@atproto/bsky 0.0.198 → 0.0.199

package/dist/stash.d.ts

@@ -5,6 +5,7 @@ export declare const Namespaces: {
     AppBskyNotificationDefsPreferences: string;
     AppBskyNotificationDefsSubjectActivitySubscription: string;
     AppBskyUnspeccedDefsAgeAssuranceEvent: string;
+    AppBskyAgeassuranceDefsEvent: string;
 };
 export type Namespace = (typeof Namespaces)[keyof typeof Namespaces];
 export declare const createStashClient: (bsyncClient: BsyncClient) => StashClient;

package/dist/stash.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"stash.d.ts","sourceRoot":"","sources":["../src/stash.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,QAAQ,EAAgB,MAAM,kBAAkB,CAAA;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAA;AAYrC,eAAO,MAAM,UAAU;;;;;CAStB,CAAA;AAED,MAAM,MAAM,SAAS,GAAG,CAAC,OAAO,UAAU,CAAC,CAAC,MAAM,OAAO,UAAU,CAAC,CAAA;AAEpE,eAAO,MAAM,iBAAiB,GAAI,aAAa,WAAW,KAAG,WAE5D,CAAA;AAID,qBAAa,WAAW;IACV,OAAO,CAAC,QAAQ,CAAC,WAAW;gBAAX,WAAW,EAAE,WAAW;IAErD,MAAM,CAAC,KAAK,EAAE,WAAW;IAKzB,MAAM,CAAC,KAAK,EAAE,WAAW;IAKzB,MAAM,CAAC,KAAK,EAAE,WAAW;IAIzB,OAAO,CAAC,eAAe;YAOT,YAAY;CAiB3B;AASD,KAAK,WAAW,GAAG;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,SAAS,CAAA;IACpB,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,EAAE,QAAQ,CAAA;CAClB,CAAA;AAED,KAAK,WAAW,GAAG,WAAW,CAAA;AAE9B,KAAK,WAAW,GAAG;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,SAAS,CAAA;IACpB,GAAG,EAAE,MAAM,CAAA;CACZ,CAAA"}
+{"version":3,"file":"stash.d.ts","sourceRoot":"","sources":["../src/stash.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,QAAQ,EAAgB,MAAM,kBAAkB,CAAA;AACzD,OAAO,EAAE,WAAW,EAAE,MAAM,SAAS,CAAA;AAarC,eAAO,MAAM,UAAU;;;;;;CAWtB,CAAA;AAED,MAAM,MAAM,SAAS,GAAG,CAAC,OAAO,UAAU,CAAC,CAAC,MAAM,OAAO,UAAU,CAAC,CAAA;AAEpE,eAAO,MAAM,iBAAiB,GAAI,aAAa,WAAW,KAAG,WAE5D,CAAA;AAID,qBAAa,WAAW;IACV,OAAO,CAAC,QAAQ,CAAC,WAAW;gBAAX,WAAW,EAAE,WAAW;IAErD,MAAM,CAAC,KAAK,EAAE,WAAW;IAKzB,MAAM,CAAC,KAAK,EAAE,WAAW;IAKzB,MAAM,CAAC,KAAK,EAAE,WAAW;IAIzB,OAAO,CAAC,eAAe;YAOT,YAAY;CAiB3B;AASD,KAAK,WAAW,GAAG;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,SAAS,CAAA;IACpB,GAAG,EAAE,MAAM,CAAA;IACX,OAAO,EAAE,QAAQ,CAAA;CAClB,CAAA;AAED,KAAK,WAAW,GAAG,WAAW,CAAA;AAE9B,KAAK,WAAW,GAAG;IACjB,QAAQ,EAAE,MAAM,CAAA;IAChB,SAAS,EAAE,SAAS,CAAA;IACpB,GAAG,EAAE,MAAM,CAAA;CACZ,CAAA"}

package/dist/stash.js

@@ -10,6 +10,7 @@ exports.Namespaces = {
     AppBskyNotificationDefsPreferences: 'app.bsky.notification.defs#preferences',
     AppBskyNotificationDefsSubjectActivitySubscription: 'app.bsky.notification.defs#subjectActivitySubscription',
     AppBskyUnspeccedDefsAgeAssuranceEvent: 'app.bsky.unspecced.defs#ageAssuranceEvent',
+    AppBskyAgeassuranceDefsEvent: 'app.bsky.ageassurance.defs#event',
 };
 const createStashClient = (bsyncClient) => {
     return new StashClient(bsyncClient);

