audit · correlation · open source
Who changed what, when, and what happened next —
one query.
Not Jaeger + Loki + Docker logs + logrotate + a homegrown audit table.
import fasten
from fasten.shim.http import RequestIDMiddleware, APILogger
fasten.init() # reads env
app.add_middleware(RequestIDMiddleware) # X-Request-ID
app.add_middleware(APILogger) # api row per request
fasten.emit(code="USER_CREATED", target="u-42",
actor="admin", detail={"email": "a@ex.com"})
fasten.log.info("user_created", user_id="u-42")
# Three streams — audit · sys · api
# One request_id threads all three.Get started in 30 seconds
fasten is a library — runs in your process, Cloud optional.
Audit rows go to durable storage.
One file on disk. Zero deps. WAL mode. Perfect for dev, tests, edge nodes, single-host services.
# .env
FASTEN_SERVICE_ID=my-service
FASTEN_NODE_ID=host-01
FASTEN_AUDIT_DSN=sqlite:///./audit.db
# app.py
import fasten
fasten.init() # reads envSame code, change one env var. Postgres is supported natively; fleet-scale load + failover validation lands with v1.0 GA.
# .env
FASTEN_SERVICE_ID=my-service
FASTEN_NODE_ID=host-01
FASTEN_AUDIT_DSN=postgres://user:pw
@db:5432/app?table=audit_log
# app.py — identical
import fasten
fasten.init() # reads envThe emit call is identical in both modes. Storage swapped at the env-var boundary.
where it fits
Logs · Metrics · Traces · Audit. Plus one
request_id in every stream, so a metric spike, a trace, a
log line and an audit row join in one query.
DIY correlation, label-matching
Typed syslog. request_id auto-stamped by shims.
Prometheus, no cross-pillar link
Exemplars carry request_id. Pivot to logs / audit.
OTel / Jaeger. Strong HTTP, weak elsewhere.
request_id ↔ trace_id. Shims close MQTT / scheduler gaps.
CSVs. Unenforced JSON. Ad-hoc tables.
First-class. 7 anchors typed. Per-code retention. PII-aware.
audit model
The classical audit vocabulary. No string-soup attributes.
request_id
threads every stream, every transport
actor · actor_kindadmin · scheduler · system · agentcode · actionPIPELINE_DEPLOYED · TOOL_CALLEDtimestamp · seqUTC ms · per-node monotonicnode · service · tenantmulti-tenant / multi-site filtertarget · category · domainthe object of the actionmethodhttp · mqtt · cli · scheduler · ui · agent_toolquery
Audit is only useful if it's queryable. Three ways out:
fasten CLI — for operators and CI.fastenThree operator utilities, bundled. Not a product surface.
$ fasten dump # every registered code, sorted: id,domain,severity # feeds the cross-language consistency gate AUTH_LOGIN,user,info ORDER_PLACED,commerce,info PAYMENT_PROCESSED,commerce,info USER_CREATED,user,info ...
$ fasten tail --stream audit --request-id a1b2c3d4 # stream audit rows for one request_id from local or remote 2026-04-22T12:34:56Z USER_CREATED admin target=u-42 2026-04-22T12:34:56Z ORDER_PLACED u-42 target=ord-9001 2026-04-22T12:34:57Z PAYMENT_PROCESSED system target=ord-9001
$ fasten doctor # env vars? store reachable? shims wired? sample emit roundtrip? ✓ FASTEN_SERVICE_ID=api-server ✓ FASTEN_NODE_ID=host-01 ✓ audit store reachable (sqlite:///./logs.db) ✓ http shim wired ✓ emit roundtrip OK (id=evt-01HZ...)
Mount where you need programmatic read access — central aggregator, your own UI, external clients. Three endpoints, identical shape across services.
$ curl "http://$HOST/api/v1/logs/audit?request_id=a1b2c3d4" $ curl "http://$HOST/api/v1/logs/audit?code=PIPELINE_DEPLOYED&since=2026-04-20" $ curl "http://$HOST/api/v1/logs/audit?actor=admin&target=u-42&offset=0&limit=20" $ curl "http://$HOST/api/v1/logs/sys?request_id=a1b2c3d4" $ curl "http://$HOST/api/v1/logs/api?request_id=a1b2c3d4"
# Mount in your service — Python app.mount("/api/v1/logs", fasten.reader.router()) # Go r.Mount("/api/v1/logs", Fasten.Reader())
same shape, six languages
Each language's signature matches its dominant structured-logging idiom (structlog / slog / tracing / pino / SLF4J).
