () => {
+        it('should create proper INCIDENT_RAISED event', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            const toolCall = createTestToolCall();
+            const event = logger.logIncident(toolCall, 'critical', 'secret_leak', 'AWS secret key detected in request body', 'Revoke the key immediately');
+            expect(event.event_type).toBe('INCIDENT_RAISED');
+            expect(event.metadata.severity).toBe('critical');
+            expect(event.metadata.incident_type).toBe('secret_leak');
+            expect(event.metadata.description).toBe('AWS secret key detected in request body');
+            expect(event.metadata.recommended_action).toBe('Revoke the key immediately');
+            logger.close();
+        });
+        it('should accept all severity levels', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            const toolCall = createTestToolCall();
+            const severities = ['low', 'medium', 'high', 'critical'];
+            for (const severity of severities) {
+                const event = logger.logIncident(toolCall, severity, 'test', 'desc', 'action');
+                expect(event.metadata.severity).toBe(severity);
+            }
+            logger.close();
+        });
+    });
+    // -----------------------------------------------------------------------
+    // Query methods
+    // -----------------------------------------------------------------------
+    describe('getTaskTrace', () => {
+        it('should return events for a specific task in chronological order', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            const tc1 = createTestToolCall({ tool_call_id: 'tc-001', task_id: 'task-A' });
+            const tc2 = createTestToolCall({ tool_call_id: 'tc-002', task_id: 'task-B' });
+            const tc3 = createTestToolCall({ tool_call_id: 'tc-003', task_id: 'task-A' });
+            logger.logToolCallReceived(tc1);
+            logger.logToolCallReceived(tc2);
+            logger.logPolicyDecided(tc3, 'ALLOW', 'rule-1', []);
+            const trace = logger.getTaskTrace('task-A');
+            expect(trace).toHaveLength(2);
+            expect(trace[0].tool_call_id).toBe('tc-001');
+            expect(trace[1].tool_call_id).toBe('tc-003');
+            // Verify chronological order
+            expect(trace[0].timestamp <= trace[1].timestamp).toBe(true);
+            logger.close();
+        });
+        it('should return empty array for unknown task', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            const trace = logger.getTaskTrace('nonexistent');
+            expect(trace).toEqual([]);
+            logger.close();
+        });
+    });
+    describe('getToolCallEvents', () => {
+        it('should return events for a specific tool call in order', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            const toolCall = createTestToolCall({ tool_call_id: 'tc-42' });
+            logger.logToolCallReceived(toolCall);
+            logger.logPolicyDecided(toolCall, 'ALLOW', 'r-1', []);
+            logger.logDLPScanned(toolCall, [], 'low', 0);
+            logger.logBudgetChecked(toolCall, 0.001, 0, 2.0);
+            logger.logToolExecuted(toolCall, 'success', 100, 200);
+            logger.logToolResultReturned(toolCall, 'ok', 105);
+            // Also log something for a different tool call to ensure filtering works
+            const other = createTestToolCall({ tool_call_id: 'tc-other' });
+            logger.logToolCallReceived(other);
+            const events = logger.getToolCallEvents('tc-42');
+            expect(events).toHaveLength(6);
+            events.forEach(e => expect(e.tool_call_id).toBe('tc-42'));
+            // Check order: timestamps should be non-decreasing
+            for (let i = 1; i < events.length; i++) {
+                expect(events[i].timestamp >= events[i - 1].timestamp).toBe(true);
+            }
+            logger.close();
+        });
+        it('should return empty array for unknown tool call', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            const events = logger.getToolCallEvents('nonexistent');
+            expect(events).toEqual([]);
+            logger.close();
+        });
+    });
+    describe('getEventsByType', () => {
+        it('should return only events of the specified type', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            const tc1 = createTestToolCall({ tool_call_id: 'tc-001' });
+            const tc2 = createTestToolCall({ tool_call_id: 'tc-002' });
+            logger.logToolCallReceived(tc1);
+            logger.logToolCallReceived(tc2);
+            logger.logPolicyDecided(tc1, 'ALLOW', 'r-1', []);
+            logger.logToolExecuted(tc1, 'success', 100);
+            const received = logger.getEventsByType('TOOL_CALL_RECEIVED');
+            expect(received).toHaveLength(2);
+            received.forEach(e => expect(e.event_type).toBe('TOOL_CALL_RECEIVED'));
+            const policy = logger.getEventsByType('POLICY_DECIDED');
+            expect(policy).toHaveLength(1);
+            expect(policy[0].event_type).toBe('POLICY_DECIDED');
+            const executed = logger.getEventsByType('TOOL_EXECUTED');
+            expect(executed).toHaveLength(1);
+            logger.close();
+        });
+        it('should return empty array for type with no events', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            const events = logger.getEventsByType('INCIDENT_RAISED');
+            expect(events).toEqual([]);
+            logger.close();
+        });
+    });
+    describe('getAllEvents', () => {
+        it('should return all logged events', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            const toolCall = createTestToolCall();
