src/lib/services/audit-search.service.ts

/**
 * Audit log search — PR1 skeleton. PR10 fills in the cursor pagination
 * and per-port + super-admin scoping; v1 already has the GIN index on
 * `audit_logs.search_text`.
 */

import { and, desc, eq, gte, lte, sql, type SQL } from 'drizzle-orm';

import { db } from '@/lib/db';
import { auditLogs, type AuditLog } from '@/lib/db/schema/system';

export interface AuditSearchOptions {
  /** Limit results to a single port. Omit for super-admin all-ports view. */
  portId?: string;
  /** Free-text query — runs against the GIN-indexed search_text column. */
  q?: string;
  /** Filter by actor (user id). */
  userId?: string;
  /** Filter by action verb: 'create' | 'update' | 'delete' | ... */
  action?: string;
  /** Filter by entity type: 'client' | 'interest' | 'document' | ... */
  entityType?: string;
  /** Filter by exact entity id (e.g. paste a uuid into search). */
  entityId?: string;
  /** Inclusive date range. */
  from?: Date;
  to?: Date;
  /** Pagination — cursor on (createdAt, id). */
  cursor?: { createdAt: Date; id: string };
  limit?: number;
}

export interface AuditSearchPage {
  rows: AuditLog[];
  nextCursor: { createdAt: Date; id: string } | null;
}

export async function searchAuditLogs(options: AuditSearchOptions = {}): Promise<AuditSearchPage> {
  const conds: SQL[] = [];
  if (options.portId) conds.push(eq(auditLogs.portId, options.portId));
  if (options.userId) conds.push(eq(auditLogs.userId, options.userId));
  if (options.action) conds.push(eq(auditLogs.action, options.action));
  if (options.entityType) conds.push(eq(auditLogs.entityType, options.entityType));
  if (options.entityId) conds.push(eq(auditLogs.entityId, options.entityId));
  if (options.from) conds.push(gte(auditLogs.createdAt, options.from));
  if (options.to) conds.push(lte(auditLogs.createdAt, options.to));
  if (options.q) {
    // tsquery match against the GENERATED tsvector column.
    conds.push(sql`${auditLogs.searchText} @@ plainto_tsquery('simple', ${options.q})`);
  }
  if (options.cursor) {
    // Strict less-than on (createdAt, id) for stable cursor pagination.
    conds.push(
      sql`(${auditLogs.createdAt}, ${auditLogs.id}) < (${options.cursor.createdAt}, ${options.cursor.id})`,
    );
  }

  const limit = Math.min(options.limit ?? 50, 200);
  const rows = await db.query.auditLogs.findMany({
    where: conds.length > 0 ? and(...conds) : undefined,
    orderBy: [desc(auditLogs.createdAt), desc(auditLogs.id)],
    limit: limit + 1,
  });

  const hasMore = rows.length > limit;
  const truncated = hasMore ? rows.slice(0, limit) : rows;
  const last = truncated[truncated.length - 1];
  return {
    rows: truncated,
    nextCursor: hasMore && last ? { createdAt: last.createdAt, id: last.id } : null,
  };
}
feat(insights): Phase B schema + service skeletons PR1 of Phase B per docs/superpowers/specs/2026-04-28-phase-b-insights-alerts-design.md. Lays the foundation that PRs 2-10 will fill in with behaviour. Schema (migration 0014): - alerts table with rule-engine fields (rule_id, severity, link, entity_type/id, fingerprint, fired/dismissed/acknowledged/resolved timestamps, jsonb metadata). Partial-unique fingerprint index keeps one open row per (port, rule, entity); separate indexes power severity-filtered and time-ordered queries. - analytics_snapshots (port_id, metric_id) -> jsonb cache + computedAt for the 15-min recurring refresh. - expenses: duplicate_of self-FK, dedup_scanned_at, ocr_status/raw/ confidence; partial index on (port, vendor, amount, date) where duplicate_of IS NULL drives the dedup heuristic. - audit_logs.search_text: GENERATED ALWAYS tsvector over action+entity_type+entity_id+user_id, GIN-indexed (drizzle can't model GENERATED ALWAYS in TS yet, so the migration appends manual ALTER + the GIN index). Service skeletons in src/lib/services/: - alerts.service.ts: fingerprintFor, reconcileAlertsForPort (upsert + auto-resolve), dismiss, acknowledge, listAlertsForPort. - alert-rules.ts: RULE_REGISTRY of 10 rule evaluators (currently no-op); PR2 fills in the bodies. - analytics.service.ts: readSnapshot/writeSnapshot with 15-min TTL + no-op compute* stubs for the four chart series; PR3 fills behavior. - expense-dedup.service.ts: scanForDuplicates + markBestDuplicate using the partial dedup index. PR8 wires the BullMQ trigger. - expense-ocr.service.ts: OcrResult/OcrLineItem types + ocrReceipt stub. PR9 wires Claude Vision (Haiku 4.5 + ephemeral system-prompt cache). - audit-search.service.ts: tsvector @@ plainto_tsquery + cursor pagination on (createdAt, id). PR10 wires the admin UI. tsc clean, lint clean, vitest 675/675 (one unrelated AES random-output flake passes solo). Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com> 2026-04-28 14:43:01 +02:00			`/**`
			`* Audit log search — PR1 skeleton. PR10 fills in the cursor pagination`
			`* and per-port + super-admin scoping; v1 already has the GIN index on`
			* `audit_logs.search_text`.
			`*/`