package/dist/stash.js.map

@@ -1 +1 @@
-{"version":3,"file":"stash.js","sourceRoot":"","sources":["../src/stash.ts"],"names":[],"mappings":";AAAA,yCAAyC;;;AAEzC,8CAAyD;AAEzD,iDAA6C;AAO7C,+CAAyC;AAI5B,QAAA,UAAU,GAAG;IACxB,2BAA2B,EACzB,iCAA8D;IAChE,kCAAkC,EAChC,wCAAwE;IAC1E,kDAAkD,EAChD,wDAAwG;IAC1G,qCAAqC,EACnC,2CAAiF;CACpF,CAAA;AAIM,MAAM,iBAAiB,GAAG,CAAC,WAAwB,EAAe,EAAE;IACzE,OAAO,IAAI,WAAW,CAAC,WAAW,CAAC,CAAA;AACrC,CAAC,CAAA;AAFY,QAAA,iBAAiB,qBAE7B;AAED,8EAA8E;AAC9E,2FAA2F;AAC3F,MAAa,WAAW;IACtB,YAA6B,WAAwB;QAAzC;;;;mBAAiB,WAAW;WAAa;IAAG,CAAC;IAEzD,MAAM,CAAC,KAAkB;QACvB,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,CAAA;QACpD,OAAO,IAAI,CAAC,YAAY,CAAC,iBAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;IAChD,CAAC;IAED,MAAM,CAAC,KAAkB;QACvB,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,CAAA;QACpD,OAAO,IAAI,CAAC,YAAY,CAAC,iBAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;IAChD,CAAC;IAED,MAAM,CAAC,KAAkB;QACvB,OAAO,IAAI,CAAC,YAAY,CAAC,iBAAM,CAAC,MAAM,EAAE,EAAE,GAAG,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,CAAA;IAC3E,CAAC;IAEO,eAAe,CAAC,SAAoB,EAAE,OAAiB;QAC7D,MAAM,MAAM,GAAG,mBAAQ,CAAC,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;QACpD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,MAAM,CAAC,KAAK,CAAA;QACpB,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,YAAY,CAAC,MAAc,EAAE,KAAwB;QACjE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,KAAK,CAAA;QACnD,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC;YAClC,QAAQ;YACR,SAAS;YACT,GAAG;YACH,MAAM;YACN,OAAO,EAAE,OAAO;gBACd,CAAC,CAAC,MAAM,CAAC,IAAI,CACT,IAAA,sBAAY,EAAC;oBACX,KAAK,EAAE,SAAS;oBAChB,GAAG,OAAO;iBACX,CAAC,CACH;gBACH,CAAC,CAAC,SAAS;SACd,CAAC,CAAA;IACJ,CAAC;CACF;AAzCD,kCAyCC","sourcesContent":["/* eslint-disable import/no-deprecated */\n\nimport { LexValue, stringifyLex } from '@atproto/lexicon'\nimport { BsyncClient } from './bsync'\nimport { lexicons } from './lexicon/lexicons'\nimport { Bookmark } from './lexicon/types/app/bsky/bookmark/defs'\nimport {\n  Preferences,\n  SubjectActivitySubscription,\n} from './lexicon/types/app/bsky/notification/defs'\nimport { AgeAssuranceEvent } from './lexicon/types/app/bsky/unspecced/defs'\nimport { Method } from './proto/bsync_pb'\n\ntype PickNSID<T extends { $type?: string }> = Exclude<T['$type'], undefined>\n\nexport const Namespaces = {\n  AppBskyBookmarkDefsBookmark:\n    'app.bsky.bookmark.defs#bookmark' satisfies PickNSID<Bookmark>,\n  AppBskyNotificationDefsPreferences:\n    'app.bsky.notification.defs#preferences' satisfies PickNSID<Preferences>,\n  AppBskyNotificationDefsSubjectActivitySubscription:\n    'app.bsky.notification.defs#subjectActivitySubscription' satisfies PickNSID<SubjectActivitySubscription>,\n  AppBskyUnspeccedDefsAgeAssuranceEvent:\n    'app.bsky.unspecced.defs#ageAssuranceEvent' satisfies PickNSID<AgeAssuranceEvent>,\n}\n\nexport type Namespace = (typeof Namespaces)[keyof typeof Namespaces]\n\nexport const createStashClient = (bsyncClient: BsyncClient): StashClient => {\n  return new StashClient(bsyncClient)\n}\n\n// An abstraction over the BsyncClient, that uses the bsync `PutOperation` RPC\n// to store private data, which can be indexed by the dataplane and queried by the appview.