npm - @agentlensai/server - Versions diffs - 0.10.0 → 0.13.0 - Mend

@agentlensai/server 0.10.0 → 0.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (807) hide show

package/LICENSE +21 -0
package/dist/cloud/auth/api-key-middleware.d.ts +66 -0
package/dist/cloud/auth/api-key-middleware.d.ts.map +1 -0
package/dist/cloud/auth/api-key-middleware.js +147 -0
package/dist/cloud/auth/api-key-middleware.js.map +1 -0
package/dist/cloud/auth/api-keys.d.ts +90 -0
package/dist/cloud/auth/api-keys.d.ts.map +1 -0
package/dist/cloud/auth/api-keys.js +162 -0
package/dist/cloud/auth/api-keys.js.map +1 -0
package/dist/cloud/auth/audit-log.d.ts +66 -0
package/dist/cloud/auth/audit-log.d.ts.map +1 -0
package/dist/cloud/auth/audit-log.js +92 -0
package/dist/cloud/auth/audit-log.js.map +1 -0
package/dist/cloud/auth/auth-service.d.ts +77 -0
package/dist/cloud/auth/auth-service.d.ts.map +1 -0
package/dist/cloud/auth/auth-service.js +229 -0
package/dist/cloud/auth/auth-service.js.map +1 -0
package/dist/cloud/auth/brute-force.d.ts +36 -0
package/dist/cloud/auth/brute-force.d.ts.map +1 -0
package/dist/cloud/auth/brute-force.js +67 -0
package/dist/cloud/auth/brute-force.js.map +1 -0
package/dist/cloud/auth/index.d.ts +11 -0
package/dist/cloud/auth/index.d.ts.map +1 -0
package/dist/cloud/auth/index.js +11 -0
package/dist/cloud/auth/index.js.map +1 -0
package/dist/cloud/auth/jwt.d.ts +34 -0
package/dist/cloud/auth/jwt.d.ts.map +1 -0
package/dist/cloud/auth/jwt.js +68 -0
package/dist/cloud/auth/jwt.js.map +1 -0
package/dist/cloud/auth/oauth.d.ts +37 -0
package/dist/cloud/auth/oauth.d.ts.map +1 -0
package/dist/cloud/auth/oauth.js +120 -0
package/dist/cloud/auth/oauth.js.map +1 -0
package/dist/cloud/auth/passwords.d.ts +25 -0
package/dist/cloud/auth/passwords.d.ts.map +1 -0
package/dist/cloud/auth/passwords.js +50 -0
package/dist/cloud/auth/passwords.js.map +1 -0
package/dist/cloud/auth/rbac.d.ts +51 -0
package/dist/cloud/auth/rbac.d.ts.map +1 -0
package/dist/cloud/auth/rbac.js +89 -0
package/dist/cloud/auth/rbac.js.map +1 -0
package/dist/cloud/auth/tokens.d.ts +18 -0
package/dist/cloud/auth/tokens.d.ts.map +1 -0
package/dist/cloud/auth/tokens.js +29 -0
package/dist/cloud/auth/tokens.js.map +1 -0
package/dist/cloud/billing/billing-service.d.ts +44 -0
package/dist/cloud/billing/billing-service.d.ts.map +1 -0
package/dist/cloud/billing/billing-service.js +153 -0
package/dist/cloud/billing/billing-service.js.map +1 -0
package/dist/cloud/billing/index.d.ts +11 -0
package/dist/cloud/billing/index.d.ts.map +1 -0
package/dist/cloud/billing/index.js +11 -0
package/dist/cloud/billing/index.js.map +1 -0
package/dist/cloud/billing/invoice-service.d.ts +57 -0
package/dist/cloud/billing/invoice-service.d.ts.map +1 -0
package/dist/cloud/billing/invoice-service.js +123 -0
package/dist/cloud/billing/invoice-service.js.map +1 -0
package/dist/cloud/billing/plan-management.d.ts +46 -0
package/dist/cloud/billing/plan-management.d.ts.map +1 -0
package/dist/cloud/billing/plan-management.js +157 -0
package/dist/cloud/billing/plan-management.js.map +1 -0
package/dist/cloud/billing/quota-enforcement.d.ts +53 -0
package/dist/cloud/billing/quota-enforcement.d.ts.map +1 -0
package/dist/cloud/billing/quota-enforcement.js +143 -0
package/dist/cloud/billing/quota-enforcement.js.map +1 -0
package/dist/cloud/billing/stripe-client.d.ts +142 -0
package/dist/cloud/billing/stripe-client.d.ts.map +1 -0
package/dist/cloud/billing/stripe-client.js +174 -0
package/dist/cloud/billing/stripe-client.js.map +1 -0
package/dist/cloud/billing/trial-service.d.ts +47 -0
package/dist/cloud/billing/trial-service.d.ts.map +1 -0
package/dist/cloud/billing/trial-service.js +104 -0
package/dist/cloud/billing/trial-service.js.map +1 -0
package/dist/cloud/billing/usage-metering.d.ts +83 -0
package/dist/cloud/billing/usage-metering.d.ts.map +1 -0
package/dist/cloud/billing/usage-metering.js +174 -0
package/dist/cloud/billing/usage-metering.js.map +1 -0
package/dist/cloud/ingestion/backpressure.d.ts +107 -0
package/dist/cloud/ingestion/backpressure.d.ts.map +1 -0
package/dist/cloud/ingestion/backpressure.js +134 -0
package/dist/cloud/ingestion/backpressure.js.map +1 -0
package/dist/cloud/ingestion/batch-writer.d.ts +115 -0
package/dist/cloud/ingestion/batch-writer.d.ts.map +1 -0
package/dist/cloud/ingestion/batch-writer.js +319 -0
package/dist/cloud/ingestion/batch-writer.js.map +1 -0
package/dist/cloud/ingestion/dlq-manager.d.ts +116 -0
package/dist/cloud/ingestion/dlq-manager.d.ts.map +1 -0
package/dist/cloud/ingestion/dlq-manager.js +244 -0
package/dist/cloud/ingestion/dlq-manager.js.map +1 -0
package/dist/cloud/ingestion/event-queue.d.ts +105 -0
package/dist/cloud/ingestion/event-queue.d.ts.map +1 -0
package/dist/cloud/ingestion/event-queue.js +185 -0
package/dist/cloud/ingestion/event-queue.js.map +1 -0
package/dist/cloud/ingestion/gateway.d.ts +68 -0
package/dist/cloud/ingestion/gateway.d.ts.map +1 -0
package/dist/cloud/ingestion/gateway.js +197 -0
package/dist/cloud/ingestion/gateway.js.map +1 -0
package/dist/cloud/ingestion/index.d.ts +7 -0
package/dist/cloud/ingestion/index.d.ts.map +1 -0
package/dist/cloud/ingestion/index.js +7 -0
package/dist/cloud/ingestion/index.js.map +1 -0
package/dist/cloud/ingestion/rate-limiter.d.ts +73 -0
package/dist/cloud/ingestion/rate-limiter.d.ts.map +1 -0
package/dist/cloud/ingestion/rate-limiter.js +153 -0
package/dist/cloud/ingestion/rate-limiter.js.map +1 -0
package/dist/cloud/middleware/validate-org-access.d.ts +14 -0
package/dist/cloud/middleware/validate-org-access.d.ts.map +1 -0
package/dist/cloud/middleware/validate-org-access.js +38 -0
package/dist/cloud/middleware/validate-org-access.js.map +1 -0
package/dist/cloud/migrate.d.ts +45 -0
package/dist/cloud/migrate.d.ts.map +1 -0
package/dist/cloud/migrate.js +147 -0
package/dist/cloud/migrate.js.map +1 -0
package/dist/cloud/migration/export-import.d.ts +56 -0
package/dist/cloud/migration/export-import.d.ts.map +1 -0
package/dist/cloud/migration/export-import.js +289 -0
package/dist/cloud/migration/export-import.js.map +1 -0
package/dist/cloud/migration/index.d.ts +5 -0
package/dist/cloud/migration/index.d.ts.map +1 -0
package/dist/cloud/migration/index.js +5 -0
package/dist/cloud/migration/index.js.map +1 -0
package/dist/cloud/org-service.d.ts +68 -0
package/dist/cloud/org-service.d.ts.map +1 -0
package/dist/cloud/org-service.js +169 -0
package/dist/cloud/org-service.js.map +1 -0
package/dist/cloud/partition-maintenance.d.ts +29 -0
package/dist/cloud/partition-maintenance.d.ts.map +1 -0
package/dist/cloud/partition-maintenance.js +96 -0
package/dist/cloud/partition-maintenance.js.map +1 -0
package/dist/cloud/retention/index.d.ts +7 -0
package/dist/cloud/retention/index.d.ts.map +1 -0
package/dist/cloud/retention/index.js +7 -0
package/dist/cloud/retention/index.js.map +1 -0
package/dist/cloud/retention/partition-management.d.ts +61 -0
package/dist/cloud/retention/partition-management.d.ts.map +1 -0
package/dist/cloud/retention/partition-management.js +167 -0
package/dist/cloud/retention/partition-management.js.map +1 -0
package/dist/cloud/retention/retention-job.d.ts +70 -0
package/dist/cloud/retention/retention-job.d.ts.map +1 -0
package/dist/cloud/retention/retention-job.js +160 -0
package/dist/cloud/retention/retention-job.js.map +1 -0
package/dist/cloud/retention/retention-policy.d.ts +27 -0
package/dist/cloud/retention/retention-policy.d.ts.map +1 -0
package/dist/cloud/retention/retention-policy.js +36 -0
package/dist/cloud/retention/retention-policy.js.map +1 -0
package/dist/cloud/routes/api-key-routes.d.ts +38 -0
package/dist/cloud/routes/api-key-routes.d.ts.map +1 -0
package/dist/cloud/routes/api-key-routes.js +84 -0
package/dist/cloud/routes/api-key-routes.js.map +1 -0
package/dist/cloud/routes/audit-routes.d.ts +36 -0
package/dist/cloud/routes/audit-routes.d.ts.map +1 -0
package/dist/cloud/routes/audit-routes.js +47 -0
package/dist/cloud/routes/audit-routes.js.map +1 -0
package/dist/cloud/routes/billing-routes.d.ts +51 -0
package/dist/cloud/routes/billing-routes.d.ts.map +1 -0
package/dist/cloud/routes/billing-routes.js +114 -0
package/dist/cloud/routes/billing-routes.js.map +1 -0
package/dist/cloud/routes/index.d.ts +13 -0
package/dist/cloud/routes/index.d.ts.map +1 -0
package/dist/cloud/routes/index.js +98 -0
package/dist/cloud/routes/index.js.map +1 -0
package/dist/cloud/routes/onboarding-routes.d.ts +34 -0
package/dist/cloud/routes/onboarding-routes.d.ts.map +1 -0
package/dist/cloud/routes/onboarding-routes.js +58 -0
package/dist/cloud/routes/onboarding-routes.js.map +1 -0
package/dist/cloud/routes/org-routes.d.ts +80 -0
package/dist/cloud/routes/org-routes.d.ts.map +1 -0
package/dist/cloud/routes/org-routes.js +153 -0
package/dist/cloud/routes/org-routes.js.map +1 -0
package/dist/cloud/routes/usage-routes.d.ts +18 -0
package/dist/cloud/routes/usage-routes.d.ts.map +1 -0
package/dist/cloud/routes/usage-routes.js +66 -0
package/dist/cloud/routes/usage-routes.js.map +1 -0
package/dist/cloud/storage/adapter.d.ts +102 -0
package/dist/cloud/storage/adapter.d.ts.map +1 -0
package/dist/cloud/storage/adapter.js +21 -0
package/dist/cloud/storage/adapter.js.map +1 -0
package/dist/cloud/storage/index.d.ts +8 -0
package/dist/cloud/storage/index.d.ts.map +1 -0
package/dist/cloud/storage/index.js +7 -0
package/dist/cloud/storage/index.js.map +1 -0
package/dist/cloud/storage/postgres-adapter.d.ts +34 -0
package/dist/cloud/storage/postgres-adapter.d.ts.map +1 -0
package/dist/cloud/storage/postgres-adapter.js +544 -0
package/dist/cloud/storage/postgres-adapter.js.map +1 -0
package/dist/cloud/storage/sqlite-adapter.d.ts +29 -0
package/dist/cloud/storage/sqlite-adapter.d.ts.map +1 -0
package/dist/cloud/storage/sqlite-adapter.js +176 -0
package/dist/cloud/storage/sqlite-adapter.js.map +1 -0
package/dist/cloud/tenant-pool.d.ts +49 -0
package/dist/cloud/tenant-pool.d.ts.map +1 -0
package/dist/cloud/tenant-pool.js +61 -0
package/dist/cloud/tenant-pool.js.map +1 -0
package/dist/config.d.ts +33 -1
