// Audit log + observability helpers. // All endpoints are read-only; the backend writes audit events itself. import type { ArcadiaClient } from "@crema/arcadia-client" export type AuditSeverity = "info" | "warning" | "error" | "critical" | string export interface AuditUser { id: string email: string name: string } export interface AuditLog { id: string tenant_id: string user_id: string | null user: AuditUser | null action: string resource_type: string resource_id: string | null changes: Record | null metadata: Record | null severity: AuditSeverity ip_address: string | null user_agent: string | null inserted_at: string } export interface AuditListParams { action?: string resource_type?: string severity?: AuditSeverity user_id?: string from?: string // ISO8601 to?: string limit?: number offset?: number } export interface AuditStats { total: number by_action: Record by_severity: Record by_resource_type: Record [key: string]: unknown } export async function listAuditLogs( arcadia: ArcadiaClient, params?: AuditListParams, ): Promise { const res = await arcadia.GET<{ data: AuditLog[] }>( "/api/v1/observability/audit_logs", { params: params as Record }, ) return res.data } export async function getAuditLog(arcadia: ArcadiaClient, id: string): Promise { const res = await arcadia.GET<{ data: AuditLog }>( `/api/v1/observability/audit_logs/${id}`, ) return res.data } export async function getAuditStats( arcadia: ArcadiaClient, params?: { from?: string; to?: string }, ): Promise { const res = await arcadia.GET<{ data: AuditStats }>( "/api/v1/observability/audit_stats", { params: params as Record }, ) return res.data }