\nexport class StashClient {\n  constructor(private readonly bsyncClient: BsyncClient) {}\n\n  create(input: CreateInput) {\n    this.validateLexicon(input.namespace, input.payload)\n    return this.putOperation(Method.CREATE, input)\n  }\n\n  update(input: UpdateInput) {\n    this.validateLexicon(input.namespace, input.payload)\n    return this.putOperation(Method.UPDATE, input)\n  }\n\n  delete(input: DeleteInput) {\n    return this.putOperation(Method.DELETE, { ...input, payload: undefined })\n  }\n\n  private validateLexicon(namespace: Namespace, payload: LexValue) {\n    const result = lexicons.validate(namespace, payload)\n    if (!result.success) {\n      throw result.error\n    }\n  }\n\n  private async putOperation(method: Method, input: PutOperationInput) {\n    const { actorDid, namespace, key, payload } = input\n    await this.bsyncClient.putOperation({\n      actorDid,\n      namespace,\n      key,\n      method,\n      payload: payload\n        ? Buffer.from(\n            stringifyLex({\n              $type: namespace,\n              ...payload,\n            }),\n          )\n        : undefined,\n    })\n  }\n}\n\ntype PutOperationInput = {\n  actorDid: string\n  namespace: Namespace\n  key: string\n  payload: LexValue | undefined\n}\n\ntype CreateInput = {\n  actorDid: string\n  namespace: Namespace\n  key: string\n  payload: LexValue\n}\n\ntype UpdateInput = CreateInput\n\ntype DeleteInput = {\n  actorDid: string\n  namespace: Namespace\n  key: string\n}\n"]}
+{"version":3,"file":"stash.js","sourceRoot":"","sources":["../src/stash.ts"],"names":[],"mappings":";AAAA,yCAAyC;;;AAEzC,8CAAyD;AAEzD,iDAA6C;AAQ7C,+CAAyC;AAI5B,QAAA,UAAU,GAAG;IACxB,2BAA2B,EACzB,iCAA8D;IAChE,kCAAkC,EAChC,wCAAwE;IAC1E,kDAAkD,EAChD,wDAAwG;IAC1G,qCAAqC,EACnC,2CAAiF;IACnF,4BAA4B,EAC1B,kCAA0E;CAC7E,CAAA;AAIM,MAAM,iBAAiB,GAAG,CAAC,WAAwB,EAAe,EAAE;IACzE,OAAO,IAAI,WAAW,CAAC,WAAW,CAAC,CAAA;AACrC,CAAC,CAAA;AAFY,QAAA,iBAAiB,qBAE7B;AAED,8EAA8E;AAC9E,2FAA2F;AAC3F,MAAa,WAAW;IACtB,YAA6B,WAAwB;QAAzC;;;;mBAAiB,WAAW;WAAa;IAAG,CAAC;IAEzD,MAAM,CAAC,KAAkB;QACvB,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,CAAA;QACpD,OAAO,IAAI,CAAC,YAAY,CAAC,iBAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;IAChD,CAAC;IAED,MAAM,CAAC,KAAkB;QACvB,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,SAAS,EAAE,KAAK,CAAC,OAAO,CAAC,CAAA;QACpD,OAAO,IAAI,CAAC,YAAY,CAAC,iBAAM,CAAC,MAAM,EAAE,KAAK,CAAC,CAAA;IAChD,CAAC;IAED,MAAM,CAAC,KAAkB;QACvB,OAAO,IAAI,CAAC,YAAY,CAAC,iBAAM,CAAC,MAAM,EAAE,EAAE,GAAG,KAAK,EAAE,OAAO,EAAE,SAAS,EAAE,CAAC,CAAA;IAC3E,CAAC;IAEO,eAAe,CAAC,SAAoB,EAAE,OAAiB;QAC7D,MAAM,MAAM,GAAG,mBAAQ,CAAC,QAAQ,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;QACpD,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE,CAAC;YACpB,MAAM,MAAM,CAAC,KAAK,CAAA;QACpB,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,YAAY,CAAC,MAAc,EAAE,KAAwB;QACjE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,KAAK,CAAA;QACnD,MAAM,IAAI,CAAC,WAAW,CAAC,YAAY,CAAC;YAClC,QAAQ;YACR,SAAS;YACT,GAAG;YACH,MAAM;YACN,OAAO,EAAE,OAAO;gBACd,CAAC,CAAC,MAAM,CAAC,IAAI,CACT,IAAA,sBAAY,EAAC;oBACX,KAAK,EAAE,SAAS;oBAChB,GAAG,OAAO;iBACX,CAAC,CACH;gBACH,CAAC,CAAC,SAAS;SACd,CAAC,CAAA;IACJ,CAAC;CACF;AAzCD,kCAyCC","sourcesContent":["/* eslint-disable