package/dist/config.d.ts.map +1 -1
package/dist/config.js +71 -1
package/dist/config.js.map +1 -1
package/dist/db/api-key-lookup.d.ts +25 -0
package/dist/db/api-key-lookup.d.ts.map +1 -0
package/dist/db/api-key-lookup.js +38 -0
package/dist/db/api-key-lookup.js.map +1 -0
package/dist/db/connection.postgres.d.ts +44 -0
package/dist/db/connection.postgres.d.ts.map +1 -0
package/dist/db/connection.postgres.js +79 -0
package/dist/db/connection.postgres.js.map +1 -0
package/dist/db/cost-budget-store.d.ts +30 -0
package/dist/db/cost-budget-store.d.ts.map +1 -0
package/dist/db/cost-budget-store.js +201 -0
package/dist/db/cost-budget-store.js.map +1 -0
package/dist/db/drizzle/0000_initial.sql +336 -0
package/dist/db/drizzle/0001_indexes.sql +20 -0
package/dist/db/drizzle/0002_pgvector.sql +19 -0
package/dist/db/drizzle/drizzle/0000_initial.sql +336 -0
package/dist/db/drizzle/drizzle/0001_indexes.sql +20 -0
package/dist/db/drizzle/drizzle/0002_pgvector.sql +19 -0
package/dist/db/drizzle/drizzle/meta/0000_snapshot.json +2593 -0
package/dist/db/drizzle/drizzle/meta/_journal.json +27 -0
package/dist/db/drizzle/meta/0000_snapshot.json +2593 -0
package/dist/db/drizzle/meta/_journal.json +27 -0
package/dist/db/embedding-store.d.ts +2 -1
package/dist/db/embedding-store.d.ts.map +1 -1
package/dist/db/embedding-store.interface.d.ts +19 -0
package/dist/db/embedding-store.interface.d.ts.map +1 -0
package/dist/db/embedding-store.interface.js +7 -0
package/dist/db/embedding-store.interface.js.map +1 -0
package/dist/db/embedding-store.js +3 -1
package/dist/db/embedding-store.js.map +1 -1
package/dist/db/eval-store.d.ts +88 -0
package/dist/db/eval-store.d.ts.map +1 -0
package/dist/db/eval-store.js +408 -0
package/dist/db/eval-store.js.map +1 -0
package/dist/db/guardrail-store.d.ts +9 -0
package/dist/db/guardrail-store.d.ts.map +1 -1
package/dist/db/guardrail-store.js +57 -3
package/dist/db/guardrail-store.js.map +1 -1
package/dist/db/index.d.ts +7 -0
package/dist/db/index.d.ts.map +1 -1
package/dist/db/index.js +4 -12
package/dist/db/index.js.map +1 -1
package/dist/db/migrate.d.ts +5 -22
package/dist/db/migrate.d.ts.map +1 -1
package/dist/db/migrate.js +7 -637
package/dist/db/migrate.js.map +1 -1
package/dist/db/migrate.postgres.d.ts +16 -0
package/dist/db/migrate.postgres.d.ts.map +1 -0
package/dist/db/migrate.postgres.js +23 -0
package/dist/db/migrate.postgres.js.map +1 -0
package/dist/db/migrate.sqlite.d.ts +26 -0
package/dist/db/migrate.sqlite.d.ts.map +1 -0
package/dist/db/migrate.sqlite.js +920 -0
package/dist/db/migrate.sqlite.js.map +1 -0
package/dist/db/postgres-embedding-store.d.ts +23 -0
package/dist/db/postgres-embedding-store.d.ts.map +1 -0
package/dist/db/postgres-embedding-store.js +218 -0
package/dist/db/postgres-embedding-store.js.map +1 -0
package/dist/db/postgres-store.d.ts +80 -0
package/dist/db/postgres-store.d.ts.map +1 -0
package/dist/db/postgres-store.js +910 -0
package/dist/db/postgres-store.js.map +1 -0
package/dist/db/prompt-store.d.ts +57 -0
package/dist/db/prompt-store.d.ts.map +1 -0
package/dist/db/prompt-store.js +300 -0
package/dist/db/prompt-store.js.map +1 -0
package/dist/db/repositories/agent-repository.d.ts +21 -0
package/dist/db/repositories/agent-repository.d.ts.map +1 -0
package/dist/db/repositories/agent-repository.js +142 -0
package/dist/db/repositories/agent-repository.js.map +1 -0
package/dist/db/repositories/alert-repository.d.ts +27 -0
package/dist/db/repositories/alert-repository.d.ts.map +1 -0
package/dist/db/repositories/alert-repository.js +164 -0
package/dist/db/repositories/alert-repository.js.map +1 -0
package/dist/db/repositories/analytics-repository.d.ts +24 -0
package/dist/db/repositories/analytics-repository.d.ts.map +1 -0
package/dist/db/repositories/analytics-repository.js +147 -0
package/dist/db/repositories/analytics-repository.js.map +1 -0
package/dist/db/repositories/event-repository.d.ts +81 -0
package/dist/db/repositories/event-repository.d.ts.map +1 -0
package/dist/db/repositories/event-repository.js +331 -0
package/dist/db/repositories/event-repository.js.map +1 -0
package/dist/db/repositories/notification-channel-repository.d.ts +28 -0
package/dist/db/repositories/notification-channel-repository.d.ts.map +1 -0
package/dist/db/repositories/notification-channel-repository.js +151 -0
package/dist/db/repositories/notification-channel-repository.js.map +1 -0
package/dist/db/repositories/session-repository.d.ts +26 -0
package/dist/db/repositories/session-repository.d.ts.map +1 -0
package/dist/db/repositories/session-repository.js +240 -0
package/dist/db/repositories/session-repository.js.map +1 -0
package/dist/db/schema.postgres.d.ts +4681 -0
package/dist/db/schema.postgres.d.ts.map +1 -0
package/dist/db/schema.postgres.js +458 -0
package/dist/db/schema.postgres.js.map +1 -0
package/dist/db/schema.sqlite.d.ts +2221 -671
package/dist/db/schema.sqlite.d.ts.map +1 -1
package/dist/db/schema.sqlite.js +137 -2
package/dist/db/schema.sqlite.js.map +1 -1
package/dist/db/services/retention-service.d.ts +13 -0
package/dist/db/services/retention-service.d.ts.map +1 -0
package/dist/db/services/retention-service.js +48 -0
package/dist/db/services/retention-service.js.map +1 -0
package/dist/db/shared/query-helpers.d.ts +32 -0
package/dist/db/shared/query-helpers.d.ts.map +1 -0
package/dist/db/shared/query-helpers.js +180 -0
package/dist/db/shared/query-helpers.js.map +1 -0
package/dist/db/sqlite-store.d.ts +48 -55
package/dist/db/sqlite-store.d.ts.map +1 -1
package/dist/db/sqlite-store.js +78 -945
package/dist/db/sqlite-store.js.map +1 -1
package/dist/db/tenant-scoped-store.d.ts +18 -1
package/dist/db/tenant-scoped-store.d.ts.map +1 -1
package/dist/db/tenant-scoped-store.js +6 -0
package/dist/db/tenant-scoped-store.js.map +1 -1
package/dist/index.d.ts +28 -14
package/dist/index.d.ts.map +1 -1
package/dist/index.js +432 -97
package/dist/index.js.map +1 -1
package/dist/lib/alert-engine.d.ts +10 -0
package/dist/lib/alert-engine.d.ts.map +1 -1
package/dist/lib/alert-engine.js +73 -20
package/dist/lib/alert-engine.js.map +1 -1
package/dist/lib/audit-verify.d.ts +40 -0
package/dist/lib/audit-verify.d.ts.map +1 -0
package/dist/lib/audit-verify.js +128 -0
package/dist/lib/audit-verify.js.map +1 -0
package/dist/lib/audit.d.ts +37 -0
package/dist/lib/audit.d.ts.map +1 -0
package/dist/lib/audit.js +59 -0
package/dist/lib/audit.js.map +1 -0
package/dist/lib/budget-engine.d.ts +26 -0
package/dist/lib/budget-engine.d.ts.map +1 -0
package/dist/lib/budget-engine.js +201 -0
package/dist/lib/budget-engine.js.map +1 -0
package/dist/lib/compliance-export.d.ts +41 -0
package/dist/lib/compliance-export.d.ts.map +1 -0
package/dist/lib/compliance-export.js +124 -0
package/dist/lib/compliance-export.js.map +1 -0
package/dist/lib/compliance-report.d.ts +87 -0
package/dist/lib/compliance-report.d.ts.map +1 -0
package/dist/lib/compliance-report.js +148 -0
package/dist/lib/compliance-report.js.map +1 -0
package/dist/lib/context/retrieval.d.ts +5 -3
package/dist/lib/context/retrieval.d.ts.map +1 -1
package/dist/lib/context/retrieval.js +5 -2
package/dist/lib/context/retrieval.js.map +1 -1
package/dist/lib/cost-anomaly-detector.d.ts +23 -0
package/dist/lib/cost-anomaly-detector.d.ts.map +1 -0
package/dist/lib/cost-anomaly-detector.js +108 -0
package/dist/lib/cost-anomaly-detector.js.map +1 -0
package/dist/lib/db-resilience.d.ts +15 -0
package/dist/lib/db-resilience.d.ts.map +1 -0
package/dist/lib/db-resilience.js +49 -0
package/dist/lib/db-resilience.js.map +1 -0
package/dist/lib/diagnostics/cache.d.ts +29 -0
package/dist/lib/diagnostics/cache.d.ts.map +1 -0
package/dist/lib/diagnostics/cache.js +88 -0
package/dist/lib/diagnostics/cache.js.map +1 -0
package/dist/lib/diagnostics/context-builder.d.ts +41 -0
package/dist/lib/diagnostics/context-builder.d.ts.map +1 -0
package/dist/lib/diagnostics/context-builder.js +135 -0
package/dist/lib/diagnostics/context-builder.js.map +1 -0
package/dist/lib/diagnostics/index.d.ts +34 -0
package/dist/lib/diagnostics/index.d.ts.map +1 -0
package/dist/lib/diagnostics/index.js +223 -0
package/dist/lib/diagnostics/index.js.map +1 -0
package/dist/lib/diagnostics/llm-client.d.ts +24 -0
package/dist/lib/diagnostics/llm-client.d.ts.map +1 -0
package/dist/lib/diagnostics/llm-client.js +42 -0
package/dist/lib/diagnostics/llm-client.js.map +1 -0
package/dist/lib/diagnostics/prompt-templates.d.ts +18 -0
package/dist/lib/diagnostics/prompt-templates.d.ts.map +1 -0
package/dist/lib/diagnostics/prompt-templates.js +144 -0
package/dist/lib/diagnostics/prompt-templates.js.map +1 -0
package/dist/lib/diagnostics/providers/anthropic.d.ts +8 -0
package/dist/lib/diagnostics/providers/anthropic.d.ts.map +1 -0
package/dist/lib/diagnostics/providers/anthropic.js +79 -0
package/dist/lib/diagnostics/providers/anthropic.js.map +1 -0
package/dist/lib/diagnostics/providers/openai.d.ts +8 -0
package/dist/lib/diagnostics/providers/openai.d.ts.map +1 -0
package/dist/lib/diagnostics/providers/openai.js +70 -0
package/dist/lib/diagnostics/providers/openai.js.map +1 -0
package/dist/lib/diagnostics/providers/types.d.ts +23 -0
package/dist/lib/diagnostics/providers/types.d.ts.map +1 -0
package/dist/lib/diagnostics/providers/types.js +5 -0
package/dist/lib/diagnostics/providers/types.js.map +1 -0
package/dist/lib/diagnostics/response-parser.d.ts +60 -0
package/dist/lib/diagnostics/response-parser.d.ts.map +1 -0
package/dist/lib/diagnostics/response-parser.js +55 -0
package/dist/lib/diagnostics/response-parser.js.map +1 -0
package/dist/lib/diagnostics/types.d.ts +60 -0
package/dist/lib/diagnostics/types.d.ts.map +1 -0
package/dist/lib/diagnostics/types.js +7 -0
package/dist/lib/diagnostics/types.js.map +1 -0
package/dist/lib/embeddings/index.d.ts +6 -3
package/dist/lib/embeddings/index.d.ts.map +1 -1
package/dist/lib/embeddings/index.js +7 -15
package/dist/lib/embeddings/index.js.map +1 -1
package/dist/lib/embeddings/worker.d.ts +2 -2
package/dist/lib/embeddings/worker.d.ts.map +1 -1
package/dist/lib/embeddings/worker.js +3 -1
