auth/audit_log_schema.ts

Audit log database schema and types.

Records auth mutations (login, logout, grant, revoke, etc.) for security monitoring and operational visibility.

Declarations
#

15 declarations

view source

AdminSessionJson
#

auth/audit_log_schema.ts view source

ZodObject<{ id: ZodString; account_id: ZodString; created_at: ZodString; expires_at: ZodString; last_seen_at: ZodString; username: ZodString; }, $strict>

Zod schema for admin session listing (session + username).

AUDIT_EVENT_TYPES
#

auth/audit_log_schema.ts view source

readonly ["login", "logout", "bootstrap", "signup", "password_change", "session_revoke", "session_revoke_all", "token_create", "token_revoke", "token_revoke_all", "permit_grant", "permit_revoke", "invite_create", "invite_delete", "app_settings_update"]

All tracked auth event types.

AUDIT_LOG_INDEXES
#

AUDIT_LOG_SCHEMA
#

auth/audit_log_schema.ts view source

"\nCREATE TABLE IF NOT EXISTS audit_log (\n id UUID PRIMARY KEY DEFAULT gen_random_uuid(),\n seq SERIAL NOT NULL,\n event_type TEXT NOT NULL,\n outcome TEXT NOT NULL DEFAULT 'success',\n actor_id UUID REFERENCES actor(id) ON DELETE SET NULL,\n account_id UUID REFERENCES account(id) ON DELETE SET NULL,\n targe...

AUDIT_METADATA_SCHEMAS
#

auth/audit_log_schema.ts view source

{ login: ZodNullable<ZodObject<{ username: ZodString; }, $loose>>; logout: ZodNull; bootstrap: ZodNullable<ZodObject<{ error: ZodString; }, $loose>>; ... 11 more ...; app_settings_update: ZodObject<...>; }

Per-event-type metadata Zod schemas.

Uses z.looseObject so consumers can add extra fields (e.g. visiones self_service) while known fields are validated. Events with outcome-dependent metadata use a union with z.null().

AuditEventType
#

auth/audit_log_schema.ts view source

ZodEnum<{ login: "login"; logout: "logout"; bootstrap: "bootstrap"; signup: "signup"; password_change: "password_change"; session_revoke: "session_revoke"; session_revoke_all: "session_revoke_all"; ... 7 more ...; app_settings_update: "app_settings_update"; }>

Zod schema for audit event types.

AuditLogEvent
#

auth/audit_log_schema.ts view source

AuditLogEvent

Audit log row from the database.

id

type string

seq

type number

event_type

type AuditEventType

outcome

type AuditOutcome

actor_id

type string | null

account_id

type string | null

target_account_id

type string | null

ip

type string | null

created_at

type string

metadata

type Record<string, unknown> | null

AuditLogEventJson
#

auth/audit_log_schema.ts view source

ZodObject<{ id: ZodString; seq: ZodNumber; event_type: ZodEnum<{ login: "login"; logout: "logout"; bootstrap: "bootstrap"; signup: "signup"; password_change: "password_change"; session_revoke: "session_revoke"; ... 8 more ...; app_settings_update: "app_settings_update"; }>; ... 6 more ...; metadata: ZodNullable<...>...

Zod schema for client-safe audit log event.

AuditLogEventWithUsernamesJson
#

auth/audit_log_schema.ts view source

ZodObject<{ id: ZodString; seq: ZodNumber; event_type: ZodEnum<{ login: "login"; logout: "logout"; bootstrap: "bootstrap"; signup: "signup"; password_change: "password_change"; session_revoke: "session_revoke"; ... 8 more ...; app_settings_update: "app_settings_update"; }>; ... 8 more ...; target_username: ZodNullab...

Zod schema for audit log events with resolved usernames.

AuditLogInput
#

auth/audit_log_schema.ts view source

AuditLogInput<T>

Input for creating an audit log entry.

generics

T

constraint AuditEventType
default AuditEventType

event_type

type T

outcome

type AuditOutcome

actor_id

type string | null

account_id

type string | null

target_account_id

type string | null

ip

type string | null

metadata

type (AuditMetadataMap[T] & Record<string, unknown>) | null

AuditLogListOptions
#

auth/audit_log_schema.ts view source

AuditLogListOptions

Options for listing audit log entries.

limit

type number

offset

type number

event_type

type AuditEventType

event_type_in

type Array<AuditEventType>

account_id

type string

outcome

type AuditOutcome

since_seq

When set, only return events with seq greater than this value. Enables SSE reconnection gap fill.

type number

AuditMetadataMap
#

AuditOutcome
#

get_audit_metadata
#

auth/audit_log_schema.ts view source

<T extends AuditEventType>(event: AuditLogEvent & { event_type: T; }): AuditMetadataMap[T] | null

Narrow metadata type for a known event type.

Use after checking event_type to get typed metadata access.

event

type AuditLogEvent & { event_type: T; }

returns

AuditMetadataMap[T] | null

PermitHistoryEventJson
#

auth/audit_log_schema.ts view source

ZodObject<{ id: ZodString; seq: ZodNumber; event_type: ZodEnum<{ login: "login"; logout: "logout"; bootstrap: "bootstrap"; signup: "signup"; password_change: "password_change"; session_revoke: "session_revoke"; ... 8 more ...; app_settings_update: "app_settings_update"; }>; ... 8 more ...; target_username: ZodNullab...

Zod schema for permit history events with resolved usernames.

Depends on
#

Imported by
#