import/no-deprecated */\n\nimport { LexValue, stringifyLex } from '@atproto/lexicon'\nimport { BsyncClient } from './bsync'\nimport { lexicons } from './lexicon/lexicons'\nimport { Event as AgeAssuranceEventV2 } from './lexicon/types/app/bsky/ageassurance/defs'\nimport { Bookmark } from './lexicon/types/app/bsky/bookmark/defs'\nimport {\n  Preferences,\n  SubjectActivitySubscription,\n} from './lexicon/types/app/bsky/notification/defs'\nimport { AgeAssuranceEvent } from './lexicon/types/app/bsky/unspecced/defs'\nimport { Method } from './proto/bsync_pb'\n\ntype PickNSID<T extends { $type?: string }> = Exclude<T['$type'], undefined>\n\nexport const Namespaces = {\n  AppBskyBookmarkDefsBookmark:\n    'app.bsky.bookmark.defs#bookmark' satisfies PickNSID<Bookmark>,\n  AppBskyNotificationDefsPreferences:\n    'app.bsky.notification.defs#preferences' satisfies PickNSID<Preferences>,\n  AppBskyNotificationDefsSubjectActivitySubscription:\n    'app.bsky.notification.defs#subjectActivitySubscription' satisfies PickNSID<SubjectActivitySubscription>,\n  AppBskyUnspeccedDefsAgeAssuranceEvent:\n    'app.bsky.unspecced.defs#ageAssuranceEvent' satisfies PickNSID<AgeAssuranceEvent>,\n  AppBskyAgeassuranceDefsEvent:\n    'app.bsky.ageassurance.defs#event' satisfies PickNSID<AgeAssuranceEventV2>,\n}\n\nexport type Namespace = (typeof Namespaces)[keyof typeof Namespaces]\n\nexport const createStashClient = (bsyncClient: BsyncClient): StashClient => {\n  return new StashClient(bsyncClient)\n}\n\n// An abstraction over the BsyncClient, that uses the bsync `PutOperation` RPC\n// to store private data, which can be indexed by the dataplane and queried by the appview.\nexport class StashClient {\n  constructor(private readonly bsyncClient: BsyncClient) {}\n\n  create(input: CreateInput) {\n    this.validateLexicon(input.namespace, input.payload)\n    return this.putOperation(Method.CREATE, input)\n  }\n\n  update(input: UpdateInput) {\n    this.validateLexicon(input.namespace, input.payload)\n    return this.putOperation(Method.UPDATE, input)\n  }\n\n  delete(input: DeleteInput) {\n    return this.putOperation(Method.DELETE, { ...input, payload: undefined })\n  }\n\n  private validateLexicon(namespace: Namespace, payload: LexValue) {\n    const result = lexicons.validate(namespace, payload)\n    if (!result.success) {\n      throw result.error\n    }\n  }\n\n  private async putOperation(method: Method, input: PutOperationInput) {\n    const { actorDid, namespace, key, payload } = input\n    await this.bsyncClient.putOperation({\n      actorDid,\n      namespace,\n      key,\n      method,\n      payload: payload\n        ? Buffer.from(\n            stringifyLex({\n              $type: namespace,\n              ...payload,\n            }),\n          )\n        : undefined,\n    })\n  }\n}\n\ntype PutOperationInput = {\n  actorDid: string\n  namespace: Namespace\n  key: string\n  payload: LexValue | undefined\n}\n\ntype CreateInput = {\n  actorDid: string\n  namespace: Namespace\n  key: string\n  payload: LexValue\n}\n\ntype UpdateInput = CreateInput\n\ntype DeleteInput = {\n  actorDid: string\n  namespace: Namespace\n  key: string\n}\n"]}