# .env — secrets never appear in code
FASTEN_SERVICE_ID=api-server
FASTEN_NODE_ID=host-01
FASTEN_AUDIT_DSN=postgres://user:pw@db/app?table=audit_log
# app.py
import fasten
from fasten.shim.http import RequestIDMiddleware, APILogger
fasten.init() # reads env
app.add_middleware(RequestIDMiddleware) # mints / honours X-Request-ID
app.add_middleware(APILogger, skip={"/health"}) # one api row per request
@app.post("/users")
async def create(u, actor):
fasten.emit(code="USER_CREATED", target=u.id,
actor=actor.id, detail={"email": u.email})
fasten.log.info("user_created", user_id=u.id)
// .env
FASTEN_SERVICE_ID=checkout-svc
FASTEN_AUDIT_DSN=postgres://user:${DB_PW}@db/shop?table=audit_log
// main.go
import (
"github.com/nerdapplabs/fasten-go/fasten"
httpshim "github.com/nerdapplabs/fasten-go/fasten/shim/http"
)
fasten.Init(fasten.Config{}) // reads env
r := chi.NewRouter()
r.Use(httpshim.RequestID) // mint/honour X-Request-ID
r.Use(fasten.APILogger("/health")) // one api row per request
r.Post("/orders", func(w http.ResponseWriter, req *http.Request) {
ctx := req.Context()
fasten.Emit(ctx, audit.CodeOrderPlaced,
fasten.Target(orderID),
fasten.Detail(map[string]any{"amount": amount}),
)
fasten.Log(ctx).Info("order_placed", "order_id", orderID)
})
// .env
FASTEN_SERVICE_ID=notification-svc
FASTEN_AUDIT_DSN=sqlite:///data/app.db?table=audit_log
// server.ts
import fasten, { EmitInput, withRequestID, mintID } from '@nerdapplabs/fasten';
fasten.init(); // reads env
app.post('/sensors/:id', async (req, res) => {
// honour or mint X-Request-ID; everything emit/log inside inherits it
const rid = req.headers['x-request-id'] ?? mintID();
await withRequestID(rid, async () => {
fasten.emit({
code: 'SENSOR_UPDATED',
target: req.params.id, actor: 'system',
detail: { reading: req.body.value },
} satisfies EmitInput);
fasten.log.info('sensor_updated', { id: req.params.id });
});
res.sendStatus(200);
});
// .env
FASTEN_SERVICE_ID=batch-worker
FASTEN_AUDIT_DSN=sqlite:///var/lib/worker/audit.db?table=audit_log
// main.rs
use fasten::{EmitBuilder, Config};
let cfg = fasten::config_from_env()?;
// Fluent Emit — anchors auto-filled from ctx + config
fasten::EmitBuilder::new("BATCH_PROCESSED", "batch-4211")
.actor("worker-01", "service")
.detail(detail_map)
.emit()
.await?;
// tracing-style log
tracing::info!(batch_id = "4211", "batch_completed");
retention · pii · api log
Not every audit row deserves the same retention.
pii_in_detail — forced minimisation.
Every code declares a class: short, medium,
long. The retention sweep deletes expired rows — on
edges, never before they've replicated to the aggregator.
# defaults, per class short 30 days # e.g., TRIGGER_FIRED, BATCH_PROCESSED medium 180 days # e.g., CONFIG_UPDATED, JOB_COMPLETED long 3 years # e.g., AUTH_LOGIN, PAYMENT_COMPLETED
# override via env — no code change FASTEN_AUDIT_RETENTION_CLASS_LONG=2555 # 7y (regulated) FASTEN_AUDIT_RETENTION_OVERRIDE="long=7y,medium=1y" FASTEN_RETENTION_SWEEP_INTERVAL=6h
Codes declared pii_in_detail: true force the
short class regardless — shortest safe retention by
default. API log rows go ring-buffer + stdout by default; persist
them via FASTEN_API_DSN when you need a durable HTTP
access trail.
# .env — opt into persistent API log FASTEN_API_DSN=postgres://user:pw@db/app?table=api_log FASTEN_API_RETENTION_DAYS=180 # HIPAA-friendly
# code declaration — retention + PII class on the code register("user", { "AUTH_LOGIN": Meta(..., retention_class="long"), "AUTH_FAILED": Meta(..., retention_class="long", pii_in_detail=True), }) # or declare codes in *.codes.yaml — single source across every SDK fasten.codes.load("fleet.codes.yaml")
FASTEN_SYS_RING_SIZE · FASTEN_API_RING_SIZE
AI agent fit
LangSmith, OTel, OpenAI Assistants — LLM-ops or timing tools, not typed audit. fasten fits natively: every tool call is an audit row — actor / target / method / correlation.
Agent A calls agent B calls a tool. One request_id threads the chain.
Every TOOL_CALLED row carries detail.cost_usd. Sum by actor for billing.
Clinical-summariser touches PHI → audit row with pii_in_detail, GDPR retention.
"Why did the agent say X yesterday?" One request_id query pulls the trail.
language coverage
The audit row schema, the 7 anchors, the request_id
contract — identical across implementations. A row written in Go
reads cleanly from Python. A Rust service feeds a Node + TypeScript report.
pip install fasten
git clone & install from source — module path lands with v1.0 GA
#include "fasten.hpp"
npm install @nerdapplabs/fasten
cargo add fasten
sh.fasten:fasten — coming soon
Source-install today.
pip install ./python, npm install ./js, or
cargo add --path ./rust from the repo.