+            logger.logToolCallReceived(toolCall);
+            logger.logPolicyDecided(toolCall, 'DENY', 'r-1', ['blocked']);
+            logger.logIncident(toolCall, 'high', 'policy_violation', 'desc', 'action');
+            const all = logger.getAllEvents();
+            expect(all).toHaveLength(3);
+            logger.close();
+        });
+        it('should return a copy of the events array', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            const toolCall = createTestToolCall();
+            logger.logToolCallReceived(toolCall);
+            const all1 = logger.getAllEvents();
+            const all2 = logger.getAllEvents();
+            // Same contents, different array references
+            expect(all1).toEqual(all2);
+            expect(all1).not.toBe(all2);
+            logger.close();
+        });
+        it('should return empty array when no events logged', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            expect(logger.getAllEvents()).toEqual([]);
+            logger.close();
+        });
+    });
+    // -----------------------------------------------------------------------
+    // Clear
+    // -----------------------------------------------------------------------
+    describe('clear', () => {
+        it('should remove all stored events', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            const toolCall = createTestToolCall();
+            logger.logToolCallReceived(toolCall);
+            logger.logPolicyDecided(toolCall, 'ALLOW', 'r-1', []);
+            logger.logToolExecuted(toolCall, 'success', 50);
+            expect(logger.getAllEvents()).toHaveLength(3);
+            logger.clear();
+            expect(logger.getAllEvents()).toHaveLength(0);
+            expect(logger.getTaskTrace('task-001')).toEqual([]);
+            expect(logger.getToolCallEvents('tc-001')).toEqual([]);
+            logger.close();
+        });
+        it('should allow logging new events after clear', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            const toolCall = createTestToolCall();
+            logger.logToolCallReceived(toolCall);
+            logger.clear();
+            const event = logger.logPolicyDecided(toolCall, 'ALLOW', 'r-2', []);
+            expect(logger.getAllEvents()).toHaveLength(1);
+            expect(event.event_type).toBe('POLICY_DECIDED');
+            logger.close();
+        });
+    });
+    // -----------------------------------------------------------------------
+    // File-based logging
+    // -----------------------------------------------------------------------
+    describe('file-based logging', () => {
+        let tmpDir;
+        beforeEach(() => {
+            tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'audit-logger-test-'));
+        });
+        afterEach(() => {
+            // Clean up temp dir
+            fs.rmSync(tmpDir, { recursive: true, force: true });
+        });
+        it('should write events to a JSONL file when log_dir is set', (done) => {
+            const config = {
+                enabled: true,
+                log_dir: tmpDir,
+                console_output: false,
+                retention_days: 30,
+            };
+            const logger = new logger_1.AuditLogger(config);
+            const toolCall = createTestToolCall();
+            logger.logToolCallReceived(toolCall);
+            logger.logPolicyDecided(toolCall, 'ALLOW', 'r-1', ['pass']);
+            logger.logToolExecuted(toolCall, 'success', 100, 200);
+            // Close the stream to flush all writes, then verify
+            logger.close();
+            // Give the stream a moment to finish flushing
+            setTimeout(() => {
+                const today = new Date().toISOString().split('T')[0];
+                const logFile = path.join(tmpDir, `audit-${today}.jsonl`);
+                expect(fs.existsSync(logFile)).toBe(true);
+                const content = fs.readFileSync(logFile, 'utf-8').trim();
+                const lines = content.split('\n');
+                expect(lines).toHaveLength(3);
+                // Each line should be valid JSON and a proper AuditEvent
+                const parsed = lines.map(line => JSON.parse(line));
+                expect(parsed[0].event_type).toBe('TOOL_CALL_RECEIVED');
+                expect(parsed[1].event_type).toBe('POLICY_DECIDED');
+                expect(parsed[2].event_type).toBe('TOOL_EXECUTED');
+                // All events should have event_id and timestamp
+                parsed.forEach(event => {
+                    expect(event.event_id).toBeDefined();
+                    expect(event.timestamp).toBeDefined();
+                    expect(event.tool_call_id).toBe('tc-001');
+                });
+                done();
+            }, 100);
+        });
+        it('should create log directory if it does not exist', () => {
+            const nestedDir = path.join(tmpDir, 'nested', 'audit', 'logs');
+            const config = {
+                enabled: true,
+                log_dir: nestedDir,
+                console_output: false,
+                retention_days: 30,
+            };
+            const logger = new logger_1.AuditLogger(config);
+            expect(fs.existsSync(nestedDir)).toBe(true);
+            logger.close();
+        });
+    });
+    // -----------------------------------------------------------------------
+    // Disabled logger
+    // -----------------------------------------------------------------------
+    describe('disabled logger', () => {
+        it('should still store events in memory when disabled', () => {
+            const logger = new logger_1.AuditLogger(disabledConfig());
+            const toolCall = createTestToolCall();
+            const event = logger.logToolCallReceived(toolCall);
