auth/audit_log_queries.ts view source
(): number Number of audit metadata validation failures observed since process start.
returns
number auth/audit_log_queries.ts
Audit log database queries.
Records and retrieves auth mutation events for security monitoring. The
canonical fire-and-forget entry point is AppDeps.audit.emit(ctx, input)
(see auth/audit_emitter.ts) — it closes over the pool so audit rows
persist even when the request transaction rolls back. This module only
exposes the in-transaction query_* primitives and the drift counters;
the bound emitter writes through query_audit_log against its captured
pool.
Declarations #
9 declarations
get_audit_metadata_validation_failures #
get_audit_metadata_validation_failures
get_audit_unknown_event_type_failures #
get_audit_unknown_event_type_failures
auth/audit_log_queries.ts view source
(): number Number of audit unknown-event-type failures observed since process start.
returns
number query_audit_log #
query_audit_log
auth/audit_log_queries.ts view source
<T extends string>(deps: QueryDeps, input: AuditLogInput<T>, config?: AuditLogConfig): Promise<AuditLogEvent> Insert an audit log entry.
RETURNING * so callers receive DB-assigned fields (id, seq,
created_at). Validates metadata against config.metadata_schemas;
unknown event_type and metadata mismatches log + bump their counters
but write the row anyway. Consumers extend the recognized set via
create_audit_log_config({extra_events}).
In-transaction call site for query helpers that must atomically write the
row alongside other mutations (e.g. query_accept_offer). Fire-and-forget
call sites should reach for AppDeps.audit.emit instead — that wrapper
closes over the pool so audit rows persist when the parent transaction
rolls back.
deps
query dependencies
type QueryDeps
input
the audit event to record
type
AuditLogInput<T>config
audit-log config. Defaults to BUILTIN_AUDIT_LOG_CONFIG.
type AuditLogConfig
default
BUILTIN_AUDIT_LOG_CONFIGreturns
Promise<AuditLogEvent> the inserted audit log row
query_audit_log_cleanup_before #
query_audit_log_cleanup_before
auth/audit_log_queries.ts view source
(deps: QueryDeps, before: Date): Promise<number> Delete audit log entries older than the given date.
deps
query dependencies
type QueryDeps
before
delete entries created before this date
type
Datereturns
Promise<number> the number of entries deleted
query_audit_log_list #
query_audit_log_list
auth/audit_log_queries.ts view source
(deps: QueryDeps, options?: AuditLogListOptions | undefined): Promise<AuditLogEvent[]> List audit log entries, newest first.
deps
query dependencies
type QueryDeps
options?
filters and pagination
type
AuditLogListOptions | undefinedoptional
returns
Promise<AuditLogEvent[]> matching audit log entries
query_audit_log_list_role_grant_history #
query_audit_log_list_role_grant_history
auth/audit_log_queries.ts view source
(deps: QueryDeps, limit?: number, offset?: number): Promise<{ id: string & $brand<"Uuid">; seq: number; event_type: string; outcome: "success" | "failure"; actor_id: (string & $brand<...>) | null; ... 7 more ...; target_username: string | null; }[]> List role_grant grant/revoke events with resolved usernames.
deps
query dependencies
type QueryDeps
limit
maximum entries to return
type
number default
AUDIT_LOG_DEFAULT_LIMIToffset
number of entries to skip
type
number default
0returns
Promise<{ id: string & $brand<"Uuid">; seq: number; event_type: string; outcome: "success" | "failure"; actor_id: (string & $brand<"Uuid">) | null; account_id: (string & $brand<...>) | null; ... 6 more ...; target_username: string | null; }[]> role_grant history events with username and target_username
query_audit_log_list_with_usernames #
query_audit_log_list_with_usernames
auth/audit_log_queries.ts view source
(deps: QueryDeps, options?: AuditLogListOptions | undefined): Promise<{ id: string & $brand<"Uuid">; seq: number; event_type: string; outcome: "success" | "failure"; ... 8 more ...; target_username: string | null; }[]> List audit log entries with resolved usernames, newest first.
deps
query dependencies
type QueryDeps
options?
filters and pagination
type
AuditLogListOptions | undefinedoptional
returns
Promise<{ id: string & $brand<"Uuid">; seq: number; event_type: string; outcome: "success" | "failure"; actor_id: (string & $brand<"Uuid">) | null; account_id: (string & $brand<...>) | null; ... 6 more ...; target_username: string | null; }[]> matching audit log entries with username and target_username
reset_audit_metadata_validation_failures #
reset_audit_metadata_validation_failures
auth/audit_log_queries.ts view source
(): void Reset the counter — for tests only.
returns
void reset_audit_unknown_event_type_failures #
reset_audit_unknown_event_type_failures
auth/audit_log_queries.ts view source
(): void Reset the counter — for tests only.
returns
void