@agentlensai/server 0.11.0 → 0.14.0

package/dist/routes/api-keys.js

@@ -6,22 +6,30 @@
  * DELETE /api/keys/:id — revoke (soft delete) a key
  */
 import { Hono } from 'hono';
+import { getTenantId } from './tenant-helper.js';
 import { randomBytes } from 'node:crypto';
 import { ulid } from 'ulid';
 import { apiKeys } from '../db/schema.sqlite.js';
-import { eq, and } from 'drizzle-orm';
+import { eq, and, isNotNull, lte } from 'drizzle-orm';
 import { hashApiKey } from '../middleware/auth.js';
+import { createApiKeySchema } from '../schemas/api-keys.js';
+import { formatZodErrors } from '../middleware/validation.js';
 export function apiKeysRoutes(db) {
     const app = new Hono();
     // POST /api/keys — create a new API key
     app.post('/', async (c) => {
-        const body = await c.req.json().catch(() => ({}));
-        const name = body.name;
-        const scopes = body.scopes;
-        const requestedTenantId = body.tenantId;
+        const rawBody = await c.req.json().catch(() => null);
+        if (rawBody === null) {
+            return c.json({ error: 'Invalid JSON body', status: 400 }, 400);
+        }
+        const parseResult = createApiKeySchema.safeParse(rawBody);
+        if (!parseResult.success) {
+            return c.json({ error: 'Validation failed', status: 400, details: formatZodErrors(parseResult.error) }, 400);
+        }
+        const { name, scopes, tenantId: requestedTenantId } = parseResult.data;
         // Enforce tenant isolation: non-dev callers can only create keys for their own tenant
         const callerKey = c.get('apiKey');
-        const callerTenantId = callerKey?.tenantId ?? 'default';
+        const callerTenantId = getTenantId(c);
         const isDevMode = callerKey?.id === 'dev';
         // In dev mode, allow specifying tenantId; otherwise force caller's tenant
         const resolvedTenantId = isDevMode
@@ -53,7 +61,7 @@ export function apiKeysRoutes(db) {
     // GET /api/keys — list keys for caller's tenant only
     app.get('/', (c) => {
         const callerKey = c.get('apiKey');
-        const callerTenantId = callerKey?.tenantId ?? 'default';
+        const callerTenantId = getTenantId(c);
         const rows = db
             .select()
             .from(apiKeys)
@@ -77,12 +85,74 @@ export function apiKeysRoutes(db) {
         }));
         return c.json({ keys });
     });
+    // POST /api/keys/:id/rotate — rotate a key (admin only, SH-6)
+    app.post('/:id/rotate', async (c) => {
+        const callerKey = c.get('apiKey');
+        const callerTenantId = getTenantId(c);
+        // Require admin role (dev mode counts as admin)
+        const isDevMode = callerKey?.id === 'dev';
+        if (!isDevMode) {
+            // Look up the caller's key to check role
+            const callerRow = db
+                .select()
+                .from(apiKeys)
+                .where(eq(apiKeys.id, callerKey.id))
+                .get();
+            if (!callerRow || (callerRow.role !== 'admin' && callerRow.role !== 'owner')) {
+                return c.json({ error: 'Forbidden: admin role required', status: 403 }, 403);
+            }
+        }
+        const id = c.req.param('id');
+        const existing = db
+            .select()
+            .from(apiKeys)
+            .where(and(eq(apiKeys.id, id), eq(apiKeys.tenantId, callerTenantId)))
+            .get();
+        if (!existing) {
+            return c.json({ error: 'API key not found', status: 404 }, 404);
+        }
+        if (existing.revokedAt) {
+            return c.json({ error: 'Cannot rotate a revoked key', status: 409 }, 409);
+        }
+        const graceHours = parseInt(process.env.KEY_ROTATION_GRACE_HOURS ?? '24', 10);
+        const now = Math.floor(Date.now() / 1000);
+        const expiresAt = now + graceHours * 3600;
+        // Mark old key as rotated with grace period
+        db.update(apiKeys)
+            .set({ rotatedAt: now, expiresAt })
+            .where(eq(apiKeys.id, id))
+            .run();
+        // Create new key with same name/scopes/tenant/role
+        const newId = ulid();
+        const rawKey = `als_${randomBytes(32).toString('hex')}`;
+        const keyHash = hashApiKey(rawKey);
+        db.insert(apiKeys)
+            .values({
+            id: newId,
+            keyHash,
+            name: existing.name,
+            scopes: existing.scopes,
+            createdAt: now,
+            tenantId: existing.tenantId,
+            createdBy: existing.createdBy,
+            role: existing.role,
+            rateLimit: existing.rateLimit,
+        })
+            .run();
+        return c.json({
+            id: newId,
+            key: rawKey,
+            name: existing.name,
+            rotatedFromId: id,
+            oldKeyExpiresAt: new Date(expiresAt * 1000).toISOString(),
+        }, 201);
+    });
     // DELETE /api/keys/:id — revoke a key (tenant-scoped)
     app.delete('/:id', (c) => {
         const id = c.req.param('id');
         const now = Math.floor(Date.now() / 1000);
         const callerKey = c.get('apiKey');
-        const callerTenantId = callerKey?.tenantId ?? 'default';
+        const callerTenantId = getTenantId(c);
         // Look up key scoped to caller's tenant
         const existing = db
             .select()
@@ -103,4 +173,15 @@ export function apiKeysRoutes(db) {
     });
     return app;
 }
+/**
+ * Cleanup expired rotated API keys (SH-6).
+ * Call periodically (e.g. every hour) to remove keys past their grace period.
+ */
+export function cleanupExpiredRotatedKeys(db) {
+    const now = Math.floor(Date.now() / 1000);
+    const result = db.delete(apiKeys)
+        .where(and(isNotNull(apiKeys.expiresAt), lte(apiKeys.expiresAt, now)))
+        .run();
+    return result.changes;
+}
 //# sourceMappingURL=api-keys.js.map

