Stratara.EventSourcing.Pipeline.CommandAudit
3.1.6
dotnet add package Stratara.EventSourcing.Pipeline.CommandAudit --version 3.1.6
NuGet\Install-Package Stratara.EventSourcing.Pipeline.CommandAudit -Version 3.1.6
<PackageReference Include="Stratara.EventSourcing.Pipeline.CommandAudit" Version="3.1.6" />
<PackageVersion Include="Stratara.EventSourcing.Pipeline.CommandAudit" Version="3.1.6" />
<PackageReference Include="Stratara.EventSourcing.Pipeline.CommandAudit" />
paket add Stratara.EventSourcing.Pipeline.CommandAudit --version 3.1.6
#r "nuget: Stratara.EventSourcing.Pipeline.CommandAudit, 3.1.6"
#:package Stratara.EventSourcing.Pipeline.CommandAudit@3.1.6
#addin nuget:?package=Stratara.EventSourcing.Pipeline.CommandAudit&version=3.1.6
#tool nuget:?package=Stratara.EventSourcing.Pipeline.CommandAudit&version=3.1.6
Stratara.EventSourcing.Pipeline.CommandAudit
License: MIT.
Mediator pipeline behavior that records an audit row for every dispatched command in the Stratara event-sourced stack. Both arities are provided so consumers can register a single behavior pair and have it apply to all command shapes.
What's in the box
| Type | Purpose |
|---|---|
CommandAuditBehavior<TRequest> |
Runs the audit-write step before delegating to next() for IRequest (commands without result). |
CommandAuditBehavior<TRequest, TResult> |
Same, for IRequest<TResult> (commands with result + queries). Only records when the request also implements ICommandBase — queries flow through untouched. |
CommandAuditWriter (internal) |
Opens a transaction on IWriteUnitOfWork, writes via ICommandAuditRepository.AddAsync, commits. |
The behavior only audits commands — query requests reach the same generic interface but are filtered by the is ICommandBase check, so registering both behaviors application-wide is safe.
Quick start
// At composition time, alongside the other framework pipeline behaviors:
builder.Services
.AddPipelineBehaviorWithResult(typeof(CommandAuditBehavior<,>))
.AddPipelineBehavior(typeof(CommandAuditBehavior<>));
The behaviors resolve IWriteUnitOfWork from DI (ships with Stratara.EventSourcing.EntityFrameworkCore in the default deployment). No additional registration is needed.
Dependencies
Stratara.Abstractions— forIPipelineBehavior<,>,IRequest/IRequest<T>,ICommandBase,IWriteUnitOfWork,ICommandAuditRepository.JetBrains.Annotations—[UsedImplicitly]on the public behavior classes (DI-instantiated, no static call site).
At runtime an IWriteUnitOfWork implementation must be registered — typically by referencing Stratara.EventSourcing.EntityFrameworkCore and calling AddWriteStore(IConfiguration).
Security note — command payload contents
The audit row stores CommandTypeName and the serialized CommandJson of the dispatched command. Whatever fields your commands carry land in the audit table. Sensitive data (passwords, tokens, API keys, encryption material) MUST NOT live on a command record — or must be marked with [EncryptData] so the registered ISecureJsonSerializer encrypts them before persistence.
The default Stratara registration uses ISecureJsonSerializer (AES-GCM + tenant-scoped AAD) for the audit serialization, so [EncryptData]-annotated properties are protected. Plain-text properties go to disk unencrypted — treat the audit table accordingly when designing command shapes.
| Product | Versions Compatible and additional computed target framework versions. |
|---|---|
| .NET | net10.0 is compatible. net10.0-android was computed. net10.0-browser was computed. net10.0-ios was computed. net10.0-maccatalyst was computed. net10.0-macos was computed. net10.0-tvos was computed. net10.0-windows was computed. |
-
net10.0
- JetBrains.Annotations (>= 2025.2.4)
- Stratara.Abstractions (>= 3.1.6)
NuGet packages
This package is not used by any NuGet packages.
GitHub repositories
This package is not used by any popular GitHub repositories.
### Changed
- **License changed from FSL-1.1-MIT to the MIT License.** Stratara is now OSI-approved open
source — free for any use, including commercial, with no competition clause and no two-year
conversion delay. The previous Functional Source License (source-available, converting to MIT
two years after each release) has been replaced outright. Package metadata now declares the
SPDX expression `MIT` (`PackageLicenseExpression`), so nuget.org renders a standard clickable
MIT license label instead of an embedded custom-license file. The `LICENSE` file at the repo
root now contains the standard MIT text and is still bundled into every package. No code or API
changes accompany this — it is purely a licensing and metadata change. Previously published
versions (3.0.20 through 3.1.5) remain under the FSL terms they shipped with; this change applies
to all versions released from here on.