package/dist/lib/embeddings/worker.js.map +1 -1
package/dist/lib/error-sanitizer.d.ts +28 -0
package/dist/lib/error-sanitizer.d.ts.map +1 -0
package/dist/lib/error-sanitizer.js +106 -0
package/dist/lib/error-sanitizer.js.map +1 -0
package/dist/lib/eval/index.d.ts +15 -0
package/dist/lib/eval/index.d.ts.map +1 -0
package/dist/lib/eval/index.js +24 -0
package/dist/lib/eval/index.js.map +1 -0
package/dist/lib/eval/runner.d.ts +28 -0
package/dist/lib/eval/runner.d.ts.map +1 -0
package/dist/lib/eval/runner.js +260 -0
package/dist/lib/eval/runner.js.map +1 -0
package/dist/lib/eval/scorers/contains.d.ts +10 -0
package/dist/lib/eval/scorers/contains.d.ts.map +1 -0
package/dist/lib/eval/scorers/contains.js +33 -0
package/dist/lib/eval/scorers/contains.js.map +1 -0
package/dist/lib/eval/scorers/exact-match.d.ts +10 -0
package/dist/lib/eval/scorers/exact-match.d.ts.map +1 -0
package/dist/lib/eval/scorers/exact-match.js +33 -0
package/dist/lib/eval/scorers/exact-match.js.map +1 -0
package/dist/lib/eval/scorers/index.d.ts +20 -0
package/dist/lib/eval/scorers/index.d.ts.map +1 -0
package/dist/lib/eval/scorers/index.js +19 -0
package/dist/lib/eval/scorers/index.js.map +1 -0
package/dist/lib/eval/scorers/llm-judge.d.ts +22 -0
package/dist/lib/eval/scorers/llm-judge.d.ts.map +1 -0
package/dist/lib/eval/scorers/llm-judge.js +79 -0
package/dist/lib/eval/scorers/llm-judge.js.map +1 -0
package/dist/lib/eval/scorers/regex.d.ts +10 -0
package/dist/lib/eval/scorers/regex.d.ts.map +1 -0
package/dist/lib/eval/scorers/regex.js +36 -0
package/dist/lib/eval/scorers/regex.js.map +1 -0
package/dist/lib/guardrails/actions.d.ts +6 -0
package/dist/lib/guardrails/actions.d.ts.map +1 -1
package/dist/lib/guardrails/actions.js +82 -0
package/dist/lib/guardrails/actions.js.map +1 -1
package/dist/lib/guardrails/conditions.d.ts +47 -0
package/dist/lib/guardrails/conditions.d.ts.map +1 -1
package/dist/lib/guardrails/conditions.js +55 -10
package/dist/lib/guardrails/conditions.js.map +1 -1
package/dist/lib/guardrails/content-engine.d.ts +19 -0
package/dist/lib/guardrails/content-engine.d.ts.map +1 -0
package/dist/lib/guardrails/content-engine.js +154 -0
package/dist/lib/guardrails/content-engine.js.map +1 -0
package/dist/lib/guardrails/engine.d.ts +33 -0
package/dist/lib/guardrails/engine.d.ts.map +1 -1
package/dist/lib/guardrails/engine.js +37 -2
package/dist/lib/guardrails/engine.js.map +1 -1
package/dist/lib/guardrails/scanners/base-scanner.d.ts +23 -0
package/dist/lib/guardrails/scanners/base-scanner.d.ts.map +1 -0
package/dist/lib/guardrails/scanners/base-scanner.js +7 -0
package/dist/lib/guardrails/scanners/base-scanner.js.map +1 -0
package/dist/lib/guardrails/scanners/patterns/pii-patterns.d.ts +13 -0
package/dist/lib/guardrails/scanners/patterns/pii-patterns.d.ts.map +1 -0
package/dist/lib/guardrails/scanners/patterns/pii-patterns.js +49 -0
package/dist/lib/guardrails/scanners/patterns/pii-patterns.js.map +1 -0
package/dist/lib/guardrails/scanners/patterns/secret-patterns.d.ts +6 -0
package/dist/lib/guardrails/scanners/patterns/secret-patterns.d.ts.map +1 -0
package/dist/lib/guardrails/scanners/patterns/secret-patterns.js +69 -0
package/dist/lib/guardrails/scanners/patterns/secret-patterns.js.map +1 -0
package/dist/lib/guardrails/scanners/pii-scanner.d.ts +10 -0
package/dist/lib/guardrails/scanners/pii-scanner.d.ts.map +1 -0
package/dist/lib/guardrails/scanners/pii-scanner.js +57 -0
package/dist/lib/guardrails/scanners/pii-scanner.js.map +1 -0
package/dist/lib/guardrails/scanners/scanner-registry.d.ts +14 -0
package/dist/lib/guardrails/scanners/scanner-registry.d.ts.map +1 -0
package/dist/lib/guardrails/scanners/scanner-registry.js +51 -0
package/dist/lib/guardrails/scanners/scanner-registry.js.map +1 -0
package/dist/lib/guardrails/scanners/secrets-scanner.d.ts +9 -0
package/dist/lib/guardrails/scanners/secrets-scanner.d.ts.map +1 -0
package/dist/lib/guardrails/scanners/secrets-scanner.js +47 -0
package/dist/lib/guardrails/scanners/secrets-scanner.js.map +1 -0
package/dist/lib/logger.d.ts +8 -0
package/dist/lib/logger.d.ts.map +1 -0
package/dist/lib/logger.js +31 -0
package/dist/lib/logger.js.map +1 -0
package/dist/lib/lore-client.d.ts +128 -0
package/dist/lib/lore-client.d.ts.map +1 -0
package/dist/lib/lore-client.js +188 -0
package/dist/lib/lore-client.js.map +1 -0
package/dist/lib/mesh-client.d.ts +31 -0
package/dist/lib/mesh-client.d.ts.map +1 -0
package/dist/lib/mesh-client.js +72 -0
package/dist/lib/mesh-client.js.map +1 -0
package/dist/lib/notifications/grouping-buffer.d.ts +25 -0
package/dist/lib/notifications/grouping-buffer.d.ts.map +1 -0
package/dist/lib/notifications/grouping-buffer.js +73 -0
package/dist/lib/notifications/grouping-buffer.js.map +1 -0
package/dist/lib/notifications/provider.d.ts +10 -0
package/dist/lib/notifications/provider.d.ts.map +1 -0
package/dist/lib/notifications/provider.js +5 -0
package/dist/lib/notifications/provider.js.map +1 -0
package/dist/lib/notifications/providers/email.d.ts +14 -0
package/dist/lib/notifications/providers/email.d.ts.map +1 -0
package/dist/lib/notifications/providers/email.js +88 -0
package/dist/lib/notifications/providers/email.js.map +1 -0
package/dist/lib/notifications/providers/pagerduty.d.ts +16 -0
package/dist/lib/notifications/providers/pagerduty.d.ts.map +1 -0
package/dist/lib/notifications/providers/pagerduty.js +94 -0
package/dist/lib/notifications/providers/pagerduty.js.map +1 -0
package/dist/lib/notifications/providers/slack.d.ts +14 -0
package/dist/lib/notifications/providers/slack.d.ts.map +1 -0
package/dist/lib/notifications/providers/slack.js +106 -0
package/dist/lib/notifications/providers/slack.js.map +1 -0
package/dist/lib/notifications/providers/webhook.d.ts +16 -0
package/dist/lib/notifications/providers/webhook.d.ts.map +1 -0
package/dist/lib/notifications/providers/webhook.js +78 -0
package/dist/lib/notifications/providers/webhook.js.map +1 -0
package/dist/lib/notifications/router.d.ts +30 -0
package/dist/lib/notifications/router.d.ts.map +1 -0
package/dist/lib/notifications/router.js +137 -0
package/dist/lib/notifications/router.js.map +1 -0
package/dist/lib/notifications/ssrf.d.ts +13 -0
package/dist/lib/notifications/ssrf.d.ts.map +1 -0
package/dist/lib/notifications/ssrf.js +37 -0
package/dist/lib/notifications/ssrf.js.map +1 -0
package/dist/lib/optimization/analyzers/model-downgrade.d.ts +15 -0
package/dist/lib/optimization/analyzers/model-downgrade.d.ts.map +1 -0
package/dist/lib/optimization/analyzers/model-downgrade.js +58 -0
package/dist/lib/optimization/analyzers/model-downgrade.js.map +1 -0
package/dist/lib/optimization/analyzers/prompt-optimization.d.ts +17 -0
package/dist/lib/optimization/analyzers/prompt-optimization.d.ts.map +1 -0
package/dist/lib/optimization/analyzers/prompt-optimization.js +160 -0
package/dist/lib/optimization/analyzers/prompt-optimization.js.map +1 -0
package/dist/lib/optimization/analyzers/types.d.ts +23 -0
package/dist/lib/optimization/analyzers/types.d.ts.map +1 -0
package/dist/lib/optimization/analyzers/types.js +5 -0
package/dist/lib/optimization/analyzers/types.js.map +1 -0
package/dist/lib/optimization/classifier.d.ts +4 -3
package/dist/lib/optimization/classifier.d.ts.map +1 -1
package/dist/lib/optimization/classifier.js +15 -9
package/dist/lib/optimization/classifier.js.map +1 -1
package/dist/lib/optimization/cost-optimizer.d.ts +21 -0
package/dist/lib/optimization/cost-optimizer.d.ts.map +1 -0
package/dist/lib/optimization/cost-optimizer.js +114 -0
package/dist/lib/optimization/cost-optimizer.js.map +1 -0
package/dist/lib/optimization/engine.d.ts.map +1 -1
package/dist/lib/optimization/engine.js +45 -6
package/dist/lib/optimization/engine.js.map +1 -1
package/dist/lib/optimization/forecast.d.ts +39 -0
package/dist/lib/optimization/forecast.d.ts.map +1 -0
package/dist/lib/optimization/forecast.js +128 -0
package/dist/lib/optimization/forecast.js.map +1 -0
package/dist/lib/secrets.d.ts +30 -0
package/dist/lib/secrets.d.ts.map +1 -0
package/dist/lib/secrets.js +103 -0
package/dist/lib/secrets.js.map +1 -0
package/dist/lib/threshold-monitor.d.ts +53 -0
package/dist/lib/threshold-monitor.d.ts.map +1 -0
package/dist/lib/threshold-monitor.js +112 -0
package/dist/lib/threshold-monitor.js.map +1 -0
package/dist/middleware/audit.d.ts +16 -0
package/dist/middleware/audit.d.ts.map +1 -0
package/dist/middleware/audit.js +16 -0
package/dist/middleware/audit.js.map +1 -0
package/dist/middleware/auth-errors.d.ts +67 -0
package/dist/middleware/auth-errors.d.ts.map +1 -0
package/dist/middleware/auth-errors.js +84 -0
package/dist/middleware/auth-errors.js.map +1 -0
package/dist/middleware/auth.d.ts +5 -2
package/dist/middleware/auth.d.ts.map +1 -1
package/dist/middleware/auth.js +44 -17
package/dist/middleware/auth.js.map +1 -1
package/dist/middleware/body-limit.d.ts +9 -0
package/dist/middleware/body-limit.d.ts.map +1 -0
package/dist/middleware/body-limit.js +15 -0
package/dist/middleware/body-limit.js.map +1 -0
package/dist/middleware/cors-config.d.ts +30 -0
package/dist/middleware/cors-config.d.ts.map +1 -0
package/dist/middleware/cors-config.js +55 -0
package/dist/middleware/cors-config.js.map +1 -0
package/dist/middleware/rate-limit.d.ts +9 -0
package/dist/middleware/rate-limit.d.ts.map +1 -0
package/dist/middleware/rate-limit.js +56 -0
package/dist/middleware/rate-limit.js.map +1 -0
package/dist/middleware/rbac.d.ts +30 -0
package/dist/middleware/rbac.d.ts.map +1 -0
package/dist/middleware/rbac.js +87 -0
package/dist/middleware/rbac.js.map +1 -0
package/dist/middleware/security-headers.d.ts +12 -0
package/dist/middleware/security-headers.d.ts.map +1 -0
package/dist/middleware/security-headers.js +57 -0
package/dist/middleware/security-headers.js.map +1 -0
package/dist/middleware/unified-auth.d.ts +49 -0
package/dist/middleware/unified-auth.d.ts.map +1 -0
package/dist/middleware/unified-auth.js +246 -0
package/dist/middleware/unified-auth.js.map +1 -0
package/dist/middleware/validation.d.ts +31 -0
