Skip to main content

Append-only JSONL file ExternalSink for audit-framework — the reference sink plugin.

Project description

audit-framework-jsonl

An append-only JSON-Lines file sink for audit-framework — and the reference implementation every other ExternalSink (Splunk HEC, Elasticsearch, syslog, …) can be copied from.

It implements the ExternalSink port: one compact JSON object per line, appended to a file. Writes are serialised and offloaded off the event loop, with optional rotation by date and/or size.

Install

pip install audit-framework-jsonl

Use

from audit_framework_jsonl.sink import JsonlFileSink
from audit_framework.core.middlewares.sink_fanout import SinkFanOutMiddleware

sink = JsonlFileSink("/var/log/audit/audit.jsonl", daily=True, max_bytes=50_000_000)
pipeline.use(SinkFanOutMiddleware([sink]))   # fan events out to this sink

Or wire it by configuration through the registry — it advertises itself under the audit_framework.plugins entry point as the file_jsonl external sink:

registry.discover_entrypoints()                 # finds file_jsonl
SinkClass = registry.get("external_sink", "file_jsonl")
sink = SinkClass("/var/log/audit/audit.jsonl")

Each emitted line is event.to_dict() serialised compactly, e.g.:

{"actor_id":"alice","action":"DELETE","resource_type":"contract","resource_id":"c-42",...}

Options

Param Effect
name The sink_name used for per-policy sink filtering (default "file_jsonl").
daily Write to a date-stamped file audit-YYYY-MM-DD.jsonl (one per UTC day).
max_bytes Roll the current file aside (audit.<timestamp>.jsonl) before it exceeds this size. Composes with daily.
clock Injectable time source for rotation stamps (testing).

Writing your own sink

sink.py is deliberately tiny — copy it and change four things:

  1. a stable sink_name (matched against AuditPolicy.sinks),
  2. async emit(event, context) — forward event.to_dict() to your platform (best-effort; raise on permanent failure so the pipeline records it),
  3. async health_check() — report reachability,
  4. a register(registry) that calls registry.register("external_sink", "<name>", YourSink) (+ an audit_framework.plugins entry point in pyproject.toml).

Development

pip install -e ".[dev]"
pytest        # 9 stdlib-only tests (tmp files; no infrastructure)

License

MIT

For AI agents & coding assistants

This package ships its agent guide — AGENTS.mdinside the wheel (installed at <site-packages>/audit_framework_jsonl/AGENTS.md). Read it offline, with no docs site and no network, even from an airgapped Nexus PyPI mirror:

python -m audit_framework_jsonl
python -c "import audit_framework_jsonl; print(audit_framework_jsonl.overview())"

AGENTS.md is the single source of truth: mental model, one runnable quickstart, and the exact public API. audit_framework_jsonl.overview() returns it, and tests/guide_test.py compiles its examples so the guide can't drift from the code.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

audit_framework_jsonl-0.1.1.tar.gz (8.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

audit_framework_jsonl-0.1.1-py3-none-any.whl (9.7 kB view details)

Uploaded Python 3

File details

Details for the file audit_framework_jsonl-0.1.1.tar.gz.

File metadata

  • Download URL: audit_framework_jsonl-0.1.1.tar.gz
  • Upload date:
  • Size: 8.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for audit_framework_jsonl-0.1.1.tar.gz
Algorithm Hash digest
SHA256 0d1bdb456058957bccde9b36c81b6a6b2e127ed2794d7191cb2e303b128128b8
MD5 de7a193a12d66d0009087b58cb862271
BLAKE2b-256 71f39f67803c59ecc310aeefe51d5aaa9b98db673e861dc4a526971cd4848319

See more details on using hashes here.

Provenance

The following attestation bundles were made for audit_framework_jsonl-0.1.1.tar.gz:

Publisher: release.yml on vanmarkic/audit-logger

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file audit_framework_jsonl-0.1.1-py3-none-any.whl.

File metadata

File hashes

Hashes for audit_framework_jsonl-0.1.1-py3-none-any.whl
Algorithm Hash digest
SHA256 e9b43fa0e71c2b5ab7418d7bcefa14e2889c764fb58f0eb405621c1ce8b21214
MD5 713855b043e049c3f09ebbdb7a84707f
BLAKE2b-256 638bf7364b32f43609f1b13ddf1da01664405782bdbfde06e30c9513c53afe29

See more details on using hashes here.

Provenance

The following attestation bundles were made for audit_framework_jsonl-0.1.1-py3-none-any.whl:

Publisher: release.yml on vanmarkic/audit-logger

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page