diff --git a/packages/core-shared/package.json b/packages/core-shared/package.json index 0075a5f..e97ca19 100644 --- a/packages/core-shared/package.json +++ b/packages/core-shared/package.json @@ -5,6 +5,7 @@ "type": "module", "exports": { ".": "./src/index.ts", + "./audit": "./src/audit/index.ts", "./di": "./src/di/index.ts", "./di/bind-protocols": "./src/di/bind-protocols.ts", "./di/bind-context": "./src/di/bind-context.ts", diff --git a/packages/core-shared/src/audit/index.ts b/packages/core-shared/src/audit/index.ts new file mode 100644 index 0000000..26bddba --- /dev/null +++ b/packages/core-shared/src/audit/index.ts @@ -0,0 +1,2 @@ +export type { AuditEntry, AuditAction, AuditFrom } from "./audit-entry"; +export { truncateIp } from "./truncate-ip"; diff --git a/packages/core-shared/src/di/bind-protocols.ts b/packages/core-shared/src/di/bind-protocols.ts index 50fca96..e6ea235 100644 --- a/packages/core-shared/src/di/bind-protocols.ts +++ b/packages/core-shared/src/di/bind-protocols.ts @@ -1,14 +1,16 @@ /** * Minimal protocol surfaces used by feature binders to interact with optional * cross-cutting infrastructure (event bus, realtime broadcaster, realtime - * handler registry, metrics). Lives in `core-shared` so `BindContext` can - * reference these unconditionally — features depend on `core-shared`, never + * handler registry, metrics, audit log). Lives in `core-shared` so `BindContext` + * can reference these unconditionally — features depend on `core-shared`, never * on the optional packages directly. * * The optional packages' full interfaces (`IEventBus`, `IRealtimeBroadcaster`, - * `IRealtimeHandlerRegistry`, `IMetrics`) `extends` these — typechecks fail if - * a refactor narrows the protocol surface in a way the full interface would lose. + * `IRealtimeHandlerRegistry`, `IMetrics`, `IAuditLog`) `extends` these — + * typechecks fail if a refactor narrows the protocol surface in a way the full + * interface would lose. */ +import type { AuditEntry } from "../audit/audit-entry"; export type EventBusProtocol = { publish(event: { name: string }, payload: T): Promise; @@ -54,3 +56,15 @@ export type MetricsProtocol = { attributes?: Record, ): void; }; + +/** + * Minimal audit-log protocol surface. `IAuditLog` (in optional `@repo/core-audit`) + * extends this — typechecks fail if narrowed below. Feature binders that + * receive `ctx.auditLog` see only this protocol type. + * + * `eraseSubject` is NOT on the protocol — it's a privileged op exposed only + * on the full `IAuditLog` interface in the optional package. + */ +export type AuditLogProtocol = { + record(entry: AuditEntry): Promise; +}; diff --git a/packages/core-shared/src/index.ts b/packages/core-shared/src/index.ts index 261b0c4..e7701ac 100644 --- a/packages/core-shared/src/index.ts +++ b/packages/core-shared/src/index.ts @@ -1,4 +1,5 @@ export { requireEnv } from "./lib/env"; export { toIsoString } from "./lib/date"; +export * from "./audit"; export * from "./di"; export * from "./instrumentation/index";