package/dist/routes/api-keys.js.map

@@ -1 +1 @@
-{"version":3,"file":"api-keys.js","sourceRoot":"","sources":["../../src/routes/api-keys.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,OAAO,EAAE,OAAO,EAAE,MAAM,wBAAwB,CAAC;AACjD,OAAO,EAAE,EAAE,EAAE,GAAG,EAAE,MAAM,aAAa,CAAC;AACtC,OAAO,EAAE,UAAU,EAAsB,MAAM,uBAAuB,CAAC;AAEvE,MAAM,UAAU,aAAa,CAAC,EAAY;IACxC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAgC,CAAC;IAErD,wCAAwC;IACxC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACxB,MAAM,IAAI,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC;QAClD,MAAM,IAAI,GAAI,IAAgC,CAAC,IAA0B,CAAC;QAC1E,MAAM,MAAM,GAAI,IAAgC,CAAC,MAA8B,CAAC;QAChF,MAAM,iBAAiB,GAAI,IAAgC,CAAC,QAA8B,CAAC;QAE3F,sFAAsF;QACtF,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAClC,MAAM,cAAc,GAAG,SAAS,EAAE,QAAQ,IAAI,SAAS,CAAC;QACxD,MAAM,SAAS,GAAG,SAAS,EAAE,EAAE,KAAK,KAAK,CAAC;QAE1C,0EAA0E;QAC1E,MAAM,gBAAgB,GAAG,SAAS;YAChC,CAAC,CAAC,CAAC,iBAAiB,IAAI,SAAS,CAAC;YAClC,CAAC,CAAC,cAAc,CAAC;QAEnB,MAAM,EAAE,GAAG,IAAI,EAAE,CAAC;QAClB,MAAM,MAAM,GAAG,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACxD,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;QACnC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAE1C,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC;aACf,MAAM,CAAC;YACN,EAAE;YACF,OAAO;YACP,IAAI,EAAE,IAAI,IAAI,aAAa;YAC3B,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,CAAC;YACvC,SAAS,EAAE,GAAG;YACd,QAAQ,EAAE,gBAAgB;SAC3B,CAAC;aACD,GAAG,EAAE,CAAC;QAET,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,EAAE;YACF,GAAG,EAAE,MAAM;YACX,IAAI,EAAE,IAAI,IAAI,aAAa;YAC3B,MAAM,EAAE,MAAM,IAAI,CAAC,GAAG,CAAC;YACvB,QAAQ,EAAE,gBAAgB;YAC1B,SAAS,EAAE,IAAI,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;SAC9C,EAAE,GAAG,CAAC,CAAC;IACV,CAAC,CAAC,CAAC;IAEH,qDAAqD;IACrD,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,EAAE;QACjB,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAClC,MAAM,cAAc,GAAG,SAAS,EAAE,QAAQ,IAAI,SAAS,CAAC;QAExD,MAAM,IAAI,GAAG,EAAE;aACZ,MAAM,EAAE;aACR,IAAI,CAAC,OAAO,CAAC;aACb,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;aAC3C,GAAG,EAAE,CAAC;QAET,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YAC9B,EAAE,EAAE,GAAG,CAAC,EAAE;YACV,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,MAAM,EAAE,CAAC,GAAG,EAAE;gBACZ,IAAI,CAAC;oBAAC,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAa,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC;oBAAC,OAAO,EAAE,CAAC;gBAAC,CAAC;YACzE,CAAC,CAAC,EAAE;YACJ,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,SAAS,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;YACvD,UAAU,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI;YACjF,SAAS,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI;SAC/E,CAAC,CAAC,CAAC;QAEJ,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;IAEH,sDAAsD;IACtD,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE;QACvB,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAClC,MAAM,cAAc,GAAG,SAAS,EAAE,QAAQ,IAAI,SAAS,CAAC;QAExD,wCAAwC;QACxC,MAAM,QAAQ,GAAG,EAAE;aAChB,MAAM,EAAE;aACR,IAAI,CAAC,OAAO,CAAC;aACb,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC;aACpE,GAAG,EAAE,CAAC;QAET,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,GAAG,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,QAAQ,CAAC,SAAS,EAAE,CAAC;YACvB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,GAAG,CAAC,CAAC;QACxE,CAAC;QAED,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC;aACf,GAAG,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC;aACvB,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;aACzB,GAAG,EAAE,CAAC;QAET,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC;AACb,CAAC"}
+{"version":3,"file":"api-keys.js","sourceRoot":"","sources":["../../src/routes/api-keys.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,WAAW,EAAE,MAAM,aAAa,CAAC;AAC1C,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,OAAO,EAAE,OAAO,EAAE,MAAM,wBAAwB,CAAC;AACjD,OAAO,EAAE,EAAE,EAAE,GAAG,EAAE,SAAS,EAAE,GAAG,EAAE,MAAM,aAAa,CAAC;AACtD,OAAO,EAAE,UAAU,EAAsB,MAAM,uBAAuB,CAAC;AACvE,OAAO,EAAE,kBAAkB,EAAE,MAAM,wBAAwB,CAAC;AAC5D,OAAO,EAAE,eAAe,EAAE,MAAM,6BAA6B,CAAC;AAE9D,MAAM,UAAU,aAAa,CAAC,EAAY;IACxC,MAAM,GAAG,GAAG,IAAI,IAAI,EAAgC,CAAC;IAErD,wCAAwC;IACxC,GAAG,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACxB,MAAM,OAAO,GAAG,MAAM,CAAC,CAAC,GAAG,CAAC,IAAI,EAAE,CAAC,KAAK,CAAC,GAAG,EAAE,CAAC,IAAI,CAAC,CAAC;QACrD,IAAI,OAAO,KAAK,IAAI,EAAE,CAAC;YACrB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,GAAG,CAAC,CAAC;QAClE,CAAC;QACD,MAAM,WAAW,GAAG,kBAAkB,CAAC,SAAS,CAAC,OAAO,CAAC,CAAC;QAC1D,IAAI,CAAC,WAAW,CAAC,OAAO,EAAE,CAAC;YACzB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,MAAM,EAAE,GAAG,EAAE,OAAO,EAAE,eAAe,CAAC,WAAW,CAAC,KAAK,CAAC,EAAE,EAAE,GAAG,CAAC,CAAC;QAC/G,CAAC;QACD,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,QAAQ,EAAE,iBAAiB,EAAE,GAAG,WAAW,CAAC,IAAI,CAAC;QAEvE,sFAAsF;QACtF,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAClC,MAAM,cAAc,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;QACtC,MAAM,SAAS,GAAG,SAAS,EAAE,EAAE,KAAK,KAAK,CAAC;QAE1C,0EAA0E;QAC1E,MAAM,gBAAgB,GAAG,SAAS;YAChC,CAAC,CAAC,CAAC,iBAAiB,IAAI,SAAS,CAAC;YAClC,CAAC,CAAC,cAAc,CAAC;QAEnB,MAAM,EAAE,GAAG,IAAI,EAAE,CAAC;QAClB,MAAM,MAAM,GAAG,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACxD,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;QACnC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAE1C,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC;aACf,MAAM,CAAC;YACN,EAAE;YACF,OAAO;YACP,IAAI,EAAE,IAAI,IAAI,aAAa;YAC3B,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,IAAI,CAAC,GAAG,CAAC,CAAC;YACvC,SAAS,EAAE,GAAG;YACd,QAAQ,EAAE,gBAAgB;SAC3B,CAAC;aACD,GAAG,EAAE,CAAC;QAET,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,EAAE;YACF,GAAG,EAAE,MAAM;YACX,IAAI,EAAE,IAAI,IAAI,aAAa;YAC3B,MAAM,EAAE,MAAM,IAAI,CAAC,GAAG,CAAC;YACvB,QAAQ,EAAE,gBAAgB;YAC1B,SAAS,EAAE,IAAI,IAAI,CAAC,GAAG,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;SAC9C,EAAE,GAAG,CAAC,CAAC;IACV,CAAC,CAAC,CAAC;IAEH,qDAAqD;IACrD,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,EAAE;QACjB,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAClC,MAAM,cAAc,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;QAEtC,MAAM,IAAI,GAAG,EAAE;aACZ,MAAM,EAAE;aACR,IAAI,CAAC,OAAO,CAAC;aACb,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;aAC3C,GAAG,EAAE,CAAC;QAET,MAAM,IAAI,GAAG,IAAI,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YAC9B,EAAE,EAAE,GAAG,CAAC,EAAE;YACV,IAAI,EAAE,GAAG,CAAC,IAAI;YACd,MAAM,EAAE,CAAC,GAAG,EAAE;gBACZ,IAAI,CAAC;oBAAC,OAAO,IAAI,CAAC,KAAK,CAAC,GAAG,CAAC,MAAM,CAAa,CAAC;gBAAC,CAAC;gBAAC,MAAM,CAAC;oBAAC,OAAO,EAAE,CAAC;gBAAC,CAAC;YACzE,CAAC,CAAC,EAAE;YACJ,QAAQ,EAAE,GAAG,CAAC,QAAQ;YACtB,SAAS,EAAE,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;YACvD,UAAU,EAAE,GAAG,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI;YACjF,SAAS,EAAE,GAAG,CAAC,SAAS,CAAC,CAAC,CAAC,IAAI,IAAI,CAAC,GAAG,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC,IAAI;SAC/E,CAAC,CAAC,CAAC;QAEJ,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC,CAAC;IAC1B,CAAC,CAAC,CAAC;IAEH,8DAA8D;IAC9D,GAAG,CAAC,IAAI,CAAC,aAAa,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAClC,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAClC,MAAM,cAAc,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;QAEtC,gDAAgD;QAChD,MAAM,SAAS,GAAG,SAAS,EAAE,EAAE,KAAK,KAAK,CAAC;QAC1C,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,yCAAyC;YACzC,MAAM,SAAS,GAAG,EAAE;iBACjB,MAAM,EAAE;iBACR,IAAI,CAAC,OAAO,CAAC;iBACb,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,SAAS,CAAC,EAAE,CAAC,CAAC;iBACnC,GAAG,EAAE,CAAC;YACT,IAAI,CAAC,SAAS,IAAI,CAAC,SAAS,CAAC,IAAI,KAAK,OAAO,IAAI,SAAS,CAAC,IAAI,KAAK,OAAO,CAAC,EAAE,CAAC;gBAC7E,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,gCAAgC,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,GAAG,CAAC,CAAC;YAC/E,CAAC;QACH,CAAC;QAED,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC7B,MAAM,QAAQ,GAAG,EAAE;aAChB,MAAM,EAAE;aACR,IAAI,CAAC,OAAO,CAAC;aACb,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC;aACpE,GAAG,EAAE,CAAC;QAET,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,GAAG,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,QAAQ,CAAC,SAAS,EAAE,CAAC;YACvB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,6BAA6B,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,GAAG,CAAC,CAAC;QAC5E,CAAC;QAED,MAAM,UAAU,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,wBAAwB,IAAI,IAAI,EAAE,EAAE,CAAC,CAAC;QAC9E,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,SAAS,GAAG,GAAG,GAAG,UAAU,GAAG,IAAI,CAAC;QAE1C,4CAA4C;QAC5C,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC;aACf,GAAG,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,SAAS,EAAE,CAAC;aAClC,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;aACzB,GAAG,EAAE,CAAC;QAET,mDAAmD;QACnD,MAAM,KAAK,GAAG,IAAI,EAAE,CAAC;QACrB,MAAM,MAAM,GAAG,OAAO,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,EAAE,CAAC;QACxD,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,CAAC,CAAC;QAEnC,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC;aACf,MAAM,CAAC;YACN,EAAE,EAAE,KAAK;YACT,OAAO;YACP,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,MAAM,EAAE,QAAQ,CAAC,MAAM;YACvB,SAAS,EAAE,GAAG;YACd,QAAQ,EAAE,QAAQ,CAAC,QAAQ;YAC3B,SAAS,EAAE,QAAQ,CAAC,SAAS;YAC7B,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,SAAS,EAAE,QAAQ,CAAC,SAAS;SAC9B,CAAC;aACD,GAAG,EAAE,CAAC;QAET,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,EAAE,EAAE,KAAK;YACT,GAAG,EAAE,MAAM;YACX,IAAI,EAAE,QAAQ,CAAC,IAAI;YACnB,aAAa,EAAE,EAAE;YACjB,eAAe,EAAE,IAAI,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC,WAAW,EAAE;SAC1D,EAAE,GAAG,CAAC,CAAC;IACV,CAAC,CAAC,CAAC;IAEH,sDAAsD;IACtD,GAAG,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC,CAAC,EAAE,EAAE;QACvB,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAC7B,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;QAC1C,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAClC,MAAM,cAAc,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;QAEtC,wCAAwC;QACxC,MAAM,QAAQ,GAAG,EAAE;aAChB,MAAM,EAAE;aACR,IAAI,CAAC,OAAO,CAAC;aACb,KAAK,CAAC,GAAG,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,CAAC,EAAE,EAAE,CAAC,OAAO,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC,CAAC;aACpE,GAAG,EAAE,CAAC;QAET,IAAI,CAAC,QAAQ,EAAE,CAAC;YACd,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,mBAAmB,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,GAAG,CAAC,CAAC;QAClE,CAAC;QAED,IAAI,QAAQ,CAAC,SAAS,EAAE,CAAC;YACvB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,GAAG,CAAC,CAAC;QACxE,CAAC;QAED,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC;aACf,GAAG,CAAC,EAAE,SAAS,EAAE,GAAG,EAAE,CAAC;aACvB,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC;aACzB,GAAG,EAAE,CAAC;QAET,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,EAAE,EAAE,OAAO,EAAE,IAAI,EAAE,CAAC,CAAC;IACvC,CAAC,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC;AACb,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,yBAAyB,CAAC,EAAY;IACpD,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC;IAC1C,MAAM,MAAM,GAAG,EAAE,CAAC,MAAM,CAAC,OAAO,CAAC;SAC9B,KAAK,CAAC,GAAG,CAAC,SAAS,CAAC,OAAO,CAAC,SAAS,CAAC,EAAE,GAAG,CAAC,OAAO,CAAC,SAAS,EAAE,GAAG,CAAC,CAAC,CAAC;SACrE,GAAG,EAAE,CAAC;IACT,OAAO,MAAM,CAAC,OAAO,CAAC;AACxB,CAAC"}

