import type { User } from '@supabase/supabase-js';
import { getSupabaseAdmin } from '@/lib/supabase/admin';

export type AuditEntry = {
  action: string;
  target_type?: string | null;
  target_id?: string | null;
  details?: Record<string, unknown>;
};

/**
 * Best-effort audit logging. Never throws — a failed audit write must not
 * break the underlying admin operation.
 */
export async function logAdminAction(
  actor: User,
  entry: AuditEntry,
): Promise<void> {
  try {
    const admin = getSupabaseAdmin();
    await admin.from('admin_audit_log').insert({
      actor_id: actor.id,
      actor_email: actor.email ?? null,
      action: entry.action,
      target_type: entry.target_type ?? null,
      target_id: entry.target_id ?? null,
      details: entry.details ?? {},
    });
  } catch (e) {
    // Swallow — audit failures should not surface to the client.
    console.error('[audit] failed to write audit log', e);
  }
}