package/dist/util/uris.d.ts

@@ -3,12 +3,12 @@ import { Main as StrongRef } from '../lexicon/types/com/atproto/repo/strongRef';
  * Convert a post URI to a threadgate URI. If the URI is not a valid
  * post URI, return URI unchanged. Threadgate lookups will then fail.
  */
-export declare function postUriToThreadgateUri(postUri: string): string;
+export declare function postUriToThreadgateUri(postUri: string): import("@atproto/syntax").AtUriString;
 /**
  * Convert a post URI to a postgate URI. If the URI is not a valid
  * post URI, return URI unchanged. Postgate lookups will then fail.
  */
-export declare function postUriToPostgateUri(postUri: string): string;
+export declare function postUriToPostgateUri(postUri: string): import("@atproto/syntax").AtUriString;
 export declare function uriToDid(uri: string): string;
 export declare function safePinnedPost(value: unknown): StrongRef | undefined;
 //# sourceMappingURL=uris.d.ts.map

package/dist/util/uris.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"uris.d.ts","sourceRoot":"","sources":["../../src/util/uris.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,IAAI,IAAI,SAAS,EAElB,MAAM,6CAA6C,CAAA;AAEpD;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,UAMrD;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,UAMnD;AAED,wBAAgB,QAAQ,CAAC,GAAG,EAAE,MAAM,UAEnC;AAGD,wBAAgB,cAAc,CAAC,KAAK,EAAE,OAAO,yBAS5C"}
+{"version":3,"file":"uris.d.ts","sourceRoot":"","sources":["../../src/util/uris.ts"],"names":[],"mappings":"AAEA,OAAO,EACL,IAAI,IAAI,SAAS,EAElB,MAAM,6CAA6C,CAAA;AAEpD;;;GAGG;AACH,wBAAgB,sBAAsB,CAAC,OAAO,EAAE,MAAM,yCAMrD;AAED;;;GAGG;AACH,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,yCAMnD;AAED,wBAAgB,QAAQ,CAAC,GAAG,EAAE,MAAM,UAEnC;AAGD,wBAAgB,cAAc,CAAC,KAAK,EAAE,OAAO,yBAS5C"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@atproto/bsky",
-  "version": "0.0.198",
+  "version": "0.0.199",
   "license": "MIT",
   "description": "Reference implementation of app.bsky App View (Bluesky API)",
   "keywords": [
@@ -53,22 +53,23 @@
     "zod": "3.23.8",
     "@atproto-labs/fetch-node": "0.2.0",
     "@atproto-labs/xrpc-utils": "0.0.24",
-    "@atproto/api": "^0.18.2",
-    "@atproto/common": "^0.5.0",
-    "@atproto/crypto": "^0.4.4",
-    "@atproto/did": "^0.2.2",
+    "@atproto/api": "^0.18.4",
+    "@atproto/common": "^0.5.2",
+    "@atproto/crypto": "^0.4.5",
+    "@atproto/did": "^0.2.3",
     "@atproto/identity": "^0.4.10",
     "@atproto/lexicon": "^0.5.2",
     "@atproto/repo": "^0.8.11",
     "@atproto/sync": "^0.1.38",
-    "@atproto/syntax": "^0.4.1",
-    "@atproto/xrpc-server": "^0.10.0"
+    "@atproto/syntax": "^0.4.2",
+    "@atproto/xrpc-server": "^0.10.2"
   },
   "devDependencies": {
     "@bufbuild/buf": "^1.28.1",
     "@bufbuild/protoc-gen-es": "^1.5.0",
     "@connectrpc/protoc-gen-connect-es": "^1.1.4",
     "@did-plc/server": "^0.0.1",
+    "@jest/globals": "28",
     "@types/cors": "^2.8.12",
     "@types/express": "^4.17.13",
     "@types/express-serve-static-core": "^4.17.36",
@@ -77,9 +78,9 @@
     "jest": "^28.1.2",
     "ts-node": "^10.8.2",
     "typescript": "^5.6.3",
-    "@atproto/api": "^0.18.2",
+    "@atproto/api": "^0.18.4",
     "@atproto/lex-cli": "^0.9.7",
-    "@atproto/pds": "^0.4.195",
+    "@atproto/pds": "^0.4.197",
     "@atproto/xrpc": "^0.7.6"
   },
   "scripts": {

package/proto/bsky.proto

@@ -493,6 +493,7 @@ message AgeAssuranceStatus {
   string status = 1;
   google.protobuf.Timestamp last_initiated_at = 2;
   bool override_applied = 3;
+  string access = 4;
 }
 
 message GetActorsResponse {

package/src/api/age-assurance/const.ts

@@ -0,0 +1,142 @@
+import {
+  AppBskyAgeassuranceDefs,
+  ageAssuranceRuleIDs as ids,
+} from '@atproto/api'
+
+/**
+ * Age assurance configuration defining rules for various regions.
+ *
+ * NOTE: These rules are matched in order, and the first matching rule
+ * determines the access level granted.
+ *
+ * NOTE: all regions MUST have a default rule as the last rule.
+ */
+export const AGE_ASSURANCE_CONFIG: AppBskyAgeassuranceDefs.Config = {
+  regions: [
+    {
+      countryCode: 'GB',
+      regionCode: undefined,
+      rules: [
+        {
+          $type: ids.IfAssuredOverAge,
+          age: 18,
+          access: 'full',
+        },
+        {
+          $type: ids.IfDeclaredOverAge,
+          age: 13,
+          access: 'safe',
+        },
+        {
+          $type: ids.Default,
+          access: 'none',
+        },
+      ],
+    },
+    {
+      countryCode: 'AU',
+      regionCode: undefined,
+      rules: [
+        {
+          $type: ids.IfAccountNewerThan,
+          date: '2025-12-10T00:00:00Z',
+          access: 'none',
+        },
+        {
+          $type: ids.IfAssuredOverAge,
+          age: 18,
+          access: 'full',
+        },
+        {
+          $type: ids.IfAssuredOverAge,
+          age: 16,
+          access: 'safe',
+        },
+        {
+          $type: ids.IfDeclaredOverAge,
+          age: 16,
+          access: 'safe',
+        },
+        {
+          $type: ids.Default,
+          access: 'none',
+        },
+      ],
+    },
+    {
+      countryCode: 'US',
+      regionCode: 'SD',
+      rules: [
+        {
+          $type: ids.IfAssuredOverAge,
+          age: 18,
+          access: 'full',
+        },
+        {
+          $type: ids.IfDeclaredOverAge,
+          age: 13,
+          access: 'safe',
+        },
+        {
+          $type: ids.Default,
+          access: 'none',
+        },
+      ],
+    },
+    {
+      countryCode: 'US',
+      regionCode: 'WY',
+      rules: [
+        {
+          $type: ids.IfAssuredOverAge,
+          age: 18,
+          access: 'full',
+        },
+        {
+          $type: ids.IfDeclaredOverAge,
+          age: 13,
+          access: 'safe',
+        },
+        {
+          $type: ids.Default,
+          access: 'none',
+        },
+      ],
+    },
+    {
+      countryCode: 'US',
+      regionCode: 'OH',
+      rules: [
+        {
+          $type: ids.IfAssuredOverAge,
+          age: 18,
+          access: 'full',
+        },
+        {
+          $type: ids.IfDeclaredOverAge,
+          age: 13,
+          access: 'safe',
+        },
+        {
+          $type: ids.Default,
+          access: 'none',
+        },
+      ],
+    },
+    {
+      countryCode: 'US',
+      regionCode: 'MS',
+      rules: [
+        {
+          $type: ids.IfAssuredOverAge,
+          age: 18,
+          access: 'full',
+        },
+        {
+          $type: ids.Default,
+          access: 'none',
+        },
+      ],
+    },
+  ],
+}