package/dist/routes/api-version.d.ts

@@ -0,0 +1,9 @@
+/**
+ * API Version Endpoint (Feature 9 — API Contract Governance)
+ *
+ * GET /api/version — returns current API version and supported versions.
+ * No auth required.
+ */
+import { Hono } from 'hono';
+export declare function apiVersionRoutes(): Hono<import("hono/types").BlankEnv, import("hono/types").BlankSchema, "/">;
+//# sourceMappingURL=api-version.d.ts.map

package/dist/routes/api-version.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-version.d.ts","sourceRoot":"","sources":["../../src/routes/api-version.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAG5B,wBAAgB,gBAAgB,+EAW/B"}

package/dist/routes/api-version.js

@@ -0,0 +1,19 @@
+/**
+ * API Version Endpoint (Feature 9 — API Contract Governance)
+ *
+ * GET /api/version — returns current API version and supported versions.
+ * No auth required.
+ */
+import { Hono } from 'hono';
+import { CURRENT_API_VERSION, SUPPORTED_API_VERSIONS } from '../lib/api-version.js';
+export function apiVersionRoutes() {
+    const app = new Hono();
+    app.get('/', (c) => {
+        return c.json({
+            current: CURRENT_API_VERSION,
+            supported: [...SUPPORTED_API_VERSIONS],
+        });
+    });
+    return app;
+}
+//# sourceMappingURL=api-version.js.map

package/dist/routes/api-version.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"api-version.js","sourceRoot":"","sources":["../../src/routes/api-version.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,mBAAmB,EAAE,sBAAsB,EAAE,MAAM,uBAAuB,CAAC;AAEpF,MAAM,UAAU,gBAAgB;IAC9B,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IAEvB,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,CAAC,CAAC,EAAE,EAAE;QACjB,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,mBAAmB;YAC5B,SAAS,EAAE,CAAC,GAAG,sBAAsB,CAAC;SACvC,CAAC,CAAC;IACL,CAAC,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/routes/audit-verify.d.ts

@@ -0,0 +1,13 @@
+/**
+ * Audit Trail Verification & Export Endpoints (Feature 3, Feature-4)
+ *
+ * GET /api/audit/verify          — verifies hash chain integrity across sessions.
+ * GET /api/audit/verify/export   — export audit trail as signed JSON for compliance.
+ */
+import { Hono } from 'hono';
+import type { SqliteDb } from '../db/index.js';
+import type { AuthVariables } from '../middleware/auth.js';
+export declare function auditVerifyRoutes(db: SqliteDb, signingKey?: string): Hono<{
+    Variables: AuthVariables;
+}, import("hono/types").BlankSchema, "/">;
+//# sourceMappingURL=audit-verify.d.ts.map

package/dist/routes/audit-verify.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-verify.d.ts","sourceRoot":"","sources":["../../src/routes/audit-verify.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAG5B,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAK/C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAsB3D,wBAAgB,iBAAiB,CAAC,EAAE,EAAE,QAAQ,EAAE,UAAU,CAAC,EAAE,MAAM;eAC/B,aAAa;0CAyHhD"}

