Graphorin API reference v0.7.0
Graphorin API reference / @graphorin/security / / AuditDb
Interface: AuditDb
Defined in: packages/security/src/audit/audit-db.ts:86
Minimal audit-database surface consumed by the chain operations. Concrete bindings can expose more, but the contract is intentionally small so the verifier remains binding-agnostic.
The methods are deliberately synchronous on the read path - the single-file SQLite default is already in-process, and asynchrony would add no I/O parallelism but would force every audit consumer to plumb promise-state through hot loops.
Stable
Properties
| Property | Modifier | Type | Description | Defined in |
|---|---|---|---|---|
binding | readonly | AuditDbBindingId | Stable identifier of the binding that produced this handle. | packages/security/src/audit/audit-db.ts:88 |
close | readonly | () => Promise<void> | Close the underlying handle. | packages/security/src/audit/audit-db.ts:125 |
count | readonly | () => Promise<number> | Total number of stored entries. | packages/security/src/audit/audit-db.ts:101 |
deleteUpTo | readonly | (threshold) => Promise<number> | Delete entries with seq <= threshold. Used by pruneAudit. | packages/security/src/audit/audit-db.ts:103 |
insert | readonly | (entry) => Promise<StoredAuditEntry> | Append a new audit entry. The binding is responsible for atomicity. | packages/security/src/audit/audit-db.ts:92 |
iterate | readonly | (bounds?) => AsyncIterable<StoredAuditEntry> | Iterate stored entries in seq order. The optional bounds are inclusive. | packages/security/src/audit/audit-db.ts:96 |
latest | readonly | () => Promise< | StoredAuditEntry | undefined> | Read the most-recent entry, used by appendAudit to compute prev_hash. | packages/security/src/audit/audit-db.ts:94 |
path | readonly | string | Path on disk. | packages/security/src/audit/audit-db.ts:90 |
replaceEntry | readonly | (entry) => Promise<void> | Replace a stored entry. The replacement preserves the seq primary key and overwrites prevHash and hash. Used by pruneAudit to root the surviving chain at the genesis prev-hash and recompute the rolling chain hashes. | packages/security/src/audit/audit-db.ts:110 |
transact? | readonly | <T>(fn) => Promise<T> | OPTIONAL cross-process fence (W-011): run fn inside one write transaction on the underlying handle (BEGIN IMMEDIATE semantics - the write lock is held from entry to commit, and a failure rolls back). When present, appendAudit wraps its latest()+insert() read-modify-write in it so two PROCESSES sharing one audit file cannot both hash against the same tip, and pruneAudit runs its delete+rewrite atomically so a concurrent append never chains to a pre-prune tip. Additive: bindings without it keep compiling - appendAudit falls back to a bounded seq-conflict retry, and pruneAudit fails closed. | packages/security/src/audit/audit-db.ts:123 |