package/src/api/age-assurance/index.ts

@@ -0,0 +1,34 @@
+import { Router, raw } from 'express'
+import { AppContext } from '../../context'
+import { webhookAuth } from '../kws/webhook'
+import { handler as ageVerifiedRedirect } from './redirects/kws-age-verified'
+import { AppContextWithAA } from './types'
+import { handler as ageVerifiedWebhook } from './webhooks/kws-age-verified'
+
+export const createRouter = (ctx: AppContext): Router => {
+  assertAppContextWithAgeAssuranceClient(ctx)
+
+  const router = Router()
+  router.use(raw({ type: 'application/json' }))
+  router.post(
+    '/age-assurance/webhooks/kws-age-verified',
+    webhookAuth({
+      secret: ctx.cfg.kws.ageVerifiedWebhookSecret,
+    }),
+    ageVerifiedWebhook(ctx),
+  )
+  router.get(
+    '/age-assurance/redirects/kws-age-verified',
+    ageVerifiedRedirect(ctx),
+  )
+
+  return router
+}
+
+const assertAppContextWithAgeAssuranceClient: (
+  ctx: AppContext,
+) => asserts ctx is AppContextWithAA = (ctx: AppContext) => {
+  if (!ctx.kwsClient) {
+    throw new Error('Tried to set up KWS router without kwsClient configured.')
+  }
+}

package/src/api/age-assurance/kws/age-verified.ts

@@ -0,0 +1,75 @@
+import { z } from 'zod'
+
+/**
+ * Schema for KWS the `status` object on `age-verified` payloads.
+ */
+export const KWSAgeVerifiedStatusSchema = z.object({
+  verified: z.boolean(),
+  verifiedMinimumAge: z.number(),
+  transactionId: z.string().optional(),
+})
+
+/**
+ * The KWS `status` object on `age-verified` payloads.
+ */
+export type KWSAgeVerifiedStatus = z.infer<typeof KWSAgeVerifiedStatusSchema>
+
+export function serializeKWSAgeVerifiedStatus(
+  status: KWSAgeVerifiedStatus,
+): string {
+  return JSON.stringify(KWSAgeVerifiedStatusSchema.parse(status))
+}
+
+/**
+ * Parse KWS `age-verified` status object.
+ */
+export const parseKWSAgeVerifiedStatus = (
+  raw: string,
+): KWSAgeVerifiedStatus => {
+  try {
+    const value = JSON.parse(raw)
+    return KWSAgeVerifiedStatusSchema.parse(value)
+  } catch (err) {
+    throw new Error(`Invalid KWS age-verified status: ${raw}`, {
+      cause: err,
+    })
+  }
+}
+
+/**
+ * Schema for KWS `age-verified` webhooks.
+ *
+ * Note: we don't use `.strict()` here so that we avoid breaking if KWS adds
+ * fields, and some fields below are not strictly typed since we're not using
+ * them.
+ */
+export const KWSAgeVerifiedWebhookSchema = z.object({
+  name: z.string(),
+  time: z.string(), // ISO8601 timestamp, but don't validate here
+  orgId: z.string().uuid().optional(),
+  productId: z.string().uuid().optional(),
+  payload: z.object({
+    email: z.string(), // no need to validate here
+    externalPayload: z.string(),
+    status: KWSAgeVerifiedStatusSchema,
+  }),
+})
+
+/**
+ * The raw KWS `age-verified` webhook body
+ */
+export type KWSWebhookAgeVerified = z.infer<typeof KWSAgeVerifiedWebhookSchema>
+
+/**
+ * Parse KWS `age-verified` webhook body and its external payload.
+ */
+export const parseKWSAgeVerifiedWebhook = (
+  raw: string,
+): KWSWebhookAgeVerified => {
+  try {
+    const value: unknown = JSON.parse(raw)
+    return KWSAgeVerifiedWebhookSchema.parse(value)
+  } catch (err) {
+    throw new Error(`Invalid webhook body: ${raw}`, { cause: err })
+  }
+}

