@audit
Audit namespace plugin -- generates audit triggers for Postgres, MySQL, and SQLite. Postgres: PL/pgSQL trigger function + multi-event trigger with row_to_json. MySQL: Separate per-event triggers with inline bodies using JSON_OBJECT and explicit columns. SQLite: Separate per-event triggers with inline bodies using json_object and explicit columns.
Postgres Mysql (beta) Sqlite (beta)Example
Input SQL
sql
-- @audit(on: [insert, update, delete])
CREATE TABLE orders (
id SERIAL PRIMARY KEY,
customer_id INTEGER NOT NULL,
total NUMERIC(10,2) NOT NULL,
status VARCHAR(20) DEFAULT 'pending'
);Compiled Output
sql
CREATE TABLE IF NOT EXISTS "orders_audit_log" (
id BIGSERIAL PRIMARY KEY,
table_name TEXT NOT NULL,
operation TEXT NOT NULL,
old_data JSONB,
new_data JSONB,
changed_at TIMESTAMPTZ NOT NULL DEFAULT now()
);
CREATE OR REPLACE FUNCTION "orders_audit_fn"() RETURNS TRIGGER AS $$
BEGIN
INSERT INTO "orders_audit_log" (table_name, operation, old_data, new_data, changed_at)
VALUES (TG_TABLE_NAME, TG_OP,
CASE WHEN TG_OP = 'INSERT' THEN NULL ELSE row_to_json(OLD) END,
CASE WHEN TG_OP = 'DELETE' THEN NULL ELSE row_to_json(NEW) END,
now());
RETURN CASE WHEN TG_OP = 'DELETE' THEN OLD ELSE NEW END;
END;
$$ LANGUAGE plpgsql;
CREATE TRIGGER "orders_audit_trigger"
AFTER INSERT OR UPDATE OR DELETE ON "orders"
FOR EACH ROW EXECUTE FUNCTION "orders_audit_fn"();Tags
@audit
Enable audit logging on this table
Targets: table
Arguments:
| Name | Type | Required | Values |
|---|---|---|---|
| on | array | No | insert, update, delete |
| destination | string | No | — |
@audit.redact
Mark this column for redaction in audit logs
Targets: column
Arguments:
| Name | Type | Required | Values |
|---|---|---|---|
| strategy | enum | Yes | hash, mask, omit |
Lint Rules
audit.require-audit
Tables should have an @audit tag
Default severity: warn