+            expect(event.event_id).toBeDefined();
+            expect(event.timestamp).toBeDefined();
+            expect(logger.getAllEvents()).toHaveLength(1);
+            logger.close();
+        });
+        it('should not write to file when disabled (even if log_dir is set)', (done) => {
+            const tmpDir = fs.mkdtempSync(path.join(os.tmpdir(), 'audit-disabled-test-'));
+            const config = {
+                enabled: false,
+                log_dir: tmpDir,
+                console_output: false,
+                retention_days: 30,
+            };
+            const logger = new logger_1.AuditLogger(config);
+            const toolCall = createTestToolCall();
+            logger.logToolCallReceived(toolCall);
+            logger.close();
+            setTimeout(() => {
+                // No log file should exist because enabled=false prevents stream creation
+                const files = fs.readdirSync(tmpDir);
+                expect(files).toHaveLength(0);
+                // Clean up
+                fs.rmSync(tmpDir, { recursive: true, force: true });
+                done();
+            }, 100);
+        });
+        it('should allow querying events when disabled', () => {
+            const logger = new logger_1.AuditLogger(disabledConfig());
+            const toolCall = createTestToolCall({ task_id: 'task-X' });
+            logger.logToolCallReceived(toolCall);
+            logger.logPolicyDecided(toolCall, 'ALLOW', 'r-1', []);
+            const trace = logger.getTaskTrace('task-X');
+            expect(trace).toHaveLength(2);
+            const byType = logger.getEventsByType('TOOL_CALL_RECEIVED');
+            expect(byType).toHaveLength(1);
+            logger.close();
+        });
+    });
+    // -----------------------------------------------------------------------
+    // Console output (just verifying it doesn't crash)
+    // -----------------------------------------------------------------------
+    describe('console output', () => {
+        it('should log to console without errors when console_output is true', () => {
+            const consoleSpy = jest.spyOn(console, 'log').mockImplementation(() => { });
+            const config = {
+                enabled: true,
+                log_dir: '',
+                console_output: true,
+                retention_days: 30,
+            };
+            const logger = new logger_1.AuditLogger(config);
+            const toolCall = createTestToolCall();
+            logger.logToolCallReceived(toolCall);
+            expect(consoleSpy).toHaveBeenCalledTimes(1);
+            // Verify the console output is valid JSON
+            const loggedArg = consoleSpy.mock.calls[0][0];
+            const parsed = JSON.parse(loggedArg);
+            expect(parsed.level).toBe('info');
+            expect(parsed.event_type).toBe('TOOL_CALL_RECEIVED');
+            expect(parsed.tool_call_id).toBe('tc-001');
+            consoleSpy.mockRestore();
+            logger.close();
+        });
+    });
+    // -----------------------------------------------------------------------
+    // Event uniqueness
+    // -----------------------------------------------------------------------
+    describe('event uniqueness', () => {
+        it('should generate unique event_ids for each event', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            const toolCall = createTestToolCall();
+            const e1 = logger.logToolCallReceived(toolCall);
+            const e2 = logger.logPolicyDecided(toolCall, 'ALLOW', 'r-1', []);
+            const e3 = logger.logToolExecuted(toolCall, 'success', 100);
+            const ids = [e1.event_id, e2.event_id, e3.event_id];
+            const uniqueIds = new Set(ids);
+            expect(uniqueIds.size).toBe(3);
+            logger.close();
+        });
+    });
+    // -----------------------------------------------------------------------
+    // Additional approval event types
+    // -----------------------------------------------------------------------
+    describe('logApprovalDenied', () => {
+        it('should create proper APPROVAL_DENIED event', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            const toolCall = createTestToolCall();
+            const event = logger.logApprovalDenied(toolCall, 'admin-007', 'Too risky');
+            expect(event.event_type).toBe('APPROVAL_DENIED');
+            expect(event.metadata.approver_id).toBe('admin-007');
+            expect(event.metadata.reason).toBe('Too risky');
+            logger.close();
+        });
+    });
+    describe('logApprovalExpired', () => {
+        it('should create proper APPROVAL_EXPIRED event', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            const toolCall = createTestToolCall();
+            const event = logger.logApprovalExpired(toolCall);
+            expect(event.event_type).toBe('APPROVAL_EXPIRED');
+            expect(event.metadata).toEqual({});
+            logger.close();
+        });
+    });
+    // -----------------------------------------------------------------------
+    // Close
+    // -----------------------------------------------------------------------
+    describe('close', () => {
+        it('should safely close even when no stream exists', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            expect(() => logger.close()).not.toThrow();
+        });
+        it('should be idempotent (can be called multiple times)', () => {
+            const logger = new logger_1.AuditLogger(memoryOnlyConfig());
+            expect(() => {
+                logger.close();
+                logger.close();
+            }).not.toThrow();
+        });
+    });
+});
+//# sourceMappingURL=audit-logger.test.js.map