			`import { and, desc, eq, gte, lte, sql, type SQL } from 'drizzle-orm';`

			`import { db } from '@/lib/db';`
			`import { auditLogs, type AuditLog } from '@/lib/db/schema/system';`

			`export interface AuditSearchOptions {`
			`/** Limit results to a single port. Omit for super-admin all-ports view. */`
			`portId?: string;`
			`/** Free-text query — runs against the GIN-indexed search_text column. */`
			`q?: string;`
			`/** Filter by actor (user id). */`
			`userId?: string;`
			`/** Filter by action verb: 'create' \| 'update' \| 'delete' \| ... */`
			`action?: string;`
			`/** Filter by entity type: 'client' \| 'interest' \| 'document' \| ... */`
			`entityType?: string;`
			`/** Filter by exact entity id (e.g. paste a uuid into search). */`
			`entityId?: string;`
			`/** Inclusive date range. */`
			`from?: Date;`
			`to?: Date;`
			`/** Pagination — cursor on (createdAt, id). */`
			`cursor?: { createdAt: Date; id: string };`
			`limit?: number;`
			`}`

			`export interface AuditSearchPage {`
			`rows: AuditLog[];`
			`nextCursor: { createdAt: Date; id: string } \| null;`
			`}`

			`export async function searchAuditLogs(options: AuditSearchOptions = {}): Promise<AuditSearchPage> {`
			`const conds: SQL[] = [];`
			`if (options.portId) conds.push(eq(auditLogs.portId, options.portId));`
			`if (options.userId) conds.push(eq(auditLogs.userId, options.userId));`
			`if (options.action) conds.push(eq(auditLogs.action, options.action));`
			`if (options.entityType) conds.push(eq(auditLogs.entityType, options.entityType));`
			`if (options.entityId) conds.push(eq(auditLogs.entityId, options.entityId));`
			`if (options.from) conds.push(gte(auditLogs.createdAt, options.from));`
			`if (options.to) conds.push(lte(auditLogs.createdAt, options.to));`
			`if (options.q) {`
			`// tsquery match against the GENERATED tsvector column.`
			conds.push(sql`${auditLogs.searchText} @@ plainto_tsquery('simple', ${options.q})`);
			`}`
			`if (options.cursor) {`
			`// Strict less-than on (createdAt, id) for stable cursor pagination.`
			`conds.push(`
			sql`(${auditLogs.createdAt}, ${auditLogs.id}) < (${options.cursor.createdAt}, ${options.cursor.id})`,
			`);`
			`}`

			`const limit = Math.min(options.limit ?? 50, 200);`
			`const rows = await db.query.auditLogs.findMany({`
			`where: conds.length > 0 ? and(...conds) : undefined,`
			`orderBy: [desc(auditLogs.createdAt), desc(auditLogs.id)],`
			`limit: limit + 1,`
			`});`

			`const hasMore = rows.length > limit;`
			`const truncated = hasMore ? rows.slice(0, limit) : rows;`
			`const last = truncated[truncated.length - 1];`
			`return {`
			`rows: truncated,`
			`nextCursor: hasMore && last ? { createdAt: last.createdAt, id: last.id } : null,`
			`};`
			`}`