Currently server audit stores entries in the hashet and uses the resource id. But, in theory, different entities with different resource types may have the same resource id:
e.g trigger, item and host may end-up sharing the same resourceid.
Resourceid is based on the ids table and it guarantees uniqueness only for the entities from the single table.
Adding protection from collision should be straightforward - we would only need to add the object type when calling audit hashset insert/extract operation.
(object type is not the same as resource type, resource type can be item and item prototypes, object type for both of them would be item, using such object type is much simpler since resource type is not always available(would need to be queried), but object type is always available - it is essentially the name of the file - calls from audit_item.c means the object type always would be item)