package/dist/middleware/validation.d.ts.map +1 -0
package/dist/middleware/validation.js +45 -0
package/dist/middleware/validation.js.map +1 -0
package/dist/routes/alerts.d.ts.map +1 -1
package/dist/routes/alerts.js +4 -3
package/dist/routes/alerts.js.map +1 -1
package/dist/routes/analytics.d.ts +2 -1
package/dist/routes/analytics.d.ts.map +1 -1
package/dist/routes/analytics.js +175 -95
package/dist/routes/analytics.js.map +1 -1
package/dist/routes/api-keys.d.ts +5 -0
package/dist/routes/api-keys.d.ts.map +1 -1
package/dist/routes/api-keys.js +89 -8
package/dist/routes/api-keys.js.map +1 -1
package/dist/routes/audit-verify.d.ts +12 -0
package/dist/routes/audit-verify.d.ts.map +1 -0
package/dist/routes/audit-verify.js +73 -0
package/dist/routes/audit-verify.js.map +1 -0
package/dist/routes/audit.d.ts +4 -6
package/dist/routes/audit.d.ts.map +1 -1
package/dist/routes/audit.js +54 -157
package/dist/routes/audit.js.map +1 -1
package/dist/routes/auth.d.ts +21 -0
package/dist/routes/auth.d.ts.map +1 -0
package/dist/routes/auth.js +235 -0
package/dist/routes/auth.js.map +1 -0
package/dist/routes/benchmarks.d.ts.map +1 -1
package/dist/routes/benchmarks.js +63 -11
package/dist/routes/benchmarks.js.map +1 -1
package/dist/routes/capabilities-top.d.ts.map +1 -1
package/dist/routes/capabilities-top.js +1 -4
package/dist/routes/capabilities-top.js.map +1 -1
package/dist/routes/capabilities.d.ts.map +1 -1
package/dist/routes/capabilities.js +1 -7
package/dist/routes/capabilities.js.map +1 -1
package/dist/routes/compliance.d.ts +17 -0
package/dist/routes/compliance.d.ts.map +1 -0
package/dist/routes/compliance.js +151 -0
package/dist/routes/compliance.js.map +1 -0
package/dist/routes/config.d.ts +1 -13
package/dist/routes/config.d.ts.map +1 -1
package/dist/routes/context.d.ts.map +1 -1
package/dist/routes/context.js +6 -5
package/dist/routes/context.js.map +1 -1
package/dist/routes/cost-budgets.d.ts +20 -0
package/dist/routes/cost-budgets.d.ts.map +1 -0
package/dist/routes/cost-budgets.js +194 -0
package/dist/routes/cost-budgets.js.map +1 -0
package/dist/routes/delegation.d.ts.map +1 -1
package/dist/routes/delegation.js +67 -41
package/dist/routes/delegation.js.map +1 -1
package/dist/routes/delegations-top.d.ts.map +1 -1
package/dist/routes/delegations-top.js +1 -3
package/dist/routes/delegations-top.js.map +1 -1
package/dist/routes/diagnose.d.ts +16 -0
package/dist/routes/diagnose.d.ts.map +1 -0
package/dist/routes/diagnose.js +82 -0
package/dist/routes/diagnose.js.map +1 -0
package/dist/routes/discovery.d.ts.map +1 -1
package/dist/routes/discovery.js +50 -38
package/dist/routes/discovery.js.map +1 -1
package/dist/routes/eval.d.ts +24 -0
package/dist/routes/eval.d.ts.map +1 -0
package/dist/routes/eval.js +281 -0
package/dist/routes/eval.js.map +1 -0
package/dist/routes/events.d.ts.map +1 -1
package/dist/routes/events.js +11 -6
package/dist/routes/events.js.map +1 -1
package/dist/routes/guardrails.d.ts +2 -1
package/dist/routes/guardrails.d.ts.map +1 -1
package/dist/routes/guardrails.js +85 -14
package/dist/routes/guardrails.js.map +1 -1
package/dist/routes/health.d.ts +14 -11
package/dist/routes/health.d.ts.map +1 -1
package/dist/routes/health.js +181 -61
package/dist/routes/health.js.map +1 -1
package/dist/routes/lore-proxy.d.ts +13 -0
package/dist/routes/lore-proxy.d.ts.map +1 -0
package/dist/routes/lore-proxy.js +229 -0
package/dist/routes/lore-proxy.js.map +1 -0
package/dist/routes/mesh-proxy.d.ts +7 -0
package/dist/routes/mesh-proxy.d.ts.map +1 -0
package/dist/routes/mesh-proxy.js +94 -0
package/dist/routes/mesh-proxy.js.map +1 -0
package/dist/routes/notifications.d.ts +19 -0
package/dist/routes/notifications.d.ts.map +1 -0
package/dist/routes/notifications.js +129 -0
package/dist/routes/notifications.js.map +1 -0
package/dist/routes/optimize.d.ts.map +1 -1
package/dist/routes/optimize.js +44 -0
package/dist/routes/optimize.js.map +1 -1
package/dist/routes/otlp.d.ts +17 -0
package/dist/routes/otlp.d.ts.map +1 -0
package/dist/routes/otlp.js +544 -0
package/dist/routes/otlp.js.map +1 -0
package/dist/routes/prompts.d.ts +21 -0
package/dist/routes/prompts.d.ts.map +1 -0
package/dist/routes/prompts.js +173 -0
package/dist/routes/prompts.js.map +1 -0
package/dist/routes/recall.d.ts.map +1 -1
package/dist/routes/recall.js +6 -4
package/dist/routes/recall.js.map +1 -1
package/dist/routes/replay.d.ts.map +1 -1
package/dist/routes/replay.js +2 -1
package/dist/routes/replay.js.map +1 -1
package/dist/routes/server-info.d.ts +9 -0
package/dist/routes/server-info.d.ts.map +1 -0
package/dist/routes/server-info.js +18 -0
package/dist/routes/server-info.js.map +1 -0
package/dist/routes/sessions.d.ts +7 -7
package/dist/routes/sessions.d.ts.map +1 -1
package/dist/routes/sessions.js +112 -35
package/dist/routes/sessions.js.map +1 -1
package/dist/routes/stats.d.ts.map +1 -1
package/dist/routes/stats.js +40 -0
package/dist/routes/stats.js.map +1 -1
package/dist/routes/stream.d.ts +2 -2
package/dist/routes/stream.d.ts.map +1 -1
package/dist/routes/stream.js +7 -11
package/dist/routes/stream.js.map +1 -1
package/dist/routes/tenant-helper.d.ts +15 -10
package/dist/routes/tenant-helper.d.ts.map +1 -1
package/dist/routes/tenant-helper.js +36 -22
package/dist/routes/tenant-helper.js.map +1 -1
package/dist/routes/trust.d.ts.map +1 -1
package/dist/routes/trust.js +1 -3
package/dist/routes/trust.js.map +1 -1
package/dist/schemas/api-keys.d.ts +11 -0
package/dist/schemas/api-keys.d.ts.map +1 -0
package/dist/schemas/api-keys.js +10 -0
package/dist/schemas/api-keys.js.map +1 -0
package/dist/schemas/common.d.ts +34 -0
package/dist/schemas/common.d.ts.map +1 -0
package/dist/schemas/common.js +43 -0
package/dist/schemas/common.js.map +1 -0
package/dist/schemas/delegation.d.ts +23 -0
package/dist/schemas/delegation.d.ts.map +1 -0
package/dist/schemas/delegation.js +22 -0
package/dist/schemas/delegation.js.map +1 -0
package/dist/schemas/discovery.d.ts +17 -0
package/dist/schemas/discovery.d.ts.map +1 -0
package/dist/schemas/discovery.js +15 -0
package/dist/schemas/discovery.js.map +1 -0
package/dist/schemas/health.d.ts +75 -0
package/dist/schemas/health.d.ts.map +1 -0
package/dist/schemas/health.js +55 -0
package/dist/schemas/health.js.map +1 -0
package/dist/schemas/index.d.ts +6 -0
package/dist/schemas/index.d.ts.map +1 -0
package/dist/schemas/index.js +6 -0
package/dist/schemas/index.js.map +1 -0
package/dist/schemas/sessions.d.ts +67 -0
package/dist/schemas/sessions.d.ts.map +1 -0
package/dist/schemas/sessions.js +58 -0
package/dist/schemas/sessions.js.map +1 -0
package/dist/services/delegation-service.d.ts +1 -4
package/dist/services/delegation-service.d.ts.map +1 -1
package/dist/services/delegation-service.js +5 -31
package/dist/services/delegation-service.js.map +1 -1
package/package.json +29 -19
package/dist/db/lesson-store.d.ts +0 -57
package/dist/db/lesson-store.d.ts.map +0 -1
package/dist/db/lesson-store.js +0 -217
package/dist/db/lesson-store.js.map +0 -1
package/dist/lib/embeddings/local.d.ts +0 -15
package/dist/lib/embeddings/local.d.ts.map +0 -1
package/dist/lib/embeddings/local.js +0 -65
package/dist/lib/embeddings/local.js.map +0 -1
package/dist/lib/redaction/human-review-layer.d.ts +0 -37
package/dist/lib/redaction/human-review-layer.d.ts.map +0 -1
package/dist/lib/redaction/human-review-layer.js +0 -62
package/dist/lib/redaction/human-review-layer.js.map +0 -1
package/dist/lib/redaction/index.d.ts +0 -12
package/dist/lib/redaction/index.d.ts.map +0 -1
package/dist/lib/redaction/index.js +0 -12
package/dist/lib/redaction/index.js.map +0 -1
package/dist/lib/redaction/pii-detection-layer.d.ts +0 -30
package/dist/lib/redaction/pii-detection-layer.d.ts.map +0 -1
package/dist/lib/redaction/pii-detection-layer.js +0 -183
package/dist/lib/redaction/pii-detection-layer.js.map +0 -1
package/dist/lib/redaction/pipeline.d.ts +0 -26
package/dist/lib/redaction/pipeline.d.ts.map +0 -1
package/dist/lib/redaction/pipeline.js +0 -91
package/dist/lib/redaction/pipeline.js.map +0 -1
package/dist/lib/redaction/secret-detection-layer.d.ts +0 -10
package/dist/lib/redaction/secret-detection-layer.d.ts.map +0 -1
package/dist/lib/redaction/secret-detection-layer.js +0 -79
package/dist/lib/redaction/secret-detection-layer.js.map +0 -1
package/dist/lib/redaction/secret-patterns.d.ts +0 -29
package/dist/lib/redaction/secret-patterns.d.ts.map +0 -1
package/dist/lib/redaction/secret-patterns.js +0 -133
package/dist/lib/redaction/secret-patterns.js.map +0 -1
package/dist/lib/redaction/semantic-denylist-layer.d.ts +0 -10
package/dist/lib/redaction/semantic-denylist-layer.d.ts.map +0 -1
package/dist/lib/redaction/semantic-denylist-layer.js +0 -64
package/dist/lib/redaction/semantic-denylist-layer.js.map +0 -1
package/dist/lib/redaction/tenant-deidentification-layer.d.ts +0 -10
package/dist/lib/redaction/tenant-deidentification-layer.d.ts.map +0 -1
package/dist/lib/redaction/tenant-deidentification-layer.js +0 -64
package/dist/lib/redaction/tenant-deidentification-layer.js.map +0 -1
package/dist/lib/redaction/url-path-scrubbing-layer.d.ts +0 -14
package/dist/lib/redaction/url-path-scrubbing-layer.d.ts.map +0 -1
package/dist/lib/redaction/url-path-scrubbing-layer.js +0 -156
package/dist/lib/redaction/url-path-scrubbing-layer.js.map +0 -1
package/dist/routes/community.d.ts +0 -24
package/dist/routes/community.d.ts.map +0 -1
package/dist/routes/community.js +0 -272
package/dist/routes/community.js.map +0 -1
package/dist/routes/lessons.d.ts +0 -19
package/dist/routes/lessons.d.ts.map +0 -1
package/dist/routes/lessons.js +0 -164
package/dist/routes/lessons.js.map +0 -1
package/dist/routes/redaction-test.d.ts +0 -14
package/dist/routes/redaction-test.d.ts.map +0 -1
package/dist/routes/redaction-test.js +0 -33
package/dist/routes/redaction-test.js.map +0 -1
package/dist/services/community-service.d.ts +0 -283
package/dist/services/community-service.d.ts.map +0 -1
package/dist/services/community-service.js +0 -816
package/dist/services/community-service.js.map +0 -1

