namespace ZB.MOM.WW.OtOpcUa.Configuration.Entities;

/// <summary>
///     Append-only audit log for every config write + authorization-check event. Grants revoked for
///     UPDATE / DELETE on all principals (enforced by the authorization migration in B.3).
/// </summary>
public sealed class ConfigAuditLog
{
    public long AuditId { get; set; }

    public DateTime Timestamp { get; set; } = DateTime.UtcNow;

    public required string Principal { get; set; }

    /// <summary>DraftCreated | DraftEdited | Published | RolledBack | NodeApplied | CredentialAdded | CredentialDisabled | ClusterCreated | NodeAdded | ExternalIdReleased | CrossClusterNamespaceAttempt | OpcUaAccessDenied | …</summary>
    public required string EventType { get; set; }

    public string? ClusterId { get; set; }

    public string? NodeId { get; set; }

    public long? GenerationId { get; set; }

    public string? DetailsJson { get; set; }
}