Add audit log schema and multi-tenant isolation strategies

[Copilot]

Adds compliance audit logging specification and documents three multi-tenant isolation patterns with operational trade-offs.

Audit Log Schema (audit.zod.ts)

Complete audit event specification supporting SOX/HIPAA/GDPR compliance:

const auditConfig: AuditConfig = {
  name: 'production_audit',
  label: 'Production Audit',
  storage: { type: 'clickhouse' },
  retentionPolicy: { retentionDays: 180 },
  suspiciousActivityRules: [{
    id: 'brute_force',
    eventTypes: ['auth.login_failed'],
    condition: { threshold: 5, windowSeconds: 600 },
    actions: ['alert', 'lock_account']
  }],
  compliance: {
    standards: ['gdpr', 'sox', 'hipaa'],
    immutableLogs: true
  }
};

Event Coverage:

• Data operations: CRUD, bulk ops, import/export
• Authentication: login, MFA, password resets, session management
• Authorization: permission grants, role assignments, policy changes
• Security: access denials, breach detection, API key lifecycle

Architecture:

• 8 severity levels (debug → emergency)
• Actor/target/change tracking with geographic context
• Configurable retention with archive support
• Pre-built suspicious activity detection rules
• Field redaction for sensitive data
• Multiple storage backends (PostgreSQL, Elasticsearch, ClickHouse, S3)

Multi-Tenant Isolation Strategies (tenant.zod.ts)

Documents three isolation patterns with decision matrix:

Row-Level (RLS)

PostgreSQL policies, shared schema. Use for: cost-sensitive SaaS.

• ✅ Simple backups, efficient resources, easy migration
• ❌ RLS misconfiguration risk, noisy neighbors

Schema-Level

Separate schema per tenant. Use for: enterprise B2B with compliance needs.

• ✅ Better isolation, per-tenant permissions, simplified queries
• ❌ Complex migrations across N schemas

Database-Level

Separate database per tenant. Use for: regulated industries (healthcare, finance).

• ✅ Complete isolation, per-tenant encryption, strict compliance
• ❌ Connection pool exhaustion, operational complexity

Each strategy includes configuration schemas for connection pooling, migrations, backups, and encryption.

const isolationConfig: TenantIsolationConfig = {
  strategy: 'isolated_schema',
  schema: { namingPattern: 'tenant_{tenant_id}' },
  migrations: { strategy: 'parallel', maxConcurrent: 10 },
  performance: { poolPerSchema: false }
};

Security Policy Schema

Adds compliance requirements per tenant:

• Encryption: at-rest, in-transit, field-level
• Access control: MFA requirements, SSO, IP whitelisting
• Compliance standards: SOX, HIPAA, GDPR, PCI-DSS, ISO 27001
• Data residency: region restrictions

Test Coverage

• 43 audit schema tests
• 39 tenant isolation tests
• Zero CodeQL security findings

Original prompt

1. 审计日志架构（合规阻塞）

文件: packages/spec/src/system/audit.zod.ts（新建）
工作量: 3 天
影响: SOX、HIPAA、GDPR 合规所需

为什么关键: 没有审计跟踪 = 无法追踪谁在何时做了什么 = 合规失败

功能需求:

记录所有数据操作（创建、读取、更新、删除）
记录认证事件（登录、登出、密码重置）
记录授权变更（权限授予、角色分配）
支持 180 天保留期（GDPR 6 个月要求）
可疑活动告警（如：10 分钟内 5 次登录失败）
2. 多租户隔离策略（安全阻塞）

文件: packages/spec/src/system/tenant.zod.ts（扩展现有）
工作量: 5 天
影响: 安全的多租户、数据隔离

为什么关键: 当前 tenant.zod.ts 缺少隔离策略文档。存在跨租户数据泄露风险。

需要文档化三种隔离策略:

行级隔离（推荐）：每个表添加 tenant_id + PostgreSQL RLS

✅ 优点：简单备份、成本效益高、易于迁移
❌ 缺点：RLS 配置错误可能导致数据泄露
模式级隔离（企业版）：为每个租户创建独立 schema

✅ 优点：更好隔离、易于调试
❌ 缺点：复杂备份、迁移成本高
数据库级隔离（受监管行业）：为每个租户创建独立数据库

✅ 优点：完美隔离、符合监管要求
❌ 缺点：昂贵、连接池限制

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
spec	Ready	Preview, Comment	Jan 23, 2026 3:04pm

[github-actions]

This PR is very large. Consider breaking it into smaller PRs for easier review.

[Copilot]

Pull request overview

This PR adds comprehensive audit logging and multi-tenant isolation specifications to the ObjectStack spec repository. It introduces two major components: a complete audit event system for compliance tracking (SOX, HIPAA, GDPR) and detailed documentation of three multi-tenant isolation strategies with operational trade-offs.

Changes:

• Added audit.zod.ts with audit event schemas supporting compliance requirements
• Extended tenant.zod.ts with three isolation strategy schemas (row-level, schema-level, database-level) and security policies
• Added comprehensive test suites (43 audit tests, 39 tenant tests)

Reviewed changes

Copilot reviewed 93 out of 93 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
packages/spec/src/system/audit.zod.ts	Complete audit logging specification with event types, storage, retention, and suspicious activity rules
packages/spec/src/system/audit.test.ts	Comprehensive test suite for audit schemas
packages/spec/src/system/tenant.zod.ts	Extended with multi-tenant isolation strategies and security policies
packages/spec/src/system/tenant.test.ts	Tests for isolation strategies and security policies
packages/spec/src/system/index.ts	Export added for audit module
packages/spec/json-schema/*.json	Generated JSON schemas for all new types
content/docs/references/**/*.mdx	Documentation files for schemas