package/dist/routes/audit-verify.js

@@ -0,0 +1,137 @@
+/**
+ * Audit Trail Verification & Export Endpoints (Feature 3, Feature-4)
+ *
+ * GET /api/audit/verify          — verifies hash chain integrity across sessions.
+ * GET /api/audit/verify/export   — export audit trail as signed JSON for compliance.
+ */
+import { createHmac } from 'node:crypto';
+import { Hono } from 'hono';
+import { getTenantId } from './tenant-helper.js';
+import { eq } from 'drizzle-orm';
+import { apiKeys } from '../db/schema.sqlite.js';
+import { EventRepository } from '../db/repositories/event-repository.js';
+import { runVerification } from '../lib/audit-verify.js';
+import { collectAllEvents } from '../lib/compliance-export.js';
+/** Resolve role for the current API key */
+function resolveRole(db, keyInfo) {
+    if (!keyInfo)
+        return 'viewer';
+    if (keyInfo.id === 'dev')
+        return 'admin';
+    const row = db.select({ role: apiKeys.role }).from(apiKeys).where(eq(apiKeys.id, keyInfo.id)).get();
+    return row?.role ?? 'viewer';
+}
+/** Validate and parse from/to date params */
+function parseDateRange(from, to) {
+    if (from && isNaN(Date.parse(from)))
+        return { error: `Invalid ISO 8601 date: ${from}` };
+    if (to && isNaN(Date.parse(to)))
+        return { error: `Invalid ISO 8601 date: ${to}` };
+    if (from && to) {
+        const diffMs = new Date(to).getTime() - new Date(from).getTime();
+        const oneYearMs = 365.25 * 24 * 60 * 60 * 1000;
+        if (diffMs > oneYearMs)
+            return { error: 'Range must not exceed 1 year' };
+    }
+    return { from, to };
+}
+export function auditVerifyRoutes(db, signingKey) {
+    const app = new Hono();
+    const repo = new EventRepository(db);
+    // GET / — verify hash chain integrity
+    app.get('/', async (c) => {
+        const keyInfo = c.get('apiKey');
+        const tenantId = getTenantId(c);
+        const role = resolveRole(db, keyInfo);
+        if (role !== 'admin' && role !== 'auditor') {
+            return c.json({ error: 'Forbidden: admin or auditor role required', status: 403 }, 403);
+        }
+        const sessionId = c.req.query('sessionId');
+        const from = c.req.query('from');
+        const to = c.req.query('to');
+        if (!sessionId && (!from || !to)) {
+            return c.json({ error: 'Provide from/to or sessionId' }, 400);
+        }
+        const dateRange = parseDateRange(from, to);
+        if (dateRange.error)
+            return c.json({ error: dateRange.error }, 400);
+        const TIMEOUT_MS = 30_000;
+        const verificationPromise = runVerification(repo, {
+            tenantId,
+            from: from || undefined,
+            to: to || undefined,
+            sessionId: sessionId || undefined,
+            signingKey,
+        });
+        const timeoutPromise = new Promise((resolve) => setTimeout(() => resolve(null), TIMEOUT_MS));
+        const result = await Promise.race([verificationPromise, timeoutPromise]);
+        if (result === null) {
+            return c.json({
+                error: 'Verification timed out',
+                message: 'Verification did not complete within 30 seconds. Try a smaller date range or a specific sessionId.',
+                status: 504,
+            }, 504);
+        }
+        return c.json(result, 200);
+    });
+    // GET /export — export audit trail as signed JSON (Feature-4)
+    app.get('/export', async (c) => {
+        const keyInfo = c.get('apiKey');
+        const tenantId = getTenantId(c);
+        const role = resolveRole(db, keyInfo);
+        if (role !== 'admin' && role !== 'auditor') {
+            return c.json({ error: 'Forbidden: admin or auditor role required', status: 403 }, 403);
+        }
+        const from = c.req.query('from');
+        const to = c.req.query('to');
+        if (!from || !to) {
+            return c.json({ error: 'Both "from" and "to" query parameters are required (ISO 8601)', status: 400 }, 400);
+        }
+        const dateRange = parseDateRange(from, to);
+        if (dateRange.error)
+            return c.json({ error: dateRange.error, status: 400 }, 400);
+        // Collect events and verify chain
+        const events = collectAllEvents(repo, tenantId, from, to);
+        const verification = await runVerification(repo, {
+            tenantId,
+            from,
+            to,
+            signingKey,
+        });
+        const exportBody = {
+            exportedAt: new Date().toISOString(),
+            tenantId,
+            range: { from, to },
+            totalEvents: events.length,
+            chainVerification: {
+                verified: verification.verified,
+                sessionsVerified: verification.sessionsVerified,
+                firstHash: verification.firstHash,
+                lastHash: verification.lastHash,
+                brokenChains: verification.brokenChains,
+            },
+            events: events.map((e) => ({
+                id: e.id,
+                timestamp: e.timestamp,
+                sessionId: e.sessionId,
+                agentId: e.agentId,
+                eventType: e.eventType,
+                severity: e.severity,
+                prevHash: e.prevHash,
+                hash: e.hash,
+            })),
+        };
+        // Sign the export if signing key is available
+        let signature = null;
+        if (signingKey) {
+            const canonical = JSON.stringify(exportBody);
+            signature = 'hmac-sha256:' + createHmac('sha256', signingKey).update(canonical).digest('hex');
+        }
+        return c.json({
+            ...exportBody,
+            signature,
+        }, 200);
+    });
+    return app;
+}
+//# sourceMappingURL=audit-verify.js.map

