From 01c42837d125c03380840c13ce44830d97712599 Mon Sep 17 00:00:00 2001
From: Anders Olsson <anders.e.olsson@gmail.com>
Date: Tue, 2 Jun 2026 07:49:47 +0200
Subject: [PATCH] feat(db): also reject TRUNCATE on audit_log (statement-level
 trigger)

---
 crates/db/migrations/0001_audit_log.sql | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/crates/db/migrations/0001_audit_log.sql b/crates/db/migrations/0001_audit_log.sql
index 8533bc2..8b3a426 100644
--- a/crates/db/migrations/0001_audit_log.sql
+++ b/crates/db/migrations/0001_audit_log.sql
@@ -26,3 +26,7 @@ $$ LANGUAGE plpgsql;
 CREATE TRIGGER audit_log_immutable
     BEFORE UPDATE OR DELETE ON audit_log
     FOR EACH ROW EXECUTE FUNCTION audit_log_reject_mutation();
+
+CREATE TRIGGER audit_log_no_truncate
+    BEFORE TRUNCATE ON audit_log
+    FOR EACH STATEMENT EXECUTE FUNCTION audit_log_reject_mutation();