package audit import ( "context" "time" "tm/pkg/logger" ) const ActionPasswordReset = "password.reset" // TargetType values for audit entries. const ( TargetTypeAdmin = "admin" TargetTypeCustomer = "customer" ) // Entry represents a security-relevant audit event. type Entry struct { ActorID string TargetType string TargetID string Action string At int64 } // Logger records audit events. type Logger interface { Log(ctx context.Context, entry Entry) } type auditLogger struct { logger logger.Logger } // NewLogger creates an audit logger backed by structured application logs. func NewLogger(log logger.Logger) Logger { return &auditLogger{logger: log} } func (a *auditLogger) Log(ctx context.Context, entry Entry) { if entry.At == 0 { entry.At = time.Now().Unix() } a.logger.Info("audit event", map[string]interface{}{ "audit": true, "actor_id": entry.ActorID, "target_type": entry.TargetType, "target_id": entry.TargetID, "action": entry.Action, "at": entry.At, }) }