- Auth.js authorize/signOut: await createAuditEntry on every branch so auth
events land in the audit store before the JWT is minted / session closes.
Previously these were fire-and-forget and would be dropped under DB load.
- Assistant chat: make appendPromptInjectionGuard async and await its own
SecurityAlert audit; add auditUserPromptTurn() that records every user
message turn as an AssistantPrompt entry containing conversationId, length,
SHA-256 fingerprint, pageContext and whether the injection guard fired.
Raw prompt text is intentionally not stored — the hash lets a responder
correlate a chat transcript with a forensic request without the audit
store accumulating a plain-text corpus of everything users typed.
- Replace bare crypto.* with explicit node:crypto imports.
- Document the retention posture in docs/security-architecture.md §6.
Fixes gitea #55.
Hartmut
3392297791