fraqtal/agentic-dev-template
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity
Files
051bfbf062173acc91aca524156e682e6e158dfe
agentic-dev-template/packages/core-audit/AGENTS.md
Danijel Martinek 0c5ad08dcd feat(core-audit): scaffold optional package (no impls yet) 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-11 16:10:58 +02:00

1.3 KiB
Raw Blame History

@repo/core-audit

Optional core package providing DPA-compliant audit logging. Scaffold via pnpm turbo gen core-package audit.

Structure

src/
  audit-log.interface.ts          # IAuditLog extends AuditLogProtocol
  audit-logs-collection.ts        # Payload collection (append-only)
  noop-audit-log.ts               # NoopAuditLog
  payload-audit-log.ts            # PayloadAuditLog (local cache impl)
  stdout-json-audit-log.ts        # StdoutJsonAuditLog (log-shipper sink)
  multi-sink-audit-log.ts         # MultiSinkAuditLog (fan-out wrapper)
  trace-id-enriching-audit-log.ts # OTel correlation decorator
  pseudonymize.ts                 # sha256-with-salt for GDPR pseudonymization
  di/bind-audit.ts                # bindAudit binder
  integrations/api/router.ts      # admin tRPC procedure
  hooks/                          # Payload hook factories

Compliance posture

  • AuditEntry type (in @repo/core-shared/audit) has no payload/body/oldValue/newValue fields — type system enforces DPA "what NOT to log".
  • Append-only Payload collection (update: () => false); erasure uses overrideAccess: true for the privileged path.
  • AUDIT_PSEUDONYM_SALT env REQUIRED in production. Validated at bind time.

See docs/guides/audit-and-compliance.md for the full guide.