package/dist/cloud/auth/jwt.js ADDED Viewed

@@ -0,0 +1,68 @@
+/**
+ * JWT utilities using Node.js built-in crypto (HMAC-SHA256).
+ * No external dependencies.
+ */
+import { createHmac, timingSafeEqual } from 'node:crypto';
+const ALG = 'HS256';
+function base64url(data) {
+    const buf = typeof data === 'string' ? Buffer.from(data, 'utf-8') : data;
+    return buf.toString('base64url');
+}
+function base64urlDecode(str) {
+    return Buffer.from(str, 'base64url').toString('utf-8');
+}
+/**
+ * Sign a JWT payload. Returns a compact JWT string.
+ */
+export function signJwt(payload, secret, expiresInSeconds = 7 * 24 * 3600) {
+    const now = Math.floor(Date.now() / 1000);
+    const fullPayload = {
+        ...payload,
+        iat: now,
+        exp: now + expiresInSeconds,
+    };
+    const header = base64url(JSON.stringify({ alg: ALG, typ: 'JWT' }));
+    const body = base64url(JSON.stringify(fullPayload));
+    const signature = createHmac('sha256', secret)
+        .update(`${header}.${body}`)
+        .digest('base64url');
+    return `${header}.${body}.${signature}`;
+}
+/**
+ * Verify and decode a JWT. Returns null if invalid or expired.
+ */
+export function verifyJwt(token, secret) {
+    try {
+        const parts = token.split('.');
+        if (parts.length !== 3)
+            return null;
+        const [header, body, signature] = parts;
+        const expectedSig = createHmac('sha256', secret)
+            .update(`${header}.${body}`)
+            .digest('base64url');
+        const sigBuf = Buffer.from(signature, 'base64url');
+        const expectedBuf = Buffer.from(expectedSig, 'base64url');
+        if (sigBuf.length !== expectedBuf.length || !timingSafeEqual(sigBuf, expectedBuf))
+            return null;
+        const payload = JSON.parse(base64urlDecode(body));
+        // Check expiry
+        const now = Math.floor(Date.now() / 1000);
+        if (payload.exp && payload.exp < now)
+            return null;
+        return payload;
+    }
+    catch {
+        return null;
+    }
+}
+/**
+ * Cookie options for JWT storage.
+ */
+export const JWT_COOKIE_OPTIONS = {
+    httpOnly: true,
+    secure: true,
+    sameSite: 'Strict',
+    path: '/',
+    maxAge: 7 * 24 * 3600, // 7 days in seconds
+};
+//# sourceMappingURL=jwt.js.map

package/dist/cloud/auth/jwt.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"jwt.js","sourceRoot":"","sources":["../../../src/cloud/auth/jwt.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAW1D,MAAM,GAAG,GAAG,OAAO,CAAC;AAEpB,SAAS,SAAS,CAAC,IAAqB;IACtC,MAAM,GAAG,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,OAAO,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACzE,OAAO,GAAG,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AACnC,CAAC;AAED,SAAS,eAAe,CAAC,GAAW;IAClC,OAAO,MAAM,CAAC,IAAI,CAAC,GAAG,EAAE,WAAW,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,CAAC;AACzD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,OAAO,CAAC,OAAwC,EAAE,MAAc,EAAE,gBAAgB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI;IAChH,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,WAAW,GAAe;QAC9B,GAAG,OAAO;QACV,GAAG,EAAE,GAAG;QACR,GAAG,EAAE,GAAG,GAAG,gBAAgB;KAC5B,CAAC;IAEF,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAC,CAAC;IACnE,MAAM,IAAI,GAAG,SAAS,CAAC,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC,CAAC,CAAC;IACpD,MAAM,SAAS,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC;SAC3C,MAAM,CAAC,GAAG,MAAM,IAAI,IAAI,EAAE,CAAC;SAC3B,MAAM,CAAC,WAAW,CAAC,CAAC;IAEvB,OAAO,GAAG,MAAM,IAAI,IAAI,IAAI,SAAS,EAAE,CAAC;AAC1C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,KAAa,EAAE,MAAc;IACrD,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;QAC/B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC;YAAE,OAAO,IAAI,CAAC;QAEpC,MAAM,CAAC,MAAM,EAAE,IAAI,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC;QACxC,MAAM,WAAW,GAAG,UAAU,CAAC,QAAQ,EAAE,MAAM,CAAC;aAC7C,MAAM,CAAC,GAAG,MAAM,IAAI,IAAI,EAAE,CAAC;aAC3B,MAAM,CAAC,WAAW,CAAC,CAAC;QAEvB,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,EAAE,WAAW,CAAC,CAAC;QACnD,MAAM,WAAW,GAAG,MAAM,CAAC,IAAI,CAAC,WAAW,EAAE,WAAW,CAAC,CAAC;QAC1D,IAAI,MAAM,CAAC,MAAM,KAAK,WAAW,CAAC,MAAM,IAAI,CAAC,eAAe,CAAC,MAAM,EAAE,WAAW,CAAC;YAAE,OAAO,IAAI,CAAC;QAE/F,MAAM,OAAO,GAAe,IAAI,CAAC,KAAK,CAAC,eAAe,CAAC,IAAI,CAAC,CAAC,CAAC;QAE9D,eAAe;QACf,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,IAAI,OAAO,CAAC,GAAG,IAAI,OAAO,CAAC,GAAG,GAAG,GAAG;YAAE,OAAO,IAAI,CAAC;QAElD,OAAO,OAAO,CAAC;IACjB,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,IAAI,CAAC;IACd,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,MAAM,kBAAkB,GAAG;IAChC,QAAQ,EAAE,IAAI;IACd,MAAM,EAAE,IAAI;IACZ,QAAQ,EAAE,QAAiB;IAC3B,IAAI,EAAE,GAAG;IACT,MAAM,EAAE,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,oBAAoB;CAC5C,CAAC"}

package/dist/cloud/auth/oauth.d.ts ADDED Viewed

@@ -0,0 +1,37 @@
+/**
+ * OAuth provider integration (Google + GitHub).
+ *
+ * This module handles:
+ * 1. Generating OAuth authorization URLs
+ * 2. Exchanging authorization codes for tokens
+ * 3. Fetching user profile from OAuth providers
+ * 4. Creating/linking user records on first login
+ * 5. Issuing JWT session cookies
+ */
+export interface OAuthProviderConfig {
+    clientId: string;
+    clientSecret: string;
+    redirectUri: string;
+}
+export interface OAuthUserProfile {
+    provider: 'google' | 'github';
+    providerId: string;
+    email: string;
+    name: string | null;
+    avatarUrl: string | null;
+}
+export interface OAuthConfig {
+    google?: OAuthProviderConfig;
+    github?: OAuthProviderConfig;
+}
+export declare function getGoogleAuthUrl(config: OAuthProviderConfig, state: string): string;
+export declare function exchangeGoogleCode(config: OAuthProviderConfig, code: string): Promise<{
+    accessToken: string;
+}>;
+export declare function getGoogleProfile(accessToken: string): Promise<OAuthUserProfile>;
+export declare function getGithubAuthUrl(config: OAuthProviderConfig, state: string): string;
+export declare function exchangeGithubCode(config: OAuthProviderConfig, code: string): Promise<{
+    accessToken: string;
+}>;
+export declare function getGithubProfile(accessToken: string): Promise<OAuthUserProfile>;
+//# sourceMappingURL=oauth.d.ts.map