Go works today via its module path. C++14 is always a single-header copy.
Registry publish lands with the v1.0 GA tag.
advanced · optional
HTTP is table stakes. fasten's wedge is the transports HTTP-only tools skip:
Each is an opt-in shim. Most adopters never need these.
mqtt_shim.publish() auto-injects
_req into the payload. The subscriber's
mqtt_shim.handler() reads it back into ctx. Every log
the subscriber emits during handling carries the same id.
# publisher (HTTP handler — user sets a new setpoint) await fasten.shim.mqtt.publish( client, f"devices/{device_id}/setpoint", {"target_temp_c": 22.5}, ) # shim injects _req = current_request_id() into payload
# subscriber (device firmware, any language) @mqtt_shim.handler("devices/+/setpoint") async def on_setpoint(msg, ctx): # ctx.request_id == original HTTP caller's id fasten.log.info("setpoint_received") fasten.emit(code="DEVICE_SETPOINT_UPDATED", ...)
# operator — one query stitches both services $ fasten tail --stream audit --request-id abc SETPOINT_REQUESTED api-server actor=admin target=dev-42 DEVICE_SETPOINT_UPDATED device-42 actor=system # same id ✓
Cron-fired jobs have no external caller. Without a shim, every
scheduled audit row has null or freshly-minted request_id.
The scheduler shim mints scheduler-<run_id> at
job start, stashes it in ctx.
@scheduler.cron("0 */6 * * *") @fasten.shim.scheduler.instrument async def nightly_cleanup(): # request_id = "scheduler-a1b2c3d4" fasten.emit(code="RETENTION_SWEEP_RAN", ...) fasten.log.info("cleanup_done") # all rows for this run share the same id
Custom transport (gRPC, NATS, AMQP, Kafka)? Write a 10-line shim following the same read-id-from-wire / set-ctx / call-downstream pattern.
what it replaces
/logs/audit reader queries the durable store directly. Fleet-wide aggregation lands with fasten Cloud (in development).origin
An industrial edge platform — many services, many languages — MQTT where HTTP can't reach.
"This event fired at 14:02 — show me what happened next across all these services."
Answer, every week: grep + timestamp math + cursing.
None of these, alone or stitched, covered the gap: typed audit threaded across every transport, with one correlation key.
request_id threaded across every transport.Open-source because:
faq
No. fasten sits alongside your existing logger. Keep using structlog / slog / pino / winston for free-form application logs; use fasten.emit() for typed audit events. fasten.log.* is optional — it mirrors the idioms of each language (kwargs in Python, positional pairs in Go, object-first in pino) if you want one logger across both streams.
OTel is deliberately untyped at the semantic layer. fasten commits to a typed audit shape and ships shims for transports beyond HTTP (MQTT, scheduler). The two coexist — keep OTel for span-level tracing; use fasten for the typed audit row + cross-transport correlation. A direct request_id ↔ trace_id bridge is on the roadmap, not shipped.
No. The SDK is Apache-2.0 and complete on its own. fasten Cloud is the commercial fleet-aggregation + compliance-report layer; single-node and small-fleet deployments use the SDK alone.
No. fasten runs in your process — no fastend, no sidecar, no required hosted service. The bundled CLI is a debug tool, not a background process.
v1.0.0-beta. The reference implementation runs in our own platform; the public API is the one that ships at v1.0 GA. Safe for pilots, evaluators, internal tools today. Audit-store failure handling shipped queue-by-default in v1.0.0-beta across all five SDKs (background drainer with exp backoff; emit() stays off the request path). One known caveat before betting critical compliance reporting on it: Postgres fleet-scale validation lands with v1.1, not v1.0 GA. Tracked publicly in the issue tracker.
The SDK gives you the primitives: per-code pii_in_detail flag forces minimum retention (GDPR minimisation), secret-key redaction runs before emit, audit rows carry actor / target / method / timestamp in a defensible typed shape. Generated compliance reports (HIPAA, SOC 2, GMP, ISO 26262, FSSC 22000) are planned for fasten Cloud, which is in development — the SDK is built to feed it.
Nothing. Apache-2.0, no seat limits, no per-emit charges, no free-tier gotchas. The paid layer (fasten Cloud) is in development; pricing will be published once it ships.
LangSmith locks you to LangChain. Langfuse is close in scope but LLM-ops-first. fasten coexists — you can ship rows to both; they answer different questions.
~0.1–0.5 ms per emit() with SQLite WAL. ~1–5 ms with Postgres. Ring buffers use ~8 MB per service at 10 k lines. No background goroutines or threads — all synchronous in the calling thread. High-volume codes can be sampled via short retention class + periodic sweep.
fasten is open-source at github.com/nerdapplabs/fasten. Issues + PRs are welcome; a CONTRIBUTING guide is in flight and will land before the v1.0 GA tag.
open-core
Apache-2.0 · zero-dep core · 5 languages
dump · tail · doctor./api/v1/logs/{audit,sys,api} reader.The audit data plane — hosted or self-hosted.