package/src/api/age-assurance/kws/const.ts

@@ -0,0 +1,33 @@
+/**
+ * Supported languages for KWS Adult Verification. This list comes from KWS's
+ * Age Verification Developer Guide PDF doc.
+ */
+export const KWS_SUPPORTED_LANGUAGES = new Set([
+  'en',
+  'ar',
+  'zh-Hans',
+  'nl',
+  'tl',
+  'fr',
+  'de',
+  'id',
+  'it',
+  'ja',
+  'ko',
+  'pl',
+  'pt-BR',
+  'pt',
+  'ru',
+  'es',
+  'th',
+  'tr',
+  'vi',
+])
+
+/**
+ * Regions where our "version 2" using the `age-verified` KWS flow is
+ * available. In these regions, we'll use a different KWS flow from the
+ * existing `adult-verified` flow, pass along a different external payload, and
+ * handle webhooks/redirects differently in the appview.
+ */
+export const KWS_V2_COUNTRIES = new Set(['AU'])

package/src/api/age-assurance/kws/external-payload.test.ts

@@ -0,0 +1,72 @@
+import { describe, expect, it } from '@jest/globals'
+import {
+  KWSExternalPayloadVersion,
+  parseKWSExternalPayloadV1WithV2Compat,
+  parseKWSExternalPayloadV2,
+  parseKWSExternalPayloadVersion,
+  serializeKWSExternalPayloadV1,
+  serializeKWSExternalPayloadV2,
+} from './external-payload'
+
+describe('parseKWSExternalPayloadVersion', () => {
+  it('should return V2 for "2"', () => {
+    const result = parseKWSExternalPayloadVersion('2')
+    expect(result).toBe('2')
+  })
+  it('should return V1 for unknown versions', () => {
+    const result = parseKWSExternalPayloadVersion('unknown')
+    expect(result).toBe('1')
+  })
+})
+
+describe('parseKWSExternalPayloadV1WithV2Compat', () => {
+  it('should parse V1 payload correctly', () => {
+    const payload = {
+      attemptId: '123',
+      actorDid: 'did:plc:123',
+    }
+    const serialized = serializeKWSExternalPayloadV1(payload)
+    const result = parseKWSExternalPayloadV1WithV2Compat(serialized)
+    expect(result).toEqual({
+      version: KWSExternalPayloadVersion.V1,
+      ...payload,
+    })
+  })
+  it('should parse V2 payload correctly', () => {
+    const payload = {
+      version: KWSExternalPayloadVersion.V2 as const,
+      attemptId: '123',
+      actorDid: 'did:plc:123',
+      countryCode: 'US',
+    }
+    const serialized = serializeKWSExternalPayloadV2(payload)
+    const result = parseKWSExternalPayloadV1WithV2Compat(serialized)
+    expect(result).toEqual(payload)
+  })
+})
+
+describe('serializeKWSExternalPayloadV2 & parseKWSExternalPayloadV2', () => {
+  const payload = {
+    version: KWSExternalPayloadVersion.V2 as const,
+    attemptId: '123',
+    actorDid: 'did:plc:123',
+    countryCode: 'US',
+    regionCode: 'CA',
+  }
+  it('compresses when serializing', () => {
+    const serialized = serializeKWSExternalPayloadV2(payload)
+    const comparison = JSON.stringify({
+      v: KWSExternalPayloadVersion.V2,
+      id: payload.attemptId,
+      did: payload.actorDid,
+      gc: payload.countryCode,
+      gr: payload.regionCode,
+    })
+    expect(serialized).toEqual(comparison)
+  })
+  it('decompresses when parsing', () => {
+    const serialized = serializeKWSExternalPayloadV2(payload)
+    const deserialized = parseKWSExternalPayloadV2(serialized)
+    expect(deserialized).toEqual(payload)
+  })
+})

