auth/audit_log_routes.ts

Audit log SSE stream route.

The two list-reads (audit_log_list, audit_log_role_grant_history) moved to RPC in auth/admin_actions.ts, and the admin session listing moved to admin_session_list on the same file. What remains here is the optional GET /audit/stream SSE route — streams aren't an action-kind, so they stay on REST. The event payload broadcast on the stream surfaces via AUDIT_LOG_EVENT_SPECS (one EventSpec per audit event type) declared alongside the broadcaster in ../realtime/sse_auth_guard.ts.

Declarations
#

2 declarations

view source

AuditLogRouteOptions
#

auth/audit_log_routes.ts view source

AuditLogRouteOptions

Options for audit log route specs.

required_role

Role required to access audit routes. Default 'admin'.

type string

stream

When provided, includes an SSE route at /audit/stream for realtime audit events. The subscribe function receives the stream, channels, and the subscriber's account_id as an identity key — enabling close_by_identity() for auth revocation.

type { subscribe: (stream: SseStream<SseNotification>, options?: SubscribeOptions) => () => void; log: Logger; }

create_audit_log_route_specs
#

auth/audit_log_routes.ts view source

(options?: AuditLogRouteOptions | undefined): RouteSpec[]

Create the optional audit-log SSE route spec.

Returns an empty array when options.stream is not set — no REST routes live here apart from the stream.

options?

optional stream wiring + role override

type AuditLogRouteOptions | undefined
optional

returns

RouteSpec[]

the SSE route spec (when options.stream is provided) or an empty array

Depends on
#