feat: real audit_log with redaction + pending_changes; replace stub

tests/repos/audit.test.js

@@ -0,0 +1,46 @@
+import { describe, it, expect, beforeEach } from 'vitest';
+import { resetDb } from '../helpers/db.js';
+import { migrateUp } from '../../lib/db/migrate.js';
+import * as spaces from '../../lib/db/repos/spaces.js';
+import * as audit from '../../lib/db/repos/audit.js';
+
+const owner = { kind: 'user', id: null };
+beforeEach(async () => { await resetDb(); await migrateUp(); });
+
+describe('audit log', () => {
+  it('creates an audit row on space create', async () => {
+    const s = await spaces.create({ slug: 'h', name: 'H' }, owner);
+    const rows = await audit.listForEntity('space', s.id);
+    expect(rows).toHaveLength(1);
+    expect(rows[0].action).toBe('create');
+  });
+
+  it('records the diff of an update', async () => {
+    const s = await spaces.create({ slug: 'h', name: 'H' }, owner);
+    await spaces.update(s.id, { name: 'Hh' }, owner);
+    const rows = await audit.listForEntity('space', s.id);
+    const upd = rows.find(r => r.action === 'update');
+    expect(upd.diff.changes.name.before).toBe('H');
+    expect(upd.diff.changes.name.after).toBe('Hh');
+  });
+
+  it('redacts known sensitive keys', async () => {
+    await audit.recordAudit(owner, 'update', 'test', null,
+      { token: 'secret-abc' }, { token: 'secret-def' }
+    );
+    const rows = await audit.listByActor({});
+    const r = rows.find(r => r.entity_type === 'test');
+    expect(r.diff.changes.token.before).toBe('[REDACTED]');
+    expect(r.diff.changes.token.after).toBe('[REDACTED]');
+  });
+
+  it('redacts sensitive keys in nested objects', async () => {
+    await audit.recordAudit(owner, 'create', 'nested', null,
+      null, { outer: { password: 'hunter2', name: 'ok' } }
+    );
+    const rows = await audit.listByActor({});
+    const r = rows.find(r => r.entity_type === 'nested');
+    expect(r.diff.after.outer.password).toBe('[REDACTED]');
+    expect(r.diff.after.outer.name).toBe('ok');
+  });
+});