src/utils/securityAudit.js

import { AuditLog } from "../models/AuditLog.js";
import { extractFeatures } from "../security/featureExtractor.js";
import { isAnomaly } from "../security/anomalyEngine.js";
import { emitAdminAlert } from "../ws/adminWs.js";

export async function securityAudit(req, payload) {
  const log = await AuditLog.create({
    ...payload,
    userId: req.user?.id,
    ip: req.ip,
    userAgent: req.headers["user-agent"],
  });

  const features = await extractFeatures(log);
  if (isAnomaly(features)) {
    log.isAnomaly = true;
    await log.save();
    emitAdminAlert({ type: "ML_ANOMALY", action: log.action });
  }
}