package/dist/routes/audit-verify.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"audit-verify.js","sourceRoot":"","sources":["../../src/routes/audit-verify.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,UAAU,EAAE,MAAM,aAAa,CAAC;AACzC,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,WAAW,EAAE,MAAM,oBAAoB,CAAC;AACjD,OAAO,EAAE,EAAE,EAAE,MAAM,aAAa,CAAC;AAEjC,OAAO,EAAE,OAAO,EAAE,MAAM,wBAAwB,CAAC;AACjD,OAAO,EAAE,eAAe,EAAE,MAAM,wCAAwC,CAAC;AACzE,OAAO,EAAE,eAAe,EAAE,MAAM,wBAAwB,CAAC;AACzD,OAAO,EAAE,gBAAgB,EAAE,MAAM,6BAA6B,CAAC;AAG/D,2CAA2C;AAC3C,SAAS,WAAW,CAAC,EAAY,EAAE,OAAmC;IACpE,IAAI,CAAC,OAAO;QAAE,OAAO,QAAQ,CAAC;IAC9B,IAAI,OAAO,CAAC,EAAE,KAAK,KAAK;QAAE,OAAO,OAAO,CAAC;IACzC,MAAM,GAAG,GAAG,EAAE,CAAC,MAAM,CAAC,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,KAAK,CAAC,EAAE,CAAC,OAAO,CAAC,EAAE,EAAE,OAAO,CAAC,EAAE,CAAC,CAAC,CAAC,GAAG,EAAE,CAAC;IACpG,OAAO,GAAG,EAAE,IAAI,IAAI,QAAQ,CAAC;AAC/B,CAAC;AAED,6CAA6C;AAC7C,SAAS,cAAc,CAAC,IAAwB,EAAE,EAAsB;IACtE,IAAI,IAAI,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,0BAA0B,IAAI,EAAE,EAAE,CAAC;IACxF,IAAI,EAAE,IAAI,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,0BAA0B,EAAE,EAAE,EAAE,CAAC;IAClF,IAAI,IAAI,IAAI,EAAE,EAAE,CAAC;QACf,MAAM,MAAM,GAAG,IAAI,IAAI,CAAC,EAAE,CAAC,CAAC,OAAO,EAAE,GAAG,IAAI,IAAI,CAAC,IAAI,CAAC,CAAC,OAAO,EAAE,CAAC;QACjE,MAAM,SAAS,GAAG,MAAM,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;QAC/C,IAAI,MAAM,GAAG,SAAS;YAAE,OAAO,EAAE,KAAK,EAAE,8BAA8B,EAAE,CAAC;IAC3E,CAAC;IACD,OAAO,EAAE,IAAI,EAAE,EAAE,EAAE,CAAC;AACtB,CAAC;AAED,MAAM,UAAU,iBAAiB,CAAC,EAAY,EAAE,UAAmB;IACjE,MAAM,GAAG,GAAG,IAAI,IAAI,EAAgC,CAAC;IACrD,MAAM,IAAI,GAAG,IAAI,eAAe,CAAC,EAAE,CAAC,CAAC;IAErC,sCAAsC;IACtC,GAAG,CAAC,GAAG,CAAC,GAAG,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QACvB,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAChC,MAAM,QAAQ,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;QAChC,MAAM,IAAI,GAAG,WAAW,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAEtC,IAAI,IAAI,KAAK,OAAO,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YAC3C,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,2CAA2C,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,GAAG,CAAC,CAAC;QAC1F,CAAC;QAED,MAAM,SAAS,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC;QAC3C,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAE7B,IAAI,CAAC,SAAS,IAAI,CAAC,CAAC,IAAI,IAAI,CAAC,EAAE,CAAC,EAAE,CAAC;YACjC,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,8BAA8B,EAAE,EAAE,GAAG,CAAC,CAAC;QAChE,CAAC;QAED,MAAM,SAAS,GAAG,cAAc,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC3C,IAAI,SAAS,CAAC,KAAK;YAAE,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,SAAS,CAAC,KAAK,EAAE,EAAE,GAAG,CAAC,CAAC;QAEpE,MAAM,UAAU,GAAG,MAAM,CAAC;QAE1B,MAAM,mBAAmB,GAAG,eAAe,CAAC,IAAI,EAAE;YAChD,QAAQ;YACR,IAAI,EAAE,IAAI,IAAI,SAAS;YACvB,EAAE,EAAE,EAAE,IAAI,SAAS;YACnB,SAAS,EAAE,SAAS,IAAI,SAAS;YACjC,UAAU;SACX,CAAC,CAAC;QAEH,MAAM,cAAc,GAAG,IAAI,OAAO,CAAO,CAAC,OAAO,EAAE,EAAE,CACnD,UAAU,CAAC,GAAG,EAAE,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,UAAU,CAAC,CAC5C,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC,mBAAmB,EAAE,cAAc,CAAC,CAAC,CAAC;QAEzE,IAAI,MAAM,KAAK,IAAI,EAAE,CAAC;YACpB,OAAO,CAAC,CAAC,IAAI,CACX;gBACE,KAAK,EAAE,wBAAwB;gBAC/B,OAAO,EAAE,oGAAoG;gBAC7G,MAAM,EAAE,GAAG;aACZ,EACD,GAAG,CACJ,CAAC;QACJ,CAAC;QAED,OAAO,CAAC,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC7B,CAAC,CAAC,CAAC;IAEH,8DAA8D;IAC9D,GAAG,CAAC,GAAG,CAAC,SAAS,EAAE,KAAK,EAAE,CAAC,EAAE,EAAE;QAC7B,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,QAAQ,CAAC,CAAC;QAChC,MAAM,QAAQ,GAAG,WAAW,CAAC,CAAC,CAAC,CAAC;QAChC,MAAM,IAAI,GAAG,WAAW,CAAC,EAAE,EAAE,OAAO,CAAC,CAAC;QAEtC,IAAI,IAAI,KAAK,OAAO,IAAI,IAAI,KAAK,SAAS,EAAE,CAAC;YAC3C,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,2CAA2C,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,GAAG,CAAC,CAAC;QAC1F,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QACjC,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QAE7B,IAAI,CAAC,IAAI,IAAI,CAAC,EAAE,EAAE,CAAC;YACjB,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,+DAA+D,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,GAAG,CAAC,CAAC;QAC9G,CAAC;QAED,MAAM,SAAS,GAAG,cAAc,CAAC,IAAI,EAAE,EAAE,CAAC,CAAC;QAC3C,IAAI,SAAS,CAAC,KAAK;YAAE,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,SAAS,CAAC,KAAK,EAAE,MAAM,EAAE,GAAG,EAAE,EAAE,GAAG,CAAC,CAAC;QAEjF,kCAAkC;QAClC,MAAM,MAAM,GAAG,gBAAgB,CAAC,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,EAAE,CAAC,CAAC;QAC1D,MAAM,YAAY,GAAG,MAAM,eAAe,CAAC,IAAI,EAAE;YAC/C,QAAQ;YACR,IAAI;YACJ,EAAE;YACF,UAAU;SACX,CAAC,CAAC;QAEH,MAAM,UAAU,GAAG;YACjB,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,QAAQ;YACR,KAAK,EAAE,EAAE,IAAI,EAAE,EAAE,EAAE;YACnB,WAAW,EAAE,MAAM,CAAC,MAAM;YAC1B,iBAAiB,EAAE;gBACjB,QAAQ,EAAE,YAAY,CAAC,QAAQ;gBAC/B,gBAAgB,EAAE,YAAY,CAAC,gBAAgB;gBAC/C,SAAS,EAAE,YAAY,CAAC,SAAS;gBACjC,QAAQ,EAAE,YAAY,CAAC,QAAQ;gBAC/B,YAAY,EAAE,YAAY,CAAC,YAAY;aACxC;YACD,MAAM,EAAE,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;gBACzB,EAAE,EAAE,CAAC,CAAC,EAAE;gBACR,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,OAAO,EAAE,CAAC,CAAC,OAAO;gBAClB,SAAS,EAAE,CAAC,CAAC,SAAS;gBACtB,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,QAAQ,EAAE,CAAC,CAAC,QAAQ;gBACpB,IAAI,EAAE,CAAC,CAAC,IAAI;aACb,CAAC,CAAC;SACJ,CAAC;QAEF,8CAA8C;QAC9C,IAAI,SAAS,GAAkB,IAAI,CAAC;QACpC,IAAI,UAAU,EAAE,CAAC;YACf,MAAM,SAAS,GAAG,IAAI,CAAC,SAAS,CAAC,UAAU,CAAC,CAAC;YAC7C,SAAS,GAAG,cAAc,GAAG,UAAU,CAAC,QAAQ,EAAE,UAAU,CAAC,CAAC,MAAM,CAAC,SAAS,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;QAChG,CAAC;QAED,OAAO,CAAC,CAAC,IAAI,CAAC;YACZ,GAAG,UAAU;YACb,SAAS;SACV,EAAE,GAAG,CAAC,CAAC;IACV,CAAC,CAAC,CAAC;IAEH,OAAO,GAAG,CAAC;AACb,CAAC"}