package/dist/cloud/auth/oauth.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oauth.d.ts","sourceRoot":"","sources":["../../../src/cloud/auth/oauth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,MAAM,WAAW,mBAAmB;IAClC,QAAQ,EAAE,MAAM,CAAC;IACjB,YAAY,EAAE,MAAM,CAAC;IACrB,WAAW,EAAE,MAAM,CAAC;CACrB;AAED,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,EAAE,QAAQ,GAAG,QAAQ,CAAC;IAC9B,UAAU,EAAE,MAAM,CAAC;IACnB,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,EAAE,MAAM,GAAG,IAAI,CAAC;IACpB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;CAC1B;AAED,MAAM,WAAW,WAAW;IAC1B,MAAM,CAAC,EAAE,mBAAmB,CAAC;IAC7B,MAAM,CAAC,EAAE,mBAAmB,CAAC;CAC9B;AAUD,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,mBAAmB,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAUnF;AAED,wBAAsB,kBAAkB,CACtC,MAAM,EAAE,mBAAmB,EAC3B,IAAI,EAAE,MAAM,GACX,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAA;CAAE,CAAC,CAelC;AAED,wBAAsB,gBAAgB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAarF;AAWD,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,mBAAmB,EAAE,KAAK,EAAE,MAAM,GAAG,MAAM,CAQnF;AAED,wBAAsB,kBAAkB,CACtC,MAAM,EAAE,mBAAmB,EAC3B,IAAI,EAAE,MAAM,GACX,OAAO,CAAC;IAAE,WAAW,EAAE,MAAM,CAAA;CAAE,CAAC,CAiBlC;AAED,wBAAsB,gBAAgB,CAAC,WAAW,EAAE,MAAM,GAAG,OAAO,CAAC,gBAAgB,CAAC,CAwBrF"}

package/dist/cloud/auth/oauth.js ADDED Viewed

@@ -0,0 +1,120 @@
+/**
+ * OAuth provider integration (Google + GitHub).
+ *
+ * This module handles:
+ * 1. Generating OAuth authorization URLs
+ * 2. Exchanging authorization codes for tokens
+ * 3. Fetching user profile from OAuth providers
+ * 4. Creating/linking user records on first login
+ * 5. Issuing JWT session cookies
+ */
+// ═══════════════════════════════════════════
+// Google OAuth
+// ═══════════════════════════════════════════
+const GOOGLE_AUTH_URL = 'https://accounts.google.com/o/oauth2/v2/auth';
+const GOOGLE_TOKEN_URL = 'https://oauth2.googleapis.com/token';
+const GOOGLE_USERINFO_URL = 'https://www.googleapis.com/oauth2/v2/userinfo';
+export function getGoogleAuthUrl(config, state) {
+    const params = new URLSearchParams({
+        client_id: config.clientId,
+        redirect_uri: config.redirectUri,
+        response_type: 'code',
+        scope: 'openid email profile',
+        state,
+        access_type: 'offline',
+    });
+    return `${GOOGLE_AUTH_URL}?${params}`;
+}
+export async function exchangeGoogleCode(config, code) {
+    const resp = await fetch(GOOGLE_TOKEN_URL, {
+        method: 'POST',
+        headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
+        body: new URLSearchParams({
+            client_id: config.clientId,
+            client_secret: config.clientSecret,
+            redirect_uri: config.redirectUri,
+            code,
+            grant_type: 'authorization_code',
+        }),
+    });
+    if (!resp.ok)
+        throw new Error(`Google token exchange failed: ${resp.status}`);
+    const data = await resp.json();
+    return { accessToken: data.access_token };
+}
+export async function getGoogleProfile(accessToken) {
+    const resp = await fetch(GOOGLE_USERINFO_URL, {
+        headers: { Authorization: `Bearer ${accessToken}` },
+    });
+    if (!resp.ok)
+        throw new Error(`Google profile fetch failed: ${resp.status}`);
+    const data = await resp.json();
+    return {
+        provider: 'google',
+        providerId: data.id,
+        email: data.email,
+        name: data.name ?? null,
+        avatarUrl: data.picture ?? null,
+    };
+}
+// ═══════════════════════════════════════════
+// GitHub OAuth
+// ═══════════════════════════════════════════
+const GITHUB_AUTH_URL = 'https://github.com/login/oauth/authorize';
+const GITHUB_TOKEN_URL = 'https://github.com/login/oauth/access_token';
+const GITHUB_USER_URL = 'https://api.github.com/user';
+const GITHUB_EMAILS_URL = 'https://api.github.com/user/emails';
+export function getGithubAuthUrl(config, state) {
+    const params = new URLSearchParams({
+        client_id: config.clientId,
+        redirect_uri: config.redirectUri,
+        scope: 'user:email',
+        state,
+    });
+    return `${GITHUB_AUTH_URL}?${params}`;
+}
+export async function exchangeGithubCode(config, code) {
+    const resp = await fetch(GITHUB_TOKEN_URL, {
+        method: 'POST',
+        headers: {
+            'Content-Type': 'application/json',
+            Accept: 'application/json',
+        },
+        body: JSON.stringify({
+            client_id: config.clientId,
+            client_secret: config.clientSecret,
+            code,
+        }),
+    });
+    if (!resp.ok)
+        throw new Error(`GitHub token exchange failed: ${resp.status}`);
+    const data = await resp.json();
+    if (data.error)
+        throw new Error(`GitHub OAuth error: ${data.error_description || data.error}`);
+    return { accessToken: data.access_token };
+}
+export async function getGithubProfile(accessToken) {
+    const [userResp, emailsResp] = await Promise.all([
+        fetch(GITHUB_USER_URL, { headers: { Authorization: `Bearer ${accessToken}`, Accept: 'application/json' } }),
+        fetch(GITHUB_EMAILS_URL, { headers: { Authorization: `Bearer ${accessToken}`, Accept: 'application/json' } }),
+    ]);
+    if (!userResp.ok)
+        throw new Error(`GitHub user fetch failed: ${userResp.status}`);
+    const user = await userResp.json();
+    let email = user.email;
+    if (!email && emailsResp.ok) {
+        const emails = await emailsResp.json();
+        const primary = emails.find((e) => e.primary && e.verified);
+        email = primary?.email ?? emails[0]?.email;
+    }
+    if (!email)
+        throw new Error('No email found from GitHub');
+    return {
+        provider: 'github',
+        providerId: String(user.id),
+        email,
+        name: user.name ?? user.login ?? null,
+        avatarUrl: user.avatar_url ?? null,
+    };
+}
+//# sourceMappingURL=oauth.js.map

package/dist/cloud/auth/oauth.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"oauth.js","sourceRoot":"","sources":["../../../src/cloud/auth/oauth.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAqBH,8CAA8C;AAC9C,eAAe;AACf,8CAA8C;AAE9C,MAAM,eAAe,GAAG,8CAA8C,CAAC;AACvE,MAAM,gBAAgB,GAAG,qCAAqC,CAAC;AAC/D,MAAM,mBAAmB,GAAG,+CAA+C,CAAC;AAE5E,MAAM,UAAU,gBAAgB,CAAC,MAA2B,EAAE,KAAa;IACzE,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,SAAS,EAAE,MAAM,CAAC,QAAQ;QAC1B,YAAY,EAAE,MAAM,CAAC,WAAW;QAChC,aAAa,EAAE,MAAM;QACrB,KAAK,EAAE,sBAAsB;QAC7B,KAAK;QACL,WAAW,EAAE,SAAS;KACvB,CAAC,CAAC;IACH,OAAO,GAAG,eAAe,IAAI,MAAM,EAAE,CAAC;AACxC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,MAA2B,EAC3B,IAAY;IAEZ,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,gBAAgB,EAAE;QACzC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE,cAAc,EAAE,mCAAmC,EAAE;QAChE,IAAI,EAAE,IAAI,eAAe,CAAC;YACxB,SAAS,EAAE,MAAM,CAAC,QAAQ;YAC1B,aAAa,EAAE,MAAM,CAAC,YAAY;YAClC,YAAY,EAAE,MAAM,CAAC,WAAW;YAChC,IAAI;YACJ,UAAU,EAAE,oBAAoB;SACjC,CAAC;KACH,CAAC,CAAC;IACH,IAAI,CAAC,IAAI,CAAC,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IAC9E,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;IAC/B,OAAO,EAAE,WAAW,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC;AAC5C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,WAAmB;IACxD,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,mBAAmB,EAAE;QAC5C,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,WAAW,EAAE,EAAE;KACpD,CAAC,CAAC;IACH,IAAI,CAAC,IAAI,CAAC,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,gCAAgC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IAC7E,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;IAC/B,OAAO;QACL,QAAQ,EAAE,QAAQ;QAClB,UAAU,EAAE,IAAI,CAAC,EAAE;QACnB,KAAK,EAAE,IAAI,CAAC,KAAK;QACjB,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,IAAI;QACvB,SAAS,EAAE,IAAI,CAAC,OAAO,IAAI,IAAI;KAChC,CAAC;AACJ,CAAC;AAED,8CAA8C;AAC9C,eAAe;AACf,8CAA8C;AAE9C,MAAM,eAAe,GAAG,0CAA0C,CAAC;AACnE,MAAM,gBAAgB,GAAG,6CAA6C,CAAC;AACvE,MAAM,eAAe,GAAG,6BAA6B,CAAC;AACtD,MAAM,iBAAiB,GAAG,oCAAoC,CAAC;AAE/D,MAAM,UAAU,gBAAgB,CAAC,MAA2B,EAAE,KAAa;IACzE,MAAM,MAAM,GAAG,IAAI,eAAe,CAAC;QACjC,SAAS,EAAE,MAAM,CAAC,QAAQ;QAC1B,YAAY,EAAE,MAAM,CAAC,WAAW;QAChC,KAAK,EAAE,YAAY;QACnB,KAAK;KACN,CAAC,CAAC;IACH,OAAO,GAAG,eAAe,IAAI,MAAM,EAAE,CAAC;AACxC,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,kBAAkB,CACtC,MAA2B,EAC3B,IAAY;IAEZ,MAAM,IAAI,GAAG,MAAM,KAAK,CAAC,gBAAgB,EAAE;QACzC,MAAM,EAAE,MAAM;QACd,OAAO,EAAE;YACP,cAAc,EAAE,kBAAkB;YAClC,MAAM,EAAE,kBAAkB;SAC3B;QACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;YACnB,SAAS,EAAE,MAAM,CAAC,QAAQ;YAC1B,aAAa,EAAE,MAAM,CAAC,YAAY;YAClC,IAAI;SACL,CAAC;KACH,CAAC,CAAC;IACH,IAAI,CAAC,IAAI,CAAC,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,iCAAiC,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IAC9E,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;IAC/B,IAAI,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,uBAAuB,IAAI,CAAC,iBAAiB,IAAI,IAAI,CAAC,KAAK,EAAE,CAAC,CAAC;IAC/F,OAAO,EAAE,WAAW,EAAE,IAAI,CAAC,YAAY,EAAE,CAAC;AAC5C,CAAC;AAED,MAAM,CAAC,KAAK,UAAU,gBAAgB,CAAC,WAAmB;IACxD,MAAM,CAAC,QAAQ,EAAE,UAAU,CAAC,GAAG,MAAM,OAAO,CAAC,GAAG,CAAC;QAC/C,KAAK,CAAC,eAAe,EAAE,EAAE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,WAAW,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE,EAAE,CAAC;QAC3G,KAAK,CAAC,iBAAiB,EAAE,EAAE,OAAO,EAAE,EAAE,aAAa,EAAE,UAAU,WAAW,EAAE,EAAE,MAAM,EAAE,kBAAkB,EAAE,EAAE,CAAC;KAC9G,CAAC,CAAC;IAEH,IAAI,CAAC,QAAQ,CAAC,EAAE;QAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,QAAQ,CAAC,MAAM,EAAE,CAAC,CAAC;IAClF,MAAM,IAAI,GAAG,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAC;IAEnC,IAAI,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC;IACvB,IAAI,CAAC,KAAK,IAAI,UAAU,CAAC,EAAE,EAAE,CAAC;QAC5B,MAAM,MAAM,GAAG,MAAM,UAAU,CAAC,IAAI,EAAE,CAAC;QACvC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAM,EAAE,EAAE,CAAC,CAAC,CAAC,OAAO,IAAI,CAAC,CAAC,QAAQ,CAAC,CAAC;QACjE,KAAK,GAAG,OAAO,EAAE,KAAK,IAAI,MAAM,CAAC,CAAC,CAAC,EAAE,KAAK,CAAC;IAC7C,CAAC;IACD,IAAI,CAAC,KAAK;QAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;IAE1D,OAAO;QACL,QAAQ,EAAE,QAAQ;QAClB,UAAU,EAAE,MAAM,CAAC,IAAI,CAAC,EAAE,CAAC;QAC3B,KAAK;QACL,IAAI,EAAE,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,KAAK,IAAI,IAAI;QACrC,SAAS,EAAE,IAAI,CAAC,UAAU,IAAI,IAAI;KACnC,CAAC;AACJ,CAAC"}

