secrets/crates/secrets-core/src/service/audit_log.rs

use anyhow::Result;
use sqlx::PgPool;
use uuid::Uuid;

use crate::models::AuditLogEntry;

pub async fn list_for_user(pool: &PgPool, user_id: Uuid, limit: i64) -> Result<Vec<AuditLogEntry>> {
    let limit = limit.clamp(1, 200);

    let rows = sqlx::query_as(
        "SELECT id, user_id, action, namespace, kind, name, detail, actor, created_at \
         FROM audit_log \
         WHERE user_id = $1 OR (user_id IS NULL AND detail->>'user_id' = $1::text) \
         ORDER BY created_at DESC, id DESC \
         LIMIT $2",
    )
    .bind(user_id)
    .bind(limit)
    .fetch_all(pool)
    .await?;

    Ok(rows)
}