package/src/api/age-assurance/kws/external-payload.ts

@@ -0,0 +1,149 @@
+import { z } from 'zod'
+
+export const KWS_EXTERNAL_PAYLOAD_CHAR_LIMIT = 250
+
+/**
+ * Thrown when the provided external payload exceeds KWS's character limit.
+ *
+ * This is most commonly caused by DIDs that are too long, such as for
+ * `did:web` DIDs. But it's very rare, and the client has special handling for
+ * this case.
+ */
+export class KWSExternalPayloadTooLargeError extends Error {}
+
+export enum KWSExternalPayloadVersion {
+  V1 = '1',
+  V2 = '2',
+}
+
+export function parseKWSExternalPayloadVersion(raw: string) {
+  switch (raw) {
+    case KWSExternalPayloadVersion.V2:
+      return KWSExternalPayloadVersion.V2
+    default:
+      return KWSExternalPayloadVersion.V1
+  }
+}
+
+export type KWSExternalPayloadV1 = {
+  actorDid: string
+  attemptId: string
+}
+
+export const KWSExternalPayloadV1Schema = z.object({
+  actorDid: z.string(),
+  attemptId: z.string(),
+})
+
+export function parseKWSExternalPayloadV1(raw: string): KWSExternalPayloadV1 {
+  try {
+    const value: unknown = JSON.parse(raw)
+    return KWSExternalPayloadV1Schema.parse(value)
+  } catch (err) {
+    throw new Error(`Failed to parse KWSExternalPayloadV1`, {
+      cause: err,
+    })
+  }
+}
+
+export function serializeKWSExternalPayloadV1(
+  payload: KWSExternalPayloadV1,
+): string {
+  try {
+    return JSON.stringify(KWSExternalPayloadV1Schema.parse(payload))
+  } catch (err) {
+    throw new Error('Failed to serialize KWSExternalPayloadV1', { cause: err })
+  }
+}
+
+/**
+ * During our migration from v1 to v2 of the KWS external payload, we'll be
+ * sending v2 payloads on the v1 flow (the `adult-verified` email flow). We use
+ * this utility to parse either v1 or v2 payloads in that flow.
+ *
+ * Check for the `version` field on the output of this method to discriminate
+ * between the two types and handle them differently.
+ */
+export function parseKWSExternalPayloadV1WithV2Compat(
+  raw: string,
+):
+  | (KWSExternalPayloadV1 & { version: KWSExternalPayloadVersion.V1 })
+  | KWSExternalPayloadV2 {
+  const deserialized = JSON.parse(raw)
+  const v2 = deserialized.v === KWSExternalPayloadVersion.V2
+
+  if (v2) {
+    return parseKWSExternalPayloadV2(raw)
+  } else {
+    return {
+      ...parseKWSExternalPayloadV1(raw),
+      version: KWSExternalPayloadVersion.V1,
+    }
+  }
+}
+
+/***************************
+ * KWS External Payload V2 *
+ ***************************/
+
+export type KWSExternalPayloadV2 = {
+  version: KWSExternalPayloadVersion.V2
+  attemptId: string
+  actorDid: string
+  countryCode: string
+  regionCode?: string
+}
+
+export const KWSExternalPayloadV2Schema = z.object({
+  v: z.string(),
+  id: z.string(),
+  did: z.string(),
+  gc: z.string().length(2),
+  gr: z.string().optional(),
+})
+
+export function serializeKWSExternalPayloadV2(
+  payload: KWSExternalPayloadV2,
+): string {
+  let compressed: z.infer<typeof KWSExternalPayloadV2Schema>
+  try {
+    compressed = KWSExternalPayloadV2Schema.parse({
+      v: KWSExternalPayloadVersion.V2, // version
+      id: payload.attemptId,
+      did: payload.actorDid,
+      gc: payload.countryCode, // geolocation country
+      gr: payload.regionCode, // geolocation region
+    })
+  } catch (err) {
+    throw new Error('Failed to serialize KWSExternalPayloadV2', { cause: err })
+  }
+
+  const serialized = JSON.stringify(compressed)
+
+  if (serialized.length > KWS_EXTERNAL_PAYLOAD_CHAR_LIMIT) {
+    throw new KWSExternalPayloadTooLargeError(
+      `Serialized external payload size ${serialized.length} exceeds limit of ${KWS_EXTERNAL_PAYLOAD_CHAR_LIMIT}`,
+    )
+  }
+
+  return serialized
+}
+
+export function parseKWSExternalPayloadV2(raw: string): KWSExternalPayloadV2 {
+  try {
+    const deserialized = JSON.parse(raw)
+    const parsed = KWSExternalPayloadV2Schema.parse(deserialized)
+
+    return {
+      version: KWSExternalPayloadVersion.V2,
+      attemptId: parsed.id,
+      actorDid: parsed.did,
+      countryCode: parsed.gc,
+      regionCode: parsed.gr,
+    }
+  } catch (err) {
+    throw new Error(`Failed to parse KWSExternalPayloadV2`, {
+      cause: err,
+    })
+  }
+}