package/dist/cloud/auth/passwords.d.ts ADDED Viewed

@@ -0,0 +1,25 @@
+/**
+ * Password hashing and validation utilities.
+ * Uses Node.js built-in crypto (scrypt) — no external dependencies.
+ */
+/**
+ * Hash a password using scrypt.
+ * Returns "salt:hash" in hex encoding.
+ */
+export declare function hashPassword(password: string): Promise<string>;
+/**
+ * Verify a password against a stored hash.
+ */
+export declare function verifyPassword(password: string, storedHash: string): Promise<boolean>;
+/**
+ * Password complexity requirements:
+ * - Min 8 characters
+ * - At least 1 uppercase letter
+ * - At least 1 lowercase letter
+ * - At least 1 digit
+ */
+export declare function validatePasswordComplexity(password: string): {
+    valid: boolean;
+    errors: string[];
+};
+//# sourceMappingURL=passwords.d.ts.map

package/dist/cloud/auth/passwords.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"passwords.d.ts","sourceRoot":"","sources":["../../../src/cloud/auth/passwords.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAUH;;;GAGG;AACH,wBAAsB,YAAY,CAAC,QAAQ,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAIpE;AAED;;GAEG;AACH,wBAAsB,cAAc,CAAC,QAAQ,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAO3F;AAED;;;;;;GAMG;AACH,wBAAgB,0BAA0B,CAAC,QAAQ,EAAE,MAAM,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAOjG"}

package/dist/cloud/auth/passwords.js ADDED Viewed

@@ -0,0 +1,50 @@
+/**
+ * Password hashing and validation utilities.
+ * Uses Node.js built-in crypto (scrypt) — no external dependencies.
+ */
+import { scrypt, randomBytes, timingSafeEqual } from 'node:crypto';
+import { promisify } from 'node:util';
+const scryptAsync = promisify(scrypt);
+const SALT_LENGTH = 32;
+const KEY_LENGTH = 64;
+/**
+ * Hash a password using scrypt.
+ * Returns "salt:hash" in hex encoding.
+ */
+export async function hashPassword(password) {
+    const salt = randomBytes(SALT_LENGTH);
+    const derived = (await scryptAsync(password, salt, KEY_LENGTH));
+    return `${salt.toString('hex')}:${derived.toString('hex')}`;
+}
+/**
+ * Verify a password against a stored hash.
+ */
+export async function verifyPassword(password, storedHash) {
+    const [saltHex, hashHex] = storedHash.split(':');
+    if (!saltHex || !hashHex)
+        return false;
+    const salt = Buffer.from(saltHex, 'hex');
+    const stored = Buffer.from(hashHex, 'hex');
+    const derived = (await scryptAsync(password, salt, KEY_LENGTH));
+    return timingSafeEqual(stored, derived);
+}
+/**
+ * Password complexity requirements:
+ * - Min 8 characters
+ * - At least 1 uppercase letter
+ * - At least 1 lowercase letter
+ * - At least 1 digit
+ */
+export function validatePasswordComplexity(password) {
+    const errors = [];
+    if (password.length < 8)
+        errors.push('Password must be at least 8 characters');
+    if (!/[A-Z]/.test(password))
+        errors.push('Password must contain at least 1 uppercase letter');
+    if (!/[a-z]/.test(password))
+        errors.push('Password must contain at least 1 lowercase letter');
+    if (!/\d/.test(password))
+        errors.push('Password must contain at least 1 digit');
+    return { valid: errors.length === 0, errors };
+}
+//# sourceMappingURL=passwords.js.map

package/dist/cloud/auth/passwords.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"passwords.js","sourceRoot":"","sources":["../../../src/cloud/auth/passwords.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,MAAM,EAAE,WAAW,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AACnE,OAAO,EAAE,SAAS,EAAE,MAAM,WAAW,CAAC;AAEtC,MAAM,WAAW,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;AAEtC,MAAM,WAAW,GAAG,EAAE,CAAC;AACvB,MAAM,UAAU,GAAG,EAAE,CAAC;AAEtB;;;GAGG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAAC,QAAgB;IACjD,MAAM,IAAI,GAAG,WAAW,CAAC,WAAW,CAAC,CAAC;IACtC,MAAM,OAAO,GAAG,CAAC,MAAM,WAAW,CAAC,QAAQ,EAAE,IAAI,EAAE,UAAU,CAAC,CAAW,CAAC;IAC1E,OAAO,GAAG,IAAI,CAAC,QAAQ,CAAC,KAAK,CAAC,IAAI,OAAO,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;AAC9D,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc,CAAC,QAAgB,EAAE,UAAkB;IACvE,MAAM,CAAC,OAAO,EAAE,OAAO,CAAC,GAAG,UAAU,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;IACjD,IAAI,CAAC,OAAO,IAAI,CAAC,OAAO;QAAE,OAAO,KAAK,CAAC;IACvC,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IACzC,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,OAAO,EAAE,KAAK,CAAC,CAAC;IAC3C,MAAM,OAAO,GAAG,CAAC,MAAM,WAAW,CAAC,QAAQ,EAAE,IAAI,EAAE,UAAU,CAAC,CAAW,CAAC;IAC1E,OAAO,eAAe,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;AAC1C,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,0BAA0B,CAAC,QAAgB;IACzD,MAAM,MAAM,GAAa,EAAE,CAAC;IAC5B,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC;QAAE,MAAM,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;IAC/E,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,MAAM,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;IAC9F,IAAI,CAAC,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,MAAM,CAAC,IAAI,CAAC,mDAAmD,CAAC,CAAC;IAC9F,IAAI,CAAC,IAAI,CAAC,IAAI,CAAC,QAAQ,CAAC;QAAE,MAAM,CAAC,IAAI,CAAC,wCAAwC,CAAC,CAAC;IAChF,OAAO,EAAE,KAAK,EAAE,MAAM,CAAC,MAAM,KAAK,CAAC,EAAE,MAAM,EAAE,CAAC;AAChD,CAAC"}

package/dist/cloud/auth/rbac.d.ts ADDED Viewed

@@ -0,0 +1,51 @@
+/**
+ * RBAC Middleware (S-2.5)
+ *
+ * Role-based access control for dashboard API routes.
+ * Permission matrix:
+ *   Owner  = all actions
+ *   Admin  = all except billing, org deletion, ownership transfer
+ *   Member = read dashboard, create sessions/benchmarks (no API keys, team mgmt, billing, settings)
+ *   Viewer = read-only dashboard data
+ */
+import type { AuditLogService } from './audit-log.js';
+export type Role = 'owner' | 'admin' | 'auditor' | 'member' | 'viewer';
+export type ActionCategory = 'read' | 'write' | 'manage' | 'billing';
+/**
+ * Permission matrix: which roles can perform which action categories.
+ */
+export declare const PERMISSION_MATRIX: Record<ActionCategory, readonly Role[]>;
+/**
+ * Map a route/action description to an action category.
+ * Used internally and exposed for testing.
+ */
+export declare function categorizeAction(action: string): ActionCategory;
+export interface RbacRequest {
+    orgId: string;
+    userId: string;
+    role: Role;
+    path?: string;
+    ip?: string;
+}
+export interface RbacResult {
+    allowed: boolean;
+    statusCode?: number;
+    error?: string;
+}
+/**
+ * Check if a role is allowed to perform an action category.
+ */
+export declare function isRoleAllowed(role: Role, category: ActionCategory): boolean;
+/**
+ * Create a requireRole middleware function.
+ *
+ * @param allowedRoles - Roles that are permitted for this route
+ * @param auditLog - Optional audit log service to log denials
+ * @returns Middleware-style check function
+ */
+export declare function requireRole(allowedRoles: Role[], auditLog?: AuditLogService): (req: RbacRequest) => Promise<RbacResult>;
+/**
+ * Convenience: create a requireRole check by action category.
+ */
+export declare function requireActionCategory(category: ActionCategory, auditLog?: AuditLogService): (req: RbacRequest) => Promise<RbacResult>;
+//# sourceMappingURL=rbac.d.ts.map

package/dist/cloud/auth/rbac.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"rbac.d.ts","sourceRoot":"","sources":["../../../src/cloud/auth/rbac.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAEH,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,gBAAgB,CAAC;AAEtD,MAAM,MAAM,IAAI,GAAG,OAAO,GAAG,OAAO,GAAG,SAAS,GAAG,QAAQ,GAAG,QAAQ,CAAC;AAEvE,MAAM,MAAM,cAAc,GACtB,MAAM,GACN,OAAO,GACP,QAAQ,GACR,SAAS,CAAC;AAEd;;GAEG;AACH,eAAO,MAAM,iBAAiB,EAAE,MAAM,CAAC,cAAc,EAAE,SAAS,IAAI,EAAE,CAK5D,CAAC;AAEX;;;GAGG;AACH,wBAAgB,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,cAAc,CAa/D;AAED,MAAM,WAAW,WAAW;IAC1B,KAAK,EAAE,MAAM,CAAC;IACd,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,IAAI,CAAC;IACX,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,EAAE,CAAC,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,UAAU;IACzB,OAAO,EAAE,OAAO,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED;;GAEG;AACH,wBAAgB,aAAa,CAAC,IAAI,EAAE,IAAI,EAAE,QAAQ,EAAE,cAAc,GAAG,OAAO,CAE3E;AAED;;;;;;GAMG;AACH,wBAAgB,WAAW,CACzB,YAAY,EAAE,IAAI,EAAE,EACpB,QAAQ,CAAC,EAAE,eAAe,GACzB,CAAC,GAAG,EAAE,WAAW,KAAK,OAAO,CAAC,UAAU,CAAC,CA+B3C;AAED;;GAEG;AACH,wBAAgB,qBAAqB,CACnC,QAAQ,EAAE,cAAc,EACxB,QAAQ,CAAC,EAAE,eAAe,GACzB,CAAC,GAAG,EAAE,WAAW,KAAK,OAAO,CAAC,UAAU,CAAC,CAE3C"}

package/dist/cloud/auth/rbac.js ADDED Viewed

@@ -0,0 +1,89 @@
+/**
+ * RBAC Middleware (S-2.5)
+ *
+ * Role-based access control for dashboard API routes.
+ * Permission matrix:
+ *   Owner  = all actions
+ *   Admin  = all except billing, org deletion, ownership transfer
+ *   Member = read dashboard, create sessions/benchmarks (no API keys, team mgmt, billing, settings)
+ *   Viewer = read-only dashboard data
+ */
+/**
+ * Permission matrix: which roles can perform which action categories.
+ */
+export const PERMISSION_MATRIX = {
+    read: ['owner', 'admin', 'auditor', 'member', 'viewer'],
+    write: ['owner', 'admin', 'member'],
+    manage: ['owner', 'admin', 'auditor'],
+    billing: ['owner'],
+};
+/**
+ * Map a route/action description to an action category.
+ * Used internally and exposed for testing.
+ */
+export function categorizeAction(action) {
+    // Billing and destructive org ops
+    if (/billing|invoice|upgrade|downgrade|portal/.test(action))
+        return 'billing';
+    if (/org.*delete|delete.*org|org.*transfer|transfer.*ownership/.test(action))
+        return 'billing';
+    // Management actions
+    if (/api[_-]?key|member|invitation|invite|settings|audit|export|import|role/.test(action))
+        return 'manage';
+    // Write actions
+    if (/create|update|patch|post|put|configure/.test(action))
+        return 'write';
+    // Default: read
+    return 'read';
+}
+/**
+ * Check if a role is allowed to perform an action category.
+ */
+export function isRoleAllowed(role, category) {
+    return PERMISSION_MATRIX[category].includes(role);
+}
+/**
+ * Create a requireRole middleware function.
+ *
+ * @param allowedRoles - Roles that are permitted for this route
+ * @param auditLog - Optional audit log service to log denials
+ * @returns Middleware-style check function
+ */
+export function requireRole(allowedRoles, auditLog) {
+    return async (req) => {
+        if (allowedRoles.includes(req.role)) {
+            return { allowed: true };
+        }
+        // Log permission denied to audit log
+        if (auditLog) {
+            try {
+                await auditLog.write({
+                    org_id: req.orgId,
+                    actor_type: 'user',
+                    actor_id: req.userId,
+                    action: 'permission.denied',
+                    resource_type: 'route',
+                    resource_id: req.path ?? null,
+                    details: { role: req.role, required_roles: allowedRoles },
+                    ip_address: req.ip ?? null,
+                    result: 'failure',
+                });
+            }
+            catch {
+                // Don't fail the request if audit logging fails
+            }
+        }
+        return {
+            allowed: false,
+            statusCode: 403,
+            error: 'Insufficient permissions',
+        };
+    };
+}
+/**
+ * Convenience: create a requireRole check by action category.
+ */
+export function requireActionCategory(category, auditLog) {
+    return requireRole([...PERMISSION_MATRIX[category]], auditLog);
+}
+//# sourceMappingURL=rbac.js.map

package/dist/cloud/auth/rbac.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"rbac.js","sourceRoot":"","sources":["../../../src/cloud/auth/rbac.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAYH;;GAEG;AACH,MAAM,CAAC,MAAM,iBAAiB,GAA4C;IACxE,IAAI,EAAK,CAAC,OAAO,EAAE,OAAO,EAAE,SAAS,EAAE,QAAQ,EAAE,QAAQ,CAAC;IAC1D,KAAK,EAAI,CAAC,OAAO,EAAE,OAAO,EAAE,QAAQ,CAAC;IACrC,MAAM,EAAG,CAAC,OAAO,EAAE,OAAO,EAAE,SAAS,CAAC;IACtC,OAAO,EAAE,CAAC,OAAO,CAAC;CACV,CAAC;AAEX;;;GAGG;AACH,MAAM,UAAU,gBAAgB,CAAC,MAAc;IAC7C,kCAAkC;IAClC,IAAI,0CAA0C,CAAC,IAAI,CAAC,MAAM,CAAC;QAAE,OAAO,SAAS,CAAC;IAC9E,IAAI,2DAA2D,CAAC,IAAI,CAAC,MAAM,CAAC;QAAE,OAAO,SAAS,CAAC;IAE/F,qBAAqB;IACrB,IAAI,wEAAwE,CAAC,IAAI,CAAC,MAAM,CAAC;QAAE,OAAO,QAAQ,CAAC;IAE3G,gBAAgB;IAChB,IAAI,wCAAwC,CAAC,IAAI,CAAC,MAAM,CAAC;QAAE,OAAO,OAAO,CAAC;IAE1E,gBAAgB;IAChB,OAAO,MAAM,CAAC;AAChB,CAAC;AAgBD;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,IAAU,EAAE,QAAwB;IAChE,OAAQ,iBAAiB,CAAC,QAAQ,CAAuB,CAAC,QAAQ,CAAC,IAAI,CAAC,CAAC;AAC3E,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,WAAW,CACzB,YAAoB,EACpB,QAA0B;IAE1B,OAAO,KAAK,EAAE,GAAgB,EAAuB,EAAE;QACrD,IAAI,YAAY,CAAC,QAAQ,CAAC,GAAG,CAAC,IAAI,CAAC,EAAE,CAAC;YACpC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC;QAC3B,CAAC;QAED,qCAAqC;QACrC,IAAI,QAAQ,EAAE,CAAC;YACb,IAAI,CAAC;gBACH,MAAM,QAAQ,CAAC,KAAK,CAAC;oBACnB,MAAM,EAAE,GAAG,CAAC,KAAK;oBACjB,UAAU,EAAE,MAAM;oBAClB,QAAQ,EAAE,GAAG,CAAC,MAAM;oBACpB,MAAM,EAAE,mBAAmB;oBAC3B,aAAa,EAAE,OAAO;oBACtB,WAAW,EAAE,GAAG,CAAC,IAAI,IAAI,IAAI;oBAC7B,OAAO,EAAE,EAAE,IAAI,EAAE,GAAG,CAAC,IAAI,EAAE,cAAc,EAAE,YAAY,EAAE;oBACzD,UAAU,EAAE,GAAG,CAAC,EAAE,IAAI,IAAI;oBAC1B,MAAM,EAAE,SAAS;iBAClB,CAAC,CAAC;YACL,CAAC;YAAC,MAAM,CAAC;gBACP,gDAAgD;YAClD,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,KAAK;YACd,UAAU,EAAE,GAAG;YACf,KAAK,EAAE,0BAA0B;SAClC,CAAC;IACJ,CAAC,CAAC;AACJ,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB,CACnC,QAAwB,EACxB,QAA0B;IAE1B,OAAO,WAAW,CAAC,CAAC,GAAG,iBAAiB,CAAC,QAAQ,CAAC,CAAC,EAAE,QAAQ,CAAC,CAAC;AACjE,CAAC"}

package/dist/cloud/auth/tokens.d.ts ADDED Viewed

@@ -0,0 +1,18 @@
+/**
+ * Token utilities for email verification and password reset.
+ * Uses crypto.randomBytes for secure token generation.
+ */
+/**
+ * Generate a secure random token (URL-safe).
+ */
+export declare function generateToken(bytes?: number): string;
+/**
+ * Hash a token for storage (SHA-256).
+ * We store the hash, not the raw token — same pattern as API keys.
+ */
+export declare function hashToken(token: string): string;
+/**
+ * Verify a raw token against its stored hash.
+ */
+export declare function verifyToken(token: string, storedHash: string): boolean;
+//# sourceMappingURL=tokens.d.ts.map

package/dist/cloud/auth/tokens.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"tokens.d.ts","sourceRoot":"","sources":["../../../src/cloud/auth/tokens.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAIH;;GAEG;AACH,wBAAgB,aAAa,CAAC,KAAK,SAAK,GAAG,MAAM,CAEhD;AAED;;;GAGG;AACH,wBAAgB,SAAS,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAE/C;AAED;;GAEG;AACH,wBAAgB,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,UAAU,EAAE,MAAM,GAAG,OAAO,CAKtE"}

package/dist/cloud/auth/tokens.js ADDED Viewed

@@ -0,0 +1,29 @@
+/**
+ * Token utilities for email verification and password reset.
+ * Uses crypto.randomBytes for secure token generation.
+ */
+import { randomBytes, createHash, timingSafeEqual } from 'node:crypto';
+/**
+ * Generate a secure random token (URL-safe).
+ */
+export function generateToken(bytes = 32) {
+    return randomBytes(bytes).toString('base64url');
+}
+/**
+ * Hash a token for storage (SHA-256).
+ * We store the hash, not the raw token — same pattern as API keys.
+ */
+export function hashToken(token) {
+    return createHash('sha256').update(token).digest('hex');
+}
+/**
+ * Verify a raw token against its stored hash.
+ */
+export function verifyToken(token, storedHash) {
+    const computed = Buffer.from(hashToken(token), 'hex');
+    const stored = Buffer.from(storedHash, 'hex');
+    if (computed.length !== stored.length)
+        return false;
+    return timingSafeEqual(computed, stored);
+}
+//# sourceMappingURL=tokens.js.map

package/dist/cloud/auth/tokens.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"tokens.js","sourceRoot":"","sources":["../../../src/cloud/auth/tokens.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,WAAW,EAAE,UAAU,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAEvE;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,KAAK,GAAG,EAAE;IACtC,OAAO,WAAW,CAAC,KAAK,CAAC,CAAC,QAAQ,CAAC,WAAW,CAAC,CAAC;AAClD,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,SAAS,CAAC,KAAa;IACrC,OAAO,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;AAC1D,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,WAAW,CAAC,KAAa,EAAE,UAAkB;IAC3D,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,SAAS,CAAC,KAAK,CAAC,EAAE,KAAK,CAAC,CAAC;IACtD,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,UAAU,EAAE,KAAK,CAAC,CAAC;IAC9C,IAAI,QAAQ,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IACpD,OAAO,eAAe,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;AAC3C,CAAC"}

package/dist/cloud/billing/billing-service.d.ts ADDED Viewed

@@ -0,0 +1,44 @@
+/**
+ * Billing Service (S-6.1)
+ *
+ * Handles Stripe customer lifecycle, subscription management,
+ * and webhook processing.
+ */
+import type { IStripeClient, TierName, StripeWebhookEvent } from './stripe-client.js';
+import type { MigrationClient } from '../migrate.js';
+export interface BillingServiceDeps {
+    stripe: IStripeClient;
+    db: MigrationClient;
+}
+export interface WebhookResult {
+    handled: boolean;
+    action?: string;
+    error?: string;
+}
+export declare class BillingService {
+    private deps;
+    constructor(deps: BillingServiceDeps);
+    /**
+     * Create a Stripe customer for an org (called on org creation).
+     * Stores stripe_customer_id on the orgs table.
+     */
+    createCustomerForOrg(orgId: string, email: string, name: string): Promise<string>;
+    /**
+     * Upgrade an org to a paid plan. Creates a Stripe subscription.
+     */
+    upgradePlan(orgId: string, newTier: TierName): Promise<void>;
+    /**
+     * Downgrade an org (cancels at period end, schedules free tier).
+     */
+    downgradePlan(orgId: string): Promise<void>;
+    /**
+     * Process a Stripe webhook event.
+     */
+    handleWebhook(event: StripeWebhookEvent): Promise<WebhookResult>;
+    private handleInvoicePaid;
+    private handlePaymentFailed;
+    private handleSubscriptionUpdated;
+    private handleSubscriptionDeleted;
+    private getOrg;
+}
+//# sourceMappingURL=billing-service.d.ts.map

package/dist/cloud/billing/billing-service.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"billing-service.d.ts","sourceRoot":"","sources":["../../../src/cloud/billing/billing-service.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,KAAK,EAAE,aAAa,EAAE,QAAQ,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAEtF,OAAO,KAAK,EAAE,eAAe,EAAE,MAAM,eAAe,CAAC;AAErD,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,aAAa,CAAC;IACtB,EAAE,EAAE,eAAe,CAAC;CACrB;AAED,MAAM,WAAW,aAAa;IAC5B,OAAO,EAAE,OAAO,CAAC;IACjB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,KAAK,CAAC,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,cAAc;IACb,OAAO,CAAC,IAAI;gBAAJ,IAAI,EAAE,kBAAkB;IAE5C;;;OAGG;IACG,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC;IAWvF;;OAEG;IACG,WAAW,CAAC,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC;IAmClE;;OAEG;IACG,aAAa,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;IAgBjD;;OAEG;IACG,aAAa,CAAC,KAAK,EAAE,kBAAkB,GAAG,OAAO,CAAC,aAAa,CAAC;YAqBxD,iBAAiB;YA2BjB,mBAAmB;YAqBnB,yBAAyB;YA6BzB,yBAAyB;YAuBzB,MAAM;CAcrB"}