package/dist/routes/audit.d.ts

@@ -1,14 +1,12 @@
 /**
- * Sharing Audit & Export Routes (Story 7.4)
+ * Audit Log API Endpoint (SH-2)
  *
- * GET  /api/community/audit          — query audit log with filters
- * GET  /api/community/audit/export   — JSON export of sharing audit events
- * GET  /api/community/alerts         — get volume alert config
- * PUT  /api/community/alerts         — update volume alert config
+ * GET /api/audit — paginated, filterable by action, from, to.
+ * Requires admin role.
  */
 import { Hono } from 'hono';
-import type { AuthVariables } from '../middleware/auth.js';
 import type { SqliteDb } from '../db/index.js';
+import type { AuthVariables } from '../middleware/auth.js';
 export declare function auditRoutes(db: SqliteDb): Hono<{
     Variables: AuthVariables;
 }, import("hono/types").BlankSchema, "/">;

package/dist/routes/audit.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/routes/audit.ts"],"names":[],"mappings":"AAAA;;;;;;;GAOG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAE5B,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAC3D,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAI/C,wBAAgB,WAAW,CAAC,EAAE,EAAE,QAAQ;eACJ,aAAa;0CA4LhD"}
+{"version":3,"file":"audit.d.ts","sourceRoot":"","sources":["../../src/routes/audit.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAG5B,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,gBAAgB,CAAC;AAG/C,OAAO,KAAK,EAAE,aAAa,EAAE,MAAM,uBAAuB,CAAC;AAE3D,wBAAgB,WAAW,CAAC,EAAE,EAAE,QAAQ;eACJ,aAAa;0CAkEhD"}

package/dist/routes/audit.js

@@ -1,175 +1,72 @@
 /**
- * Sharing Audit & Export Routes (Story 7.4)
+ * Audit Log API Endpoint (SH-2)
  *
- * GET  /api/community/audit          — query audit log with filters
- * GET  /api/community/audit/export   — JSON export of sharing audit events
- * GET  /api/community/alerts         — get volume alert config
- * PUT  /api/community/alerts         — update volume alert config
+ * GET /api/audit — paginated, filterable by action, from, to.
+ * Requires admin role.
  */
 import { Hono } from 'hono';
-import { eq, and, gte, lte, desc } from 'drizzle-orm';
-import * as schema from '../db/schema.sqlite.js';
+import { getTenantId } from './tenant-helper.js';
+import { desc, eq, and, gte, lte, sql } from 'drizzle-orm';
+import { auditLog } from '../db/schema.sqlite.js';
+import { apiKeys } from '../db/schema.sqlite.js';
 export function auditRoutes(db) {
     const app = new Hono();
-    function getTenantId(c) {
-        return c.get('apiKey')?.tenantId ?? 'default';
-    }
-    // ─── GET /audit — query audit log with filters ─────
     app.get('/', async (c) => {
+        // Role check now handled by RBAC middleware (requireCategory('manage'))
+        // Keep reading tenantId from legacy apiKey context for backward compat
+        const keyInfo = c.get('apiKey');
         const tenantId = getTenantId(c);
-        const eventType = c.req.query('type') || c.req.query('eventType');
-        const agentId = c.req.query('agentId');
-        const dateFrom = c.req.query('dateFrom') || c.req.query('from');
-        const dateTo = c.req.query('dateTo') || c.req.query('to');
-        const limitStr = c.req.query('limit');
-        const offsetStr = c.req.query('offset');
-        const limit = limitStr ? Math.min(Math.max(1, parseInt(limitStr, 10) || 50), 500) : 50;
-        const offset = offsetStr ? Math.max(0, parseInt(offsetStr, 10) || 0) : 0;
-        // Query all rows for this tenant, then filter in JS (sqlite doesn't have great dynamic WHERE)
-        let rows = db
+        // Parse query params
+        const action = c.req.query('action');
+        const from = c.req.query('from');
+        const to = c.req.query('to');
+        const page = Math.max(1, parseInt(c.req.query('page') ?? '1', 10));
+        const limit = Math.min(100, Math.max(1, parseInt(c.req.query('limit') ?? '50', 10)));
+        const offset = (page - 1) * limit;
+        // Build conditions
+        const conditions = [eq(auditLog.tenantId, tenantId)];
+        if (action)
+            conditions.push(eq(auditLog.action, action));
+        if (from)
+            conditions.push(gte(auditLog.timestamp, from));
+        if (to)
+            conditions.push(lte(auditLog.timestamp, to));
+        const where = and(...conditions);
+        // Count total
+        const countResult = db
+            .select({ count: sql `count(*)` })
+            .from(auditLog)
+            .where(where)
+            .get();
+        const total = countResult?.count ?? 0;
+        // Fetch page
+        const rows = db
             .select()
-            .from(schema.sharingAuditLog)
-            .where(eq(schema.sharingAuditLog.tenantId, tenantId))
+            .from(auditLog)
+            .where(where)
+            .orderBy(desc(auditLog.timestamp))
+            .limit(limit)
+            .offset(offset)
             .all();
-        // Apply filters
-        if (eventType) {
-            rows = rows.filter((r) => r.eventType === eventType);
-        }
-        if (agentId) {
-            // agentId filtering: match initiatedBy field
-            rows = rows.filter((r) => r.initiatedBy === agentId);
-        }
-        if (dateFrom) {
-            rows = rows.filter((r) => r.timestamp >= dateFrom);
-        }
-        if (dateTo) {
-            rows = rows.filter((r) => r.timestamp <= dateTo);
-        }
-        // Sort by timestamp descending
-        rows.sort((a, b) => b.timestamp.localeCompare(a.timestamp));
-        const total = rows.length;
-        const paged = rows.slice(offset, offset + limit);
-        const events = paged.map((r) => ({
+        const items = rows.map((r) => ({
             id: r.id,
-            tenantId: r.tenantId,
-            eventType: r.eventType,
-            lessonId: r.lessonId ?? undefined,
-            anonymousLessonId: r.anonymousLessonId ?? undefined,
-            lessonHash: r.lessonHash ?? undefined,
-            redactionFindings: r.redactionFindings ? JSON.parse(r.redactionFindings) : undefined,
-            queryText: r.queryText ?? undefined,
-            resultIds: r.resultIds ? JSON.parse(r.resultIds) : undefined,
-            poolEndpoint: r.poolEndpoint ?? undefined,
-            initiatedBy: r.initiatedBy ?? 'system',
             timestamp: r.timestamp,
-        }));
-        return c.json({ events, total, hasMore: offset + paged.length < total });
-    });
-    // ─── GET /audit/export — JSON export ───────────────
-    app.get('/export', async (c) => {
-        const tenantId = getTenantId(c);
-        const type = c.req.query('type'); // optional filter by event type
-        let rows = db
-            .select()
-            .from(schema.sharingAuditLog)
-            .where(eq(schema.sharingAuditLog.tenantId, tenantId))
-            .all();
-        if (type) {
-            rows = rows.filter((r) => r.eventType === type);
-        }
-        rows.sort((a, b) => b.timestamp.localeCompare(a.timestamp));
-        const events = rows.map((r) => ({
-            id: r.id,
             tenantId: r.tenantId,
-            eventType: r.eventType,
-            lessonId: r.lessonId,
-            anonymousLessonId: r.anonymousLessonId,
-            lessonHash: r.lessonHash,
-            redactionFindings: r.redactionFindings ? JSON.parse(r.redactionFindings) : null,
-            queryText: r.queryText,
-            resultIds: r.resultIds ? JSON.parse(r.resultIds) : null,
-            poolEndpoint: r.poolEndpoint,
-            initiatedBy: r.initiatedBy,
-            timestamp: r.timestamp,
+            actorType: r.actorType,
+            actorId: r.actorId,
+            action: r.action,
+            resourceType: r.resourceType,
+            resourceId: r.resourceId,
+            details: JSON.parse(r.details),
+            ipAddress: r.ipAddress,
+            userAgent: r.userAgent,
         }));
-        c.header('Content-Type', 'application/json');
-        c.header('Content-Disposition', `attachment; filename="audit-export-${tenantId}-${new Date().toISOString().slice(0, 10)}.json"`);
-        return c.json({ exportedAt: new Date().toISOString(), tenantId, count: events.length, events });
-    });
-    // ─── GET /alerts — get volume alert config ─────────
-    app.get('/alerts', async (c) => {
-        const tenantId = getTenantId(c);
-        const config = db
-            .select()
-            .from(schema.sharingConfig)
-            .where(eq(schema.sharingConfig.tenantId, tenantId))
-            .get();
-        return c.json({
-            threshold: config?.volumeAlertThreshold ?? 100,
-            rateLimitPerHour: config?.rateLimitPerHour ?? 50,
-            enabled: config?.enabled ?? false,
-        });
-    });
-    // ─── PUT /alerts — update volume alert config ──────
-    app.put('/alerts', async (c) => {
-        const tenantId = getTenantId(c);
-        let body;
-        try {
-            body = await c.req.json();
-        }
-        catch {
-            return c.json({ error: 'Invalid JSON body' }, 400);
-        }
-        const updates = {};
-        if (body.threshold !== undefined) {
-            const val = Number(body.threshold);
-            if (isNaN(val) || val < 1)
-                return c.json({ error: 'threshold must be >= 1' }, 400);
-            updates.volumeAlertThreshold = val;
-        }
-        if (body.rateLimitPerHour !== undefined) {
-            const val = Number(body.rateLimitPerHour);
-            if (isNaN(val) || val < 1)
-                return c.json({ error: 'rateLimitPerHour must be >= 1' }, 400);
-            updates.rateLimitPerHour = val;
-        }
-        if (Object.keys(updates).length === 0) {
-            return c.json({ error: 'No valid fields to update' }, 400);
-        }
-        const existing = db
-            .select()
-            .from(schema.sharingConfig)
-            .where(eq(schema.sharingConfig.tenantId, tenantId))
-            .get();
-        const now = new Date().toISOString();
-        if (existing) {
-            db.update(schema.sharingConfig)
-                .set({ ...updates, updatedAt: now })
-                .where(eq(schema.sharingConfig.tenantId, tenantId))
-                .run();
-        }
-        else {
-            db.insert(schema.sharingConfig).values({
-                tenantId,
-                enabled: false,
-                humanReviewEnabled: false,
-                poolEndpoint: null,
-                anonymousContributorId: null,
-                purgeToken: null,
-                rateLimitPerHour: updates.rateLimitPerHour ?? 50,
-                volumeAlertThreshold: updates.volumeAlertThreshold ?? 100,
-                updatedAt: now,
-            }).run();
-        }
-        const config = db
-            .select()
-            .from(schema.sharingConfig)
-            .where(eq(schema.sharingConfig.tenantId, tenantId))
-            .get();
         return c.json({
-            threshold: config?.volumeAlertThreshold ?? 100,
-            rateLimitPerHour: config?.rateLimitPerHour ?? 50,
-            enabled: config?.enabled ?? false,
+            items,
+            total,
+            page,
+            limit,
+            totalPages: Math.ceil